Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ZtnN5sSpDk.exe

Overview

General Information

Sample name:ZtnN5sSpDk.exe
renamed because original name is a hash value
Original sample name:5be6145c6351bc7f52ea7ebdf01cbc8f.exe
Analysis ID:1568321
MD5:5be6145c6351bc7f52ea7ebdf01cbc8f
SHA1:628c39659193e1026864295db18b1049bc904c76
SHA256:5faffbfc993cbdaeb7b5e8f5f95f5510c340667ed5daff4b6f88d1ade8915208
Tags:exeuser-abuse_ch
Infos:

Detection

RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected RHADAMANTHYS Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops large PE files
Injects a PE file into a foreign processes
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
One or more processes crash
PE file contains an invalid checksum
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic

Classification

  • System is w10x64
  • ZtnN5sSpDk.exe (PID: 1444 cmdline: "C:\Users\user\Desktop\ZtnN5sSpDk.exe" MD5: 5BE6145C6351BC7F52EA7EBDF01CBC8F)
    • ZtnN5sSpDk.exe (PID: 6072 cmdline: "C:\Users\user\Desktop\ZtnN5sSpDk.exe" MD5: 5BE6145C6351BC7F52EA7EBDF01CBC8F)
      • svchost.exe (PID: 2324 cmdline: "C:\Windows\System32\svchost.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
        • fontdrvhost.exe (PID: 1924 cmdline: "C:\Windows\System32\fontdrvhost.exe" MD5: BBCB897697B3442657C7D6E3EDDBD25F)
          • WerFault.exe (PID: 4904 cmdline: C:\Windows\system32\WerFault.exe -u -p 1924 -s 4 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
      • WerFault.exe (PID: 5536 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 408 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
RhadamanthysAccording to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search user.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys
{"C2 url": "https://104.37.175.232:7716/a77586b5414f862b919/kx9tkus2.hquvs"}
SourceRuleDescriptionAuthorStrings
00000003.00000003.2303401516.0000000000970000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
    00000004.00000003.2307024843.0000000002B00000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
      00000003.00000003.2305879583.0000000002F30000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
        00000003.00000003.2306139848.0000000003150000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
          00000004.00000003.2312327470.0000000004C50000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
            Click to see the 5 entries
            SourceRuleDescriptionAuthorStrings
            3.3.ZtnN5sSpDk.exe.3150000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
              4.3.svchost.exe.4c50000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                3.3.ZtnN5sSpDk.exe.2f30000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  4.3.svchost.exe.4a30000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                    4.3.svchost.exe.4a30000.6.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                      Click to see the 1 entries

                      System Summary

                      barindex
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\ZtnN5sSpDk.exe, ProcessId: 1444, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DiskTuner
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\ZtnN5sSpDk.exe", ParentImage: C:\Users\user\Desktop\ZtnN5sSpDk.exe, ParentProcessId: 6072, ParentProcessName: ZtnN5sSpDk.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 2324, ProcessName: svchost.exe
                      Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\ZtnN5sSpDk.exe", ParentImage: C:\Users\user\Desktop\ZtnN5sSpDk.exe, ParentProcessId: 6072, ParentProcessName: ZtnN5sSpDk.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 2324, ProcessName: svchost.exe
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-04T14:47:59.108471+010028548021Domain Observed Used for C2 Detected104.37.175.2327716192.168.2.649737TCP

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Source: 0.2.ZtnN5sSpDk.exe.400000.0.unpackMalware Configuration Extractor: Rhadamanthys {"C2 url": "https://104.37.175.232:7716/a77586b5414f862b919/kx9tkus2.hquvs"}
                      Source: ZtnN5sSpDk.exeReversingLabs: Detection: 23%
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Source: ZtnN5sSpDk.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: Binary string: wkernel32.pdb source: ZtnN5sSpDk.exe, 00000003.00000003.2305619412.0000000003050000.00000004.00000001.00020000.00000000.sdmp, ZtnN5sSpDk.exe, 00000003.00000003.2305541267.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2311820936.0000000004B50000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2311683355.0000000004A30000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdb source: ZtnN5sSpDk.exe, 00000003.00000003.2305879583.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, ZtnN5sSpDk.exe, 00000003.00000003.2306139848.0000000003150000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2312063827.0000000004A30000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2312327470.0000000004C50000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: ZtnN5sSpDk.exe, 00000003.00000003.2304679961.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, ZtnN5sSpDk.exe, 00000003.00000003.2304881758.0000000003120000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2308843886.0000000004C20000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2308189879.0000000004A30000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: ZtnN5sSpDk.exe, 00000003.00000003.2305340754.00000000030D0000.00000004.00000001.00020000.00000000.sdmp, ZtnN5sSpDk.exe, 00000003.00000003.2305166165.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2310303291.0000000004BD0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2309344477.0000000004A30000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdbUGP source: ZtnN5sSpDk.exe, 00000003.00000003.2304679961.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, ZtnN5sSpDk.exe, 00000003.00000003.2304881758.0000000003120000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2308843886.0000000004C20000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2308189879.0000000004A30000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: ZtnN5sSpDk.exe, 00000003.00000003.2305340754.00000000030D0000.00000004.00000001.00020000.00000000.sdmp, ZtnN5sSpDk.exe, 00000003.00000003.2305166165.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2310303291.0000000004BD0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2309344477.0000000004A30000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernel32.pdbUGP source: ZtnN5sSpDk.exe, 00000003.00000003.2305619412.0000000003050000.00000004.00000001.00020000.00000000.sdmp, ZtnN5sSpDk.exe, 00000003.00000003.2305541267.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2311820936.0000000004B50000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2311683355.0000000004A30000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdbUGP source: ZtnN5sSpDk.exe, 00000003.00000003.2305879583.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, ZtnN5sSpDk.exe, 00000003.00000003.2306139848.0000000003150000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2312063827.0000000004A30000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2312327470.0000000004C50000.00000004.00000001.00020000.00000000.sdmp
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 4x nop then dec esp9_2_0000023C804D0511

                      Networking

                      barindex
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 104.37.175.232:7716 -> 192.168.2.6:49737
                      Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 104.37.175.232 7716Jump to behavior
                      Source: Malware configuration extractorURLs: https://104.37.175.232:7716/a77586b5414f862b919/kx9tkus2.hquvs
                      Source: global trafficTCP traffic: 192.168.2.6:49737 -> 104.37.175.232:7716
                      Source: Joe Sandbox ViewIP Address: 104.37.175.232 104.37.175.232
                      Source: Joe Sandbox ViewASN Name: MAJESTIC-HOSTING-01US MAJESTIC-HOSTING-01US
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: ZtnN5sSpDk.exe, DiskTuner.exe.0.drString found in binary or memory: http://%shttp://a.SharedObject.BadPersistencependingSharedObject.UriMismatch
                      Source: ZtnN5sSpDk.exe, DiskTuner.exe.0.drString found in binary or memory: http://.macromedia.com/support/flashplayer/sys/https://SettingsSubdomainmms.cfgdefaultAuthorLocalSec
                      Source: ZtnN5sSpDk.exe, DiskTuner.exe.0.drString found in binary or memory: http://www.macromedia.com
                      Source: ZtnN5sSpDk.exe, DiskTuner.exe.0.drString found in binary or memory: http://www.macromedia.comhttps://www.macromedia.com/support/flashplayer/sys/&amp
                      Source: svchost.exe, 00000004.00000002.2402195281.000000000290C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2401848495.000000000047C000.00000004.00000010.00020000.00000000.sdmp, fontdrvhost.exe, fontdrvhost.exe, 00000009.00000002.2501204944.0000023C804D0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://104.37.175.232:7716/a77586b5414f862b919/kx9tkus2.hquvs
                      Source: svchost.exe, 00000004.00000002.2402195281.000000000290C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000009.00000002.2501204944.0000023C804D0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://104.37.175.232:7716/a77586b5414f862b919/kx9tkus2.hquvskernelbasentdllkernel32GetProcessMitig
                      Source: svchost.exe, 00000004.00000002.2401848495.000000000047C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://104.37.175.232:7716/a77586b5414f862b919/kx9tkus2.hquvsx
                      Source: svchost.exe, 00000004.00000003.2331493427.00000000029A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-query
                      Source: svchost.exe, 00000004.00000003.2331493427.00000000029A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachi
                      Source: ZtnN5sSpDk.exe, DiskTuner.exe.0.drString found in binary or memory: https://www.macromedia.com/bin/flashdownload.cgi
                      Source: ZtnN5sSpDk.exe, DiskTuner.exe.0.drString found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 0_2_004D9AB0 GlobalAlloc,GlobalLock,GlobalUnlock,WideCharToMultiByte,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,0_2_004D9AB0
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 0_2_004D9AB0 GlobalAlloc,GlobalLock,GlobalUnlock,WideCharToMultiByte,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,0_2_004D9AB0
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_2_004D9AB0 GlobalAlloc,GlobalLock,GlobalUnlock,WideCharToMultiByte,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,3_2_004D9AB0
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 0_2_004D9C20 OpenClipboard,GetClipboardData,GetClipboardData,GetClipboardData,GetClipboardData,CloseClipboard,0_2_004D9C20
                      Source: ZtnN5sSpDk.exe, 00000003.00000003.2305879583.0000000002F30000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_31c4e02c-c
                      Source: ZtnN5sSpDk.exe, 00000003.00000003.2305879583.0000000002F30000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_9b2d590e-a
                      Source: Yara matchFile source: 3.3.ZtnN5sSpDk.exe.3150000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.svchost.exe.4c50000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.ZtnN5sSpDk.exe.2f30000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.svchost.exe.4a30000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.svchost.exe.4a30000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.svchost.exe.4a30000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000003.00000003.2305879583.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.2306139848.0000000003150000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.2312327470.0000000004C50000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.2312063827.0000000004A30000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: ZtnN5sSpDk.exe PID: 6072, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 2324, type: MEMORYSTR

                      System Summary

                      barindex
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeFile dump: DiskTuner.exe.0.dr 979567349Jump to dropped file
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 9_2_0000023C804D0AC8 NtAcceptConnectPort,NtAcceptConnectPort,9_2_0000023C804D0AC8
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 9_2_0000023C804D15C0 NtAcceptConnectPort,9_2_0000023C804D15C0
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 9_2_0000023C804D1AA4 NtAcceptConnectPort,NtAcceptConnectPort,9_2_0000023C804D1AA4
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 9_2_0000023C804D1CF4 NtAcceptConnectPort,CloseHandle,9_2_0000023C804D1CF4
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 0_2_0040A0200_2_0040A020
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 0_2_0042D3000_2_0042D300
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 0_2_0043C3C00_2_0043C3C0
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 0_2_0042D39B0_2_0042D39B
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 0_2_0042D4F90_2_0042D4F9
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 0_2_0041B4B00_2_0041B4B0
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 0_2_004206700_2_00420670
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 0_2_004166210_2_00416621
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 0_2_0045E8700_2_0045E870
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 0_2_0047DA000_2_0047DA00
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 0_2_0040ACD00_2_0040ACD0
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 0_2_00429E100_2_00429E10
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 0_2_00464EE00_2_00464EE0
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_3_007D81D23_3_007D81D2
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_3_007CC2313_3_007CC231
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_3_007CC4003_3_007CC400
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_2_0040A0203_2_0040A020
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_2_0042D3003_2_0042D300
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_2_0042D39B3_2_0042D39B
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_2_004033A13_2_004033A1
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_2_0042D4F93_2_0042D4F9
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_2_0041B4B03_2_0041B4B0
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_2_004206703_2_00420670
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_2_004166213_2_00416621
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_2_0045E8703_2_0045E870
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_2_0047DA003_2_0047DA00
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_2_0040ACD03_2_0040ACD0
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_2_00429E103_2_00429E10
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_2_00464EE03_2_00464EE0
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 9_2_0000023C804D0C709_2_0000023C804D0C70
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: String function: 00435140 appears 66 times
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: String function: 007CCD90 appears 33 times
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: String function: 004C9120 appears 58 times
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: String function: 00435350 appears 68 times
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 408
                      Source: ZtnN5sSpDk.exeBinary or memory string: OriginalFilename vs ZtnN5sSpDk.exe
                      Source: ZtnN5sSpDk.exe, 00000000.00000002.2345679569.0000000000CE9000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs ZtnN5sSpDk.exe
                      Source: ZtnN5sSpDk.exe, 00000000.00000002.2345852979.00000000026C2000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs ZtnN5sSpDk.exe
                      Source: ZtnN5sSpDk.exe, 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs ZtnN5sSpDk.exe
                      Source: ZtnN5sSpDk.exe, 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs ZtnN5sSpDk.exe
                      Source: ZtnN5sSpDk.exe, 00000000.00000000.2117819365.0000000000628000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs ZtnN5sSpDk.exe
                      Source: ZtnN5sSpDk.exe, 00000003.00000000.2292836505.0000000000628000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs ZtnN5sSpDk.exe
                      Source: ZtnN5sSpDk.exe, 00000003.00000003.2305619412.0000000003050000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs ZtnN5sSpDk.exe
                      Source: ZtnN5sSpDk.exe, 00000003.00000003.2305340754.00000000031FD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs ZtnN5sSpDk.exe
                      Source: ZtnN5sSpDk.exe, 00000003.00000003.2305541267.0000000002FC2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs ZtnN5sSpDk.exe
                      Source: ZtnN5sSpDk.exe, 00000003.00000003.2306942713.00000000007E9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs ZtnN5sSpDk.exe
                      Source: ZtnN5sSpDk.exe, 00000003.00000003.2305879583.0000000002F30000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKernelbase.dllj% vs ZtnN5sSpDk.exe
                      Source: ZtnN5sSpDk.exe, 00000003.00000003.2304881758.00000000032A6000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs ZtnN5sSpDk.exe
                      Source: ZtnN5sSpDk.exe, 00000003.00000003.2306139848.0000000003331000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKernelbase.dllj% vs ZtnN5sSpDk.exe
                      Source: ZtnN5sSpDk.exe, 00000003.00000003.2304679961.00000000030A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs ZtnN5sSpDk.exe
                      Source: ZtnN5sSpDk.exe, 00000003.00000003.2305541267.0000000002F30000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs ZtnN5sSpDk.exe
                      Source: ZtnN5sSpDk.exe, 00000003.00000003.2305619412.00000000030A0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs ZtnN5sSpDk.exe
                      Source: ZtnN5sSpDk.exe, 00000003.00000003.2305166165.0000000003053000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs ZtnN5sSpDk.exe
                      Source: ZtnN5sSpDk.exe, 00000003.00000003.2303669031.00000000007E9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs ZtnN5sSpDk.exe
                      Source: ZtnN5sSpDk.exeBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs ZtnN5sSpDk.exe
                      Source: ZtnN5sSpDk.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: ZtnN5sSpDk.exe, 00000000.00000002.2345679569.0000000000CE9000.00000040.00001000.00020000.00000000.sdmp, ZtnN5sSpDk.exe, 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmp, ZtnN5sSpDk.exe, 00000003.00000003.2306942713.00000000007E9000.00000040.00000400.00020000.00000000.sdmp, ZtnN5sSpDk.exe, 00000003.00000003.2303669031.00000000007E9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: .a_po^ ojYd.o B U.R G v.Q_F& ZNH K.9.sV`OQ qOq_A( N5.j P.X z.k.Yf_HL.P.L`.C Ue_q_B_t.h{_yr\=A f.3_q_Fvb_H_bm W.UP#.by_iY.Yw I.Y_G p.3c g.Zy S v.U.N C_m Z_i.H_j B l_DH_Pd.iz_O.f~ U z_Mv_d7 T Mz.f.594/}_m kS.v.D u.rZu.S G.N_x.V J.Q.G FO^.X<.6_fv.V ny.L,_E.2.m I_l.b$ Mx sZ.K! p.Y.U.V:U.89 R_H F3.d_R A UQ.C_y y Y Jb.Q_S.N.s< l_Ab~[_w9zV?!C9.N_HQ)*_n R.tP Ww_u aU;.V EPk Xr.Q0.y.A!]_b!7 g.R_pF.E_b o.o.q.o_E.T_rdfw.c}_ck.4.Y_w:_P.B(#`_xy_i.3_Y.A_N.q.6.YE_S_T.R H n.R_d_F.V.s_R68).I aL q.H b.W.Q!.r b_w c c$_va.X_v.tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_C_Q.e J q7E V P.LP_Q.kTN_c.F.D gc.hT_s_Q1
                      Source: ZtnN5sSpDk.exe, ZtnN5sSpDk.exe, 00000000.00000002.2345679569.0000000000CE9000.00000040.00001000.00020000.00000000.sdmp, ZtnN5sSpDk.exe, 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmp, ZtnN5sSpDk.exe, 00000003.00000003.2306942713.00000000007E9000.00000040.00000400.00020000.00000000.sdmp, ZtnN5sSpDk.exe, 00000003.00000003.2303669031.00000000007E9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: .tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_
                      Source: classification engineClassification label: mal100.troj.evad.winEXE@9/6@0/1
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 0_2_004F9340 CoCreateInstance,0_2_004F9340
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeFile created: C:\Users\user\Videos\DiskTunerJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-ffd7752d-e385-64b862-3d1bcacf5aca}
                      Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1924
                      Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\7a74b3e9-fc31-46c5-902e-f88f2e760233Jump to behavior
                      Source: ZtnN5sSpDk.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: ZtnN5sSpDk.exeReversingLabs: Detection: 23%
                      Source: ZtnN5sSpDk.exeString found in binary or memory: ms-help:
                      Source: ZtnN5sSpDk.exeString found in binary or memory: B_flashuseCodepageStandAloneWIN 8,0,22,0A=%b&SA=%b&SV=%b&EV=%b&MP3=%b&AE=%b&VE=%b&ACC=%b&PR=%b&SP=%b&SB=%b&DEB=%b&V=%s%s&PT=%s&AVD=%b&LFD=%b&WD=%b%20http://%s/scriptms-help:mk:ms-itss:ms-its:its:vshelp:local:shell:
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeFile read: C:\Users\user\Desktop\ZtnN5sSpDk.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\ZtnN5sSpDk.exe "C:\Users\user\Desktop\ZtnN5sSpDk.exe"
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeProcess created: C:\Users\user\Desktop\ZtnN5sSpDk.exe "C:\Users\user\Desktop\ZtnN5sSpDk.exe"
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 408
                      Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Windows\System32\fontdrvhost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1924 -s 4
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeProcess created: C:\Users\user\Desktop\ZtnN5sSpDk.exe "C:\Users\user\Desktop\ZtnN5sSpDk.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeSection loaded: wsock32.dllJump to behavior
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeSection loaded: k7rn7l32.dllJump to behavior
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeSection loaded: ntd3ll.dllJump to behavior
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: powrprof.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: umpdc.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
                      Source: ZtnN5sSpDk.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                      Source: ZtnN5sSpDk.exeStatic file information: File size 2981888 > 1048576
                      Source: ZtnN5sSpDk.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x13c000
                      Source: ZtnN5sSpDk.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x175000
                      Source: Binary string: wkernel32.pdb source: ZtnN5sSpDk.exe, 00000003.00000003.2305619412.0000000003050000.00000004.00000001.00020000.00000000.sdmp, ZtnN5sSpDk.exe, 00000003.00000003.2305541267.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2311820936.0000000004B50000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2311683355.0000000004A30000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdb source: ZtnN5sSpDk.exe, 00000003.00000003.2305879583.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, ZtnN5sSpDk.exe, 00000003.00000003.2306139848.0000000003150000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2312063827.0000000004A30000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2312327470.0000000004C50000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: ZtnN5sSpDk.exe, 00000003.00000003.2304679961.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, ZtnN5sSpDk.exe, 00000003.00000003.2304881758.0000000003120000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2308843886.0000000004C20000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2308189879.0000000004A30000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: ZtnN5sSpDk.exe, 00000003.00000003.2305340754.00000000030D0000.00000004.00000001.00020000.00000000.sdmp, ZtnN5sSpDk.exe, 00000003.00000003.2305166165.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2310303291.0000000004BD0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2309344477.0000000004A30000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdbUGP source: ZtnN5sSpDk.exe, 00000003.00000003.2304679961.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, ZtnN5sSpDk.exe, 00000003.00000003.2304881758.0000000003120000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2308843886.0000000004C20000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2308189879.0000000004A30000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: ZtnN5sSpDk.exe, 00000003.00000003.2305340754.00000000030D0000.00000004.00000001.00020000.00000000.sdmp, ZtnN5sSpDk.exe, 00000003.00000003.2305166165.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2310303291.0000000004BD0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2309344477.0000000004A30000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernel32.pdbUGP source: ZtnN5sSpDk.exe, 00000003.00000003.2305619412.0000000003050000.00000004.00000001.00020000.00000000.sdmp, ZtnN5sSpDk.exe, 00000003.00000003.2305541267.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2311820936.0000000004B50000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2311683355.0000000004A30000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdbUGP source: ZtnN5sSpDk.exe, 00000003.00000003.2305879583.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, ZtnN5sSpDk.exe, 00000003.00000003.2306139848.0000000003150000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2312063827.0000000004A30000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2312327470.0000000004C50000.00000004.00000001.00020000.00000000.sdmp
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 0_2_004D7960 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004D7960
                      Source: ZtnN5sSpDk.exeStatic PE information: real checksum: 0x241059 should be: 0x2e0777
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 0_2_004CA770 push eax; ret 0_2_004CA784
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 0_2_004CA770 push eax; ret 0_2_004CA7AC
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_3_007DB86D push ebx; ret 3_3_007DB864
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_3_007DA840 push ebp; retf 3_3_007DA841
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_3_007DE83C pushad ; ret 3_3_007DE841
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_3_007DE80E push eax; iretd 3_3_007DE81D
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_3_007DA0F9 push FFFFFF82h; iretd 3_3_007DA0FB
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_3_007DD8A0 push 0000002Eh; iretd 3_3_007DD8A2
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_3_007D8904 push ecx; ret 3_3_007D8917
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_3_007DB1DD push eax; ret 3_3_007DB1DF
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_3_007DE586 pushad ; retf 3_3_007DE599
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_3_007D9F6A push eax; ret 3_3_007D9F75
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_3_007DB70B push ebx; ret 3_3_007DB864
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_2_004381E0 push ecx; retf 3_2_004382AC
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_2_004381A0 push ecx; retf 3_2_004382AC
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_2_004CA770 push eax; ret 3_2_004CA784
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_2_004CA770 push eax; ret 3_2_004CA7AC
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_2_00434C60 push edi; retf 3_2_00434D5F
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_2_00434CF0 push edi; retf 3_2_00434D5F
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_2_00434C90 push edi; retf 3_2_00434D5F
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_2_00434CB0 push edi; retf 3_2_00434D5F
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_2_00447D60 push ecx; retf 3_2_00447E0D
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_2_00436DB0 push ecx; retf 3_2_00436EEF
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_004B225D push eax; ret 4_3_004B225F
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_004B5606 pushad ; retf 4_3_004B5619
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_004B6012 push 00000038h; iretd 4_3_004B601D
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_004B18C0 push ebp; retf 4_3_004B18C1
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_004B28ED push ebx; ret 4_3_004B28E4
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_004B588E push eax; iretd 4_3_004B589D
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_004B58BC pushad ; ret 4_3_004B58C1
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_004B1179 push FFFFFF82h; iretd 4_3_004B117B
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeFile created: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exeJump to dropped file
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DiskTunerJump to behavior
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DiskTunerJump to behavior

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (31).png
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 0_2_004D7960 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004D7960
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeAPI/Special instruction interceptor: Address: 7FFDB442D044
                      Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFDB442D044
                      Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 4D8B83A
                      Source: ZtnN5sSpDk.exe, 00000000.00000002.2345679569.0000000000CE9000.00000040.00001000.00020000.00000000.sdmp, ZtnN5sSpDk.exe, 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmp, ZtnN5sSpDk.exe, 00000003.00000003.2306942713.00000000007E9000.00000040.00000400.00020000.00000000.sdmp, ZtnN5sSpDk.exe, 00000003.00000003.2303669031.00000000007E9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: ORIGINALFILENAMECFF EXPLORER.EXE:
                      Source: ZtnN5sSpDk.exeBinary or memory string: CFF EXPLORER.EXE
                      Source: ZtnN5sSpDk.exe, 00000000.00000002.2345679569.0000000000CE9000.00000040.00001000.00020000.00000000.sdmp, ZtnN5sSpDk.exe, 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmp, ZtnN5sSpDk.exe, 00000003.00000003.2306942713.00000000007E9000.00000040.00000400.00020000.00000000.sdmp, ZtnN5sSpDk.exe, 00000003.00000003.2303669031.00000000007E9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: INTERNALNAMECFF EXPLORER.EXE
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeDropped PE file which has not been started: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exeJump to dropped file
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeAPI coverage: 0.4 %
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: svchost.exe, 00000004.00000002.2402062305.0000000002812000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-USen-GBn
                      Source: svchost.exe, 00000004.00000003.2312327470.0000000004C50000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                      Source: svchost.exe, 00000004.00000002.2402029037.0000000002800000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: svchost.exe, 00000004.00000002.2402098003.0000000002854000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
                      Source: svchost.exe, 00000004.00000003.2312327470.0000000004C50000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_3_007D9098 VirtualAlloc,LdrInitializeThunk,VirtualFree,3_3_007D9098
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 0_2_004D7960 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004D7960
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_3_007D9277 mov eax, dword ptr fs:[00000030h]3_3_007D9277
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_004B0283 mov eax, dword ptr fs:[00000030h]4_3_004B0283
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 0_2_0052B440 GetProcessHeap,HeapAlloc,0_2_0052B440
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeProcess created: C:\Users\user\Desktop\ZtnN5sSpDk.exe "C:\Users\user\Desktop\ZtnN5sSpDk.exe"Jump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 104.37.175.232 7716Jump to behavior
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeMemory written: C:\Users\user\Desktop\ZtnN5sSpDk.exe base: 7A0000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 3_3_007CCDD5 cpuid 3_3_007CCDD5
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: GetCurrentThreadId,GetKeyboardLayout,GetLocaleInfoA,0_2_004C9670
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: GetCurrentThreadId,GetKeyboardLayout,GetLocaleInfoA,3_2_004C9670
                      Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 0_2_004CE5B0 GetSystemTime,GetTimeZoneInformation,0_2_004CE5B0
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 0_2_004CE5B0 GetSystemTime,GetTimeZoneInformation,0_2_004CE5B0
                      Source: C:\Users\user\Desktop\ZtnN5sSpDk.exeCode function: 0_2_004CB0E0 GetVersionExA,0_2_004CB0E0
                      Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Source: Yara matchFile source: 00000003.00000003.2303401516.0000000000970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.2307024843.0000000002B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2312794430.0000000000C40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2402466698.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                      Remote Access Functionality

                      barindex
                      Source: Yara matchFile source: 00000003.00000003.2303401516.0000000000970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.2307024843.0000000002B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2312794430.0000000000C40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2402466698.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
                      Windows Management Instrumentation
                      1
                      Registry Run Keys / Startup Folder
                      211
                      Process Injection
                      11
                      Masquerading
                      21
                      Input Capture
                      2
                      System Time Discovery
                      Remote Services21
                      Input Capture
                      1
                      Encrypted Channel
                      Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts2
                      Command and Scripting Interpreter
                      1
                      DLL Side-Loading
                      1
                      Registry Run Keys / Startup Folder
                      1
                      Virtualization/Sandbox Evasion
                      LSASS Memory221
                      Security Software Discovery
                      Remote Desktop Protocol1
                      Archive Collected Data
                      1
                      Non-Standard Port
                      Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts1
                      Native API
                      Logon Script (Windows)1
                      DLL Side-Loading
                      1
                      Disable or Modify Tools
                      Security Account Manager1
                      Virtualization/Sandbox Evasion
                      SMB/Windows Admin Shares3
                      Clipboard Data
                      1
                      Application Layer Protocol
                      Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook211
                      Process Injection
                      NTDS1
                      Process Discovery
                      Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      Deobfuscate/Decode Files or Information
                      LSA Secrets135
                      System Information Discovery
                      SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
                      Obfuscated Files or Information
                      Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                      DLL Side-Loading
                      DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand
                      SourceDetectionScannerLabelLink
                      ZtnN5sSpDk.exe24%ReversingLabs
                      No Antivirus matches
                      No Antivirus matches
                      No Antivirus matches
                      SourceDetectionScannerLabelLink
                      https://104.37.175.232:7716/a77586b5414f862b919/kx9tkus2.hquvskernelbasentdllkernel32GetProcessMitig0%Avira URL Cloudsafe
                      http://%shttp://a.SharedObject.BadPersistencependingSharedObject.UriMismatch0%Avira URL Cloudsafe
                      https://104.37.175.232:7716/a77586b5414f862b919/kx9tkus2.hquvsx0%Avira URL Cloudsafe
                      http://.macromedia.com/support/flashplayer/sys/https://SettingsSubdomainmms.cfgdefaultAuthorLocalSec0%Avira URL Cloudsafe
                      https://104.37.175.232:7716/a77586b5414f862b919/kx9tkus2.hquvs0%Avira URL Cloudsafe
                      No contacted domains info
                      NameMaliciousAntivirus DetectionReputation
                      https://104.37.175.232:7716/a77586b5414f862b919/kx9tkus2.hquvstrue
                      • Avira URL Cloud: safe
                      unknown
                      NameSourceMaliciousAntivirus DetectionReputation
                      https://cloudflare-dns.com/dns-querysvchost.exe, 00000004.00000003.2331493427.00000000029A0000.00000004.00000020.00020000.00000000.sdmpfalse
                        high
                        http://www.macromedia.comZtnN5sSpDk.exe, DiskTuner.exe.0.drfalse
                          high
                          https://104.37.175.232:7716/a77586b5414f862b919/kx9tkus2.hquvskernelbasentdllkernel32GetProcessMitigsvchost.exe, 00000004.00000002.2402195281.000000000290C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000009.00000002.2501204944.0000023C804D0000.00000040.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachisvchost.exe, 00000004.00000003.2331493427.00000000029A0000.00000004.00000020.00020000.00000000.sdmpfalse
                            high
                            http://%shttp://a.SharedObject.BadPersistencependingSharedObject.UriMismatchZtnN5sSpDk.exe, DiskTuner.exe.0.drfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://.macromedia.com/support/flashplayer/sys/https://SettingsSubdomainmms.cfgdefaultAuthorLocalSecZtnN5sSpDk.exe, DiskTuner.exe.0.drfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://www.macromedia.comhttps://www.macromedia.com/support/flashplayer/sys/&ampZtnN5sSpDk.exe, DiskTuner.exe.0.drfalse
                              high
                              https://104.37.175.232:7716/a77586b5414f862b919/kx9tkus2.hquvsxsvchost.exe, 00000004.00000002.2401848495.000000000047C000.00000004.00000010.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://www.macromedia.com/bin/flashdownload.cgiZtnN5sSpDk.exe, DiskTuner.exe.0.drfalse
                                high
                                https://www.macromedia.com/support/flashplayer/sys/ZtnN5sSpDk.exe, DiskTuner.exe.0.drfalse
                                  high
                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs
                                  IPDomainCountryFlagASNASN NameMalicious
                                  104.37.175.232
                                  unknownUnited States
                                  396073MAJESTIC-HOSTING-01UStrue
                                  Joe Sandbox version:41.0.0 Charoite
                                  Analysis ID:1568321
                                  Start date and time:2024-12-04 14:46:45 +01:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 8m 7s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:13
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Sample name:ZtnN5sSpDk.exe
                                  renamed because original name is a hash value
                                  Original Sample Name:5be6145c6351bc7f52ea7ebdf01cbc8f.exe
                                  Detection:MAL
                                  Classification:mal100.troj.evad.winEXE@9/6@0/1
                                  EGA Information:
                                  • Successful, ratio: 50%
                                  HCA Information:Failed
                                  Cookbook Comments:
                                  • Found application associated with file extension: .exe
                                  • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                  • Excluded IPs from analysis (whitelisted): 20.189.173.20
                                  • Excluded domains from analysis (whitelisted): client.wns.windows.com, otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                  • Execution Graph export aborted for target ZtnN5sSpDk.exe, PID 6072 because there are no executed function
                                  • Execution Graph export aborted for target svchost.exe, PID 2324 because there are no executed function
                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                  • VT rate limit hit for: ZtnN5sSpDk.exe
                                  TimeTypeDescription
                                  08:48:13API Interceptor1x Sleep call for process: WerFault.exe modified
                                  14:47:59AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run DiskTuner C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe
                                  14:48:08AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run DiskTuner C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe
                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  104.37.175.232Readme.lnk.download.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                    098aPtSbmd.batGet hashmaliciousRHADAMANTHYSBrowse
                                      loader.ps1.batGet hashmaliciousRHADAMANTHYSBrowse
                                        readme.exeGet hashmaliciousRHADAMANTHYSBrowse
                                          Documenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                            No context
                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            MAJESTIC-HOSTING-01USReadme.lnk.download.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                            • 104.37.175.232
                                            098aPtSbmd.batGet hashmaliciousRHADAMANTHYSBrowse
                                            • 104.37.175.232
                                            loader.ps1.batGet hashmaliciousRHADAMANTHYSBrowse
                                            • 104.37.175.232
                                            readme.exeGet hashmaliciousRHADAMANTHYSBrowse
                                            • 104.37.175.232
                                            Documenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                            • 104.37.175.232
                                            loligang.ppc.elfGet hashmaliciousMiraiBrowse
                                            • 191.96.140.127
                                            file.exeGet hashmaliciousDarkTortilla, RHADAMANTHYSBrowse
                                            • 104.37.175.218
                                            file.exeGet hashmaliciousRHADAMANTHYSBrowse
                                            • 104.37.175.218
                                            doc_1000050408072024.jsGet hashmaliciousRemcosBrowse
                                            • 191.101.130.5
                                            SLIM00260423 LIM-AMS-BOM.jsGet hashmaliciousRemcosBrowse
                                            • 191.101.130.5
                                            No context
                                            No context
                                            Process:C:\Windows\System32\WerFault.exe
                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):65536
                                            Entropy (8bit):0.6601369713722289
                                            Encrypted:false
                                            SSDEEP:96:bKFT5g3eWqigKJTs3Wrk41yHpHS2QXIDcQkc6tcEycw3ZUtzJzQ+HbHgrZ2ZAX/N:GnwxHnTxR0apYKjqzuiFeZ24lO8JO
                                            MD5:6FA72044C0CD9CABA06779191B66BFB9
                                            SHA1:92106C3F6268477E067CD311C68FA50378469927
                                            SHA-256:51C0B8AA60D85A30B85A0C5CBDCBF9271AEF1AC20F05A86CA2FC3211FFCB1176
                                            SHA-512:2911E6A7A7D6557DFF4460FBD32299834EFBE05D40D93348664EA3A683A6079E6A66AE972C644B44BAF5AF844D3DDC91C804D59FF86F1809778CD29D2B165C30
                                            Malicious:false
                                            Reputation:low
                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.7.7.9.3.6.8.6.9.0.2.0.1.3.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.7.7.9.3.6.8.8.0.5.8.2.4.6.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.0.1.c.a.b.8.8.-.1.3.4.d.-.4.d.2.f.-.a.9.8.5.-.3.0.7.8.4.f.c.c.a.1.8.4.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.3.c.4.f.5.a.c.-.d.f.1.a.-.4.a.2.7.-.8.3.f.a.-.0.4.6.c.7.5.2.b.8.8.1.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.7.8.4.-.0.0.0.1.-.0.0.1.5.-.d.b.4.1.-.d.a.2.3.5.3.4.6.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.5.e.f.b.3.f.9.7.3.4.2.b.a.1.9.5.4.2.4.1.3.4.f.2.8.f.9.7.7.d.a.9.e.0.d.6.a.a.9.1.!.f.o.n.t.d.r.v.h.o.
                                            Process:C:\Windows\System32\WerFault.exe
                                            File Type:Mini DuMP crash report, 14 streams, Wed Dec 4 13:48:06 2024, 0x1205a4 type
                                            Category:dropped
                                            Size (bytes):47430
                                            Entropy (8bit):1.2840959429975076
                                            Encrypted:false
                                            SSDEEP:96:5n78S/DRdn9HyxoFv1udW7i7cVRuiTXEHK6m5r/QXY5eWIN/IYsLW:5wkt/FvtOcVRRTt6o/QI5WH
                                            MD5:0E2061ADD62D0FE995D449F05321EC47
                                            SHA1:7D93199F4A8597E03073244D8CFC773900D870CE
                                            SHA-256:E8DFC054BF08DE2C591403113FF412AA76036F52DE171B5585DE88B846E09BFF
                                            SHA-512:94ABEFA84892F23890FA991D42A2A6E66E41D66BA18C775F5788C8D54DB24D36DB3DC4F07946E9E94B915AC7D243C7290579ADE0E028EA1AF2A63A75CA702F28
                                            Malicious:false
                                            Reputation:low
                                            Preview:MDMP..a..... ........]Pg........................................2!..........T.......8...........T.......................................................................................................................eJ..............Lw......................T............]Pg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                            Process:C:\Windows\System32\WerFault.exe
                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):8622
                                            Entropy (8bit):3.6896381734257933
                                            Encrypted:false
                                            SSDEEP:192:R6l7wVeJ8bZ316YyPeuOgmfr57vfpDT89bybnzfNMjm:R6lXJYb6YqeuOgmfrFveybzfi6
                                            MD5:FDD72066E224DD28091D245237163CA9
                                            SHA1:B88640BEB733FEAF043300A999F10DF885C4B271
                                            SHA-256:0EB214782A0BF0790CC1F8E95E948AF0D53445783F86A3D192058D2FAEFCA54D
                                            SHA-512:48C6B4CB08A4C35109D62AF97B09AC8D11A1D8F07E2980BE06944CD8C0B4930D3391281E212A33CA9BB60B14D7CF93A9EC3F67FDE7CA763FA8A98095A11F6CFB
                                            Malicious:false
                                            Reputation:low
                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.9.2.4.<./.P.i.
                                            Process:C:\Windows\System32\WerFault.exe
                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):4853
                                            Entropy (8bit):4.4430045035834596
                                            Encrypted:false
                                            SSDEEP:48:cvIwWl8zsZcJg771I9w7WpW8VYiYm8M4Jk5LvM6FVyq8vU5LvMiaMuhFd:uIjf8I7LK7VCJcjMmWsjMi1uLd
                                            MD5:654E58BD74875E2D6B3B46FA3C84FF14
                                            SHA1:F5AE4F348D5FB11EF38C2E060A4718BC3FAC9E49
                                            SHA-256:D96AB965EDC0C9E79D112947D041D8E9B8CB90F0C04FB59B5D940DAB34EEA10B
                                            SHA-512:56D781FEA95D6EDECEDA1E94958FC012CDF2D688BEB2B071BEBAD550490C72BA03126679F52F925D66499E7D9B016B4D56F22DD8A1BB6DB5757176F295085B02
                                            Malicious:false
                                            Reputation:low
                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="616610" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                            Process:C:\Users\user\Desktop\ZtnN5sSpDk.exe
                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                            Category:dropped
                                            Size (bytes):979567349
                                            Entropy (8bit):0.046351677930096515
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:53D33CC614F6C4B84B0004355AEF53F2
                                            SHA1:58EBB980A62FB7766D45C706F36DADA56080D8AF
                                            SHA-256:C188B8A04E4317A6FF9997817CC5550925BD49409B06F7BFAEB16899DF69BDC2
                                            SHA-512:24DEBDFEA9D5AFD0293FED4C91574141ADA8D90D99444B7C73483AB2C5C1C38870F8480CC82E1723F90CFBF432F351197DF1F068B9F2961099560A881DC3A646
                                            Malicious:false
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................z..............z........#.............................Rich..................PE..L......C..........................................@...........................9.....Y.$..............................................."..F...........................................................................................................text............................... ..`.rdata...|..........................@..@.data....)...P.......P..............@....rsrc....F...."..P...0..............@..@................................................................................................................................................................................................................................................................................................................................................
                                            Process:C:\Windows\System32\WerFault.exe
                                            File Type:MS Windows registry file, NT/2000 or above
                                            Category:dropped
                                            Size (bytes):1835008
                                            Entropy (8bit):4.469541172958744
                                            Encrypted:false
                                            SSDEEP:6144:FzZfpi6ceLPx9skLmb0fYZWSP3aJG8nAgeiJRMMhA2zX4WABluuNqjDH5S:9ZHtYZWOKnMM6bFpoj4
                                            MD5:04B8F13210D78F24D8D75E10EB0A048D
                                            SHA1:FA1B6190435B7A45397FA8956E32506E59124481
                                            SHA-256:A7E96E2E435068F6446BC662B5F52D7760CAC368DE6173ABCD8D74876B67A54B
                                            SHA-512:4538C8220343189A4903F785D522B4BF57E7CC027D64E18D6E0E862823942AEABBAA11730EB3EBA6BCAE77BE23D1ABBF1692791A568FAB6693AF4A7466B5732E
                                            Malicious:false
                                            Preview:regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmB?.%SF..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                            Entropy (8bit):6.969133609235859
                                            TrID:
                                            • Win32 Executable (generic) a (10002005/4) 99.40%
                                            • InstallShield setup (43055/19) 0.43%
                                            • Windows Screen Saver (13104/52) 0.13%
                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                            • DOS Executable Generic (2002/1) 0.02%
                                            File name:ZtnN5sSpDk.exe
                                            File size:2'981'888 bytes
                                            MD5:5be6145c6351bc7f52ea7ebdf01cbc8f
                                            SHA1:628c39659193e1026864295db18b1049bc904c76
                                            SHA256:5faffbfc993cbdaeb7b5e8f5f95f5510c340667ed5daff4b6f88d1ade8915208
                                            SHA512:278b13b623ba4595657cf2813c7491cd517c1e5a498a2cc4f23be61da252a7333de285dc88fd65b63e21fd8c0eda3e9da0b93581ed0492128aaf8ae923153bd9
                                            SSDEEP:49152:SVHFXSzmqiDqCbm1gickVsPTwuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuTuuuuD:SVHFXSzmqsegfkVsMuuuuuuuuuuuuuuo
                                            TLSH:38D5AE41F28181B1DD5276B05273D6B54572AEF8A73A80CF61D63F1B3B722E25A33386
                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................z.......................z...............#...............................................Rich...................
                                            Icon Hash:c5a684988c94a0c5
                                            Entrypoint:0x4dc300
                                            Entrypoint Section:.text
                                            Digitally signed:false
                                            Imagebase:0x400000
                                            Subsystem:windows gui
                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                            DLL Characteristics:NO_SEH
                                            Time Stamp:0x4310D1EE [Sat Aug 27 20:49:50 2005 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:
                                            OS Version Major:4
                                            OS Version Minor:0
                                            File Version Major:4
                                            File Version Minor:0
                                            Subsystem Version Major:4
                                            Subsystem Version Minor:0
                                            Import Hash:6cd1955b3508e1b7bae36e00ef841662
                                            Instruction
                                            sub esp, 44h
                                            push esi
                                            call dword ptr [0053D228h]
                                            mov esi, eax
                                            mov al, byte ptr [esi]
                                            cmp al, 22h
                                            call 00007F3C4CE25420h
                                            inc esi
                                            cmp al, 22h
                                            je 00007F3C4CED542Ah
                                            test al, al
                                            jne 00007F3C4CED5416h
                                            cmp al, 22h
                                            jne 00007F3C4CED5438h
                                            inc esi
                                            jmp 00007F3C4CED5435h
                                            cmp al, 20h
                                            jbe 00007F3C4CED5431h
                                            lea esp, dword ptr [esp+00000000h]
                                            mov al, byte ptr [esi+01h]
                                            inc esi
                                            cmp al, 20h
                                            jnbe 00007F3C4CED541Ah
                                            mov al, byte ptr [esi]
                                            test al, al
                                            je 00007F3C4CED5430h
                                            mov edi, edi
                                            cmp al, 20h
                                            jnbe 00007F3C4CED542Ah
                                            mov al, byte ptr [esi+01h]
                                            inc esi
                                            test al, al
                                            jne 00007F3C4CED5416h
                                            lea eax, dword ptr [esp+04h]
                                            push eax
                                            mov dword ptr [esp+34h], 00000000h
                                            call dword ptr [0053D270h]
                                            test byte ptr [esp+30h], 00000001h
                                            movzx eax, word ptr [esp+34h]
                                            jne 00007F3C4CED5427h
                                            mov eax, 0000000Ah
                                            push eax
                                            push esi
                                            push 00000000h
                                            push 00000000h
                                            call dword ptr [0053D224h]
                                            push eax
                                            call 00007F3C4CED5023h
                                            push eax
                                            call dword ptr [0053D220h]
                                            pop esi
                                            int3
                                            int3
                                            int3
                                            int3
                                            int3
                                            int3
                                            movzx edx, byte ptr [ecx+0Dh]
                                            xor eax, eax
                                            mov ah, byte ptr [ecx+0Fh]
                                            mov al, byte ptr [ecx+0Ch]
                                            movzx ecx, byte ptr [ecx+0Eh]
                                            shl eax, 08h
                                            or eax, edx
                                            shl eax, 08h
                                            or eax, ecx
                                            ret
                                            int3
                                            int3
                                            int3
                                            int3
                                            int3
                                            mov eax, ecx
                                            mov dword ptr [eax], 00000000h
                                            mov dword ptr [eax+04h], 00000000h
                                            ret
                                            push esi
                                            push edi
                                            mov esi, ecx
                                            call dword ptr [0000D518h]
                                            Programming Language:
                                            • [ C ] VS2003 (.NET) build 3077
                                            • [C++] VS2003 (.NET) build 3077
                                            • [RES] VS2003 (.NET) build 3077
                                            • [LNK] VS2003 (.NET) build 3077
                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x152e180x118.rdata
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x2280000x1746d4.rsrc
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0x13d0000x598.rdata
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            .text0x10000x13bc900x13c000a098c7e84ad5a36a04535e1c3b73e500False0.5445657078223892data6.741499573740984IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                            .rdata0x13d0000x17c840x180007985ce6b5d14c95b3d11911cc6832e60False0.5450439453125data6.199908013459288IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .data0x1550000xd29080xe00033ed2020b692083bf67c882b0e6ea252False0.7456926618303571data7.206453493549018IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                            .rsrc0x2280000x1746d40x17500012a4e18e7916d7ddea717a724fda7332False0.4497901568783512data6.806966711150288IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                            RT_CURSOR0x229a4c0x134dataEnglishUnited States0.275974025974026
                                            RT_CURSOR0x229b800xb4dataEnglishUnited States0.6444444444444445
                                            RT_CURSOR0x229c340x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.39935064935064934
                                            RT_CURSOR0x229d680xb4Targa image data - RLE 32 x 65536 x 1 +16 "\001"EnglishUnited States0.8944444444444445
                                            RT_CURSOR0x229e1c0x134dataEnglishUnited States0.12012987012987013
                                            RT_ICON0x229f500x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.3225609756097561
                                            RT_ICON0x22a5b80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.43951612903225806
                                            RT_ICON0x22a8a00x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States0.4016393442622951
                                            RT_ICON0x22aa880x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.4831081081081081
                                            RT_ICON0x22abb00x35e0PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9907192575406032
                                            RT_ICON0x22e1900xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.4584221748400853
                                            RT_ICON0x22f0380x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.47382671480144406
                                            RT_ICON0x22f8e00x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States0.45564516129032256
                                            RT_ICON0x22ffa80x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.3504335260115607
                                            RT_ICON0x2305100x668Device independent bitmap graphic, 48 x 96 x 4, image size 0EnglishUnited States0.1774390243902439
                                            RT_ICON0x230b780x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.26344086021505375
                                            RT_ICON0x230e600x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.46621621621621623
                                            RT_ICON0x230f880xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.5335820895522388
                                            RT_ICON0x231e300x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.5478339350180506
                                            RT_ICON0x2326d80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.41401734104046245
                                            RT_ICON0x232c400x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.34865145228215766
                                            RT_ICON0x2351e80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.36538461538461536
                                            RT_ICON0x2362900x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.6462765957446809
                                            RT_ICON0x2366f80x668Device independent bitmap graphic, 48 x 96 x 4, image size 0EnglishUnited States0.27987804878048783
                                            RT_ICON0x236d600x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.40860215053763443
                                            RT_ICON0x2370480x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 0EnglishUnited States0.47540983606557374
                                            RT_ICON0x2372300x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.5506756756756757
                                            RT_ICON0x2373580xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.4650852878464819
                                            RT_ICON0x2382000x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.677797833935018
                                            RT_ICON0x238aa80x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0EnglishUnited States0.7534562211981567
                                            RT_ICON0x2391700x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.8034682080924855
                                            RT_ICON0x2396d80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.32676348547717843
                                            RT_ICON0x23bc800x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.4547373358348968
                                            RT_ICON0x23cd280x988Device independent bitmap graphic, 24 x 48 x 32, image size 0EnglishUnited States0.5823770491803278
                                            RT_ICON0x23d6b00x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.600177304964539
                                            RT_ICON0x23db180x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.07868508221933042
                                            RT_ICON0x24e3400x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.15114568005045195
                                            RT_ICON0x2577e80x67e8Device independent bitmap graphic, 80 x 160 x 32, image size 26560EnglishUnited States0.1543233082706767
                                            RT_ICON0x25dfd00x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.175184842883549
                                            RT_ICON0x2634580x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.15948275862068967
                                            RT_ICON0x2676800x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.24107883817427386
                                            RT_ICON0x269c280x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.2678236397748593
                                            RT_ICON0x26acd00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.37459016393442623
                                            RT_ICON0x26b6580x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.42819148936170215
                                            RT_ICON0x26bac00x668Device independent bitmap graphic, 48 x 96 x 4, image size 11520.3225609756097561
                                            RT_ICON0x26c1280x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 5120.43951612903225806
                                            RT_ICON0x26c4100x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 2880.4016393442622951
                                            RT_ICON0x26c5f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 1280.4831081081081081
                                            RT_ICON0x26c7200x35e0PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9907192575406032
                                            RT_ICON0x26fd000xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors0.4584221748400853
                                            RT_ICON0x270ba80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors0.47382671480144406
                                            RT_ICON0x2714500x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors0.45564516129032256
                                            RT_ICON0x271b180x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors0.3504335260115607
                                            RT_ICON0x2720800x10828Device independent bitmap graphic, 128 x 256 x 32, image size 675840.07868508221933042
                                            RT_ICON0x2828a80x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 380160.15114568005045195
                                            RT_ICON0x28bd500x67e8Device independent bitmap graphic, 80 x 160 x 32, image size 265600.1543233082706767
                                            RT_ICON0x2925380x5488Device independent bitmap graphic, 72 x 144 x 32, image size 216000.175184842883549
                                            RT_ICON0x2979c00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 168960.15948275862068967
                                            RT_ICON0x29bbe80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.24107883817427386
                                            RT_ICON0x29e1900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.2678236397748593
                                            RT_ICON0x29f2380x988Device independent bitmap graphic, 24 x 48 x 32, image size 24000.37459016393442623
                                            RT_ICON0x29fbc00x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.42819148936170215
                                            RT_MENU0x2a00280x280dataChineseTaiwan0.55
                                            RT_MENU0x2a02a80x350dataGermanGermany0.46226415094339623
                                            RT_MENU0x2a05f80x2f2dataEnglishUnited States0.46419098143236076
                                            RT_MENU0x2a08ec0x34cdataFrenchFrance0.45260663507109006
                                            RT_MENU0x2a0c380x356dataItalianItaly0.4601873536299766
                                            RT_MENU0x2a0f900x2c0dataJapaneseJapan0.5539772727272727
                                            RT_MENU0x2a12500x2c4dataKoreanNorth Korea0.5706214689265536
                                            RT_MENU0x2a12500x2c4dataKoreanSouth Korea0.5706214689265536
                                            RT_MENU0x2a15140x286dataChineseChina0.5479876160990712
                                            RT_MENU0x2a179c0x336data0.46228710462287104
                                            RT_MENU0x2a1ad40x116dataChineseTaiwan0.7086330935251799
                                            RT_MENU0x2a1bec0x20adataGermanGermany0.5268199233716475
                                            RT_MENU0x2a1df80x1d2dataEnglishUnited States0.5343347639484979
                                            RT_MENU0x2a1fcc0x220dataFrenchFrance0.5055147058823529
                                            RT_MENU0x2a21ec0x1fedataItalianItaly0.515686274509804
                                            RT_MENU0x2a23ec0x146dataJapaneseJapan0.7239263803680982
                                            RT_MENU0x2a25340x144dataKoreanNorth Korea0.7253086419753086
                                            RT_MENU0x2a25340x144dataKoreanSouth Korea0.7253086419753086
                                            RT_MENU0x2a26780x12edataChineseChina0.7019867549668874
                                            RT_MENU0x2a27a80x1f4data0.536
                                            RT_MENU0x2a299c0x6adataChineseTaiwan0.7452830188679245
                                            RT_MENU0x2a2a080x9cdataGermanGermany0.7115384615384616
                                            RT_MENU0x2a2aa40x70dataEnglishUnited States0.75
                                            RT_MENU0x2a2b140x90dataFrenchFrance0.6805555555555556
                                            RT_MENU0x2a2ba40x88dataItalianItaly0.7205882352941176
                                            RT_MENU0x2a2c2c0x78dataJapaneseJapan0.75
                                            RT_MENU0x2a2ca40x78dataKoreanNorth Korea0.7833333333333333
                                            RT_MENU0x2a2ca40x78dataKoreanSouth Korea0.7833333333333333
                                            RT_MENU0x2a2d1c0x6adataChineseChina0.7452830188679245
                                            RT_MENU0x2a2d880x8cdata0.6857142857142857
                                            RT_MENU0x2a2e140x22dataChineseTaiwan1.1764705882352942
                                            RT_MENU0x2a2e380x4adataGermanGermany0.8378378378378378
                                            RT_MENU0x2a2e840x34dataEnglishUnited States1.0
                                            RT_MENU0x2a2eb80x3edataFrenchFrance0.9193548387096774
                                            RT_MENU0x2a2ef80x42dataItalianItaly0.9545454545454546
                                            RT_MENU0x2a2f3c0x28dataJapaneseJapan1.125
                                            RT_MENU0x2a2f640x24dataKoreanNorth Korea1.1944444444444444
                                            RT_MENU0x2a2f640x24dataKoreanSouth Korea1.1944444444444444
                                            RT_MENU0x2a2f880x22dataChineseChina1.1764705882352942
                                            RT_MENU0x2a2fac0x3cdata1.0166666666666666
                                            RT_DIALOG0x2a2fe80x1a6dataChineseTaiwan0.5284360189573459
                                            RT_DIALOG0x2a31900x1a6dataGermanGermany0.523696682464455
                                            RT_DIALOG0x2a33380x1a6dataEnglishUnited States0.523696682464455
                                            RT_DIALOG0x2a34e00x1a6dataFrenchFrance0.523696682464455
                                            RT_DIALOG0x2a36880x1a6dataItalianItaly0.523696682464455
                                            RT_DIALOG0x2a38300x19edataJapaneseJapan0.538647342995169
                                            RT_DIALOG0x2a39d00x1a6dataKoreanNorth Korea0.5284360189573459
                                            RT_DIALOG0x2a39d00x1a6dataKoreanSouth Korea0.5284360189573459
                                            RT_DIALOG0x2a3b780x1a6dataChineseChina0.5260663507109005
                                            RT_DIALOG0x2a3d200x1aedata0.5302325581395348
                                            RT_DIALOG0x2a3ed00x140dataChineseTaiwan0.70625
                                            RT_DIALOG0x2a40100x1d8dataGermanGermany0.5614406779661016
                                            RT_DIALOG0x2a41e80x1cadataEnglishUnited States0.5633187772925764
                                            RT_DIALOG0x2a43b40x1bcdataFrenchFrance0.5968468468468469
                                            RT_DIALOG0x2a45700x18cdataItalianItaly0.6035353535353535
                                            RT_DIALOG0x2a46fc0x162dataJapaneseJapan0.7457627118644068
                                            RT_DIALOG0x2a48600x144dataKoreanNorth Korea0.7376543209876543
                                            RT_DIALOG0x2a48600x144dataKoreanSouth Korea0.7376543209876543
                                            RT_DIALOG0x2a49a40x138dataChineseChina0.6987179487179487
                                            RT_DIALOG0x2a4adc0x1cedata0.5757575757575758
                                            RT_DIALOG0x2a4cac0x2cadataChineseTaiwan0.5714285714285714
                                            RT_DIALOG0x2a4f780x4cedataGermanGermany0.4056910569105691
                                            RT_DIALOG0x2a54480x448dataEnglishUnited States0.39507299270072993
                                            RT_DIALOG0x2a58900x4f8dataFrenchFrance0.3977987421383648
                                            RT_DIALOG0x2a5d880x49cdataItalianItaly0.38813559322033897
                                            RT_DIALOG0x2a62240x34edataJapaneseJapan0.5721040189125296
                                            RT_DIALOG0x2a65740x32edataKoreanNorth Korea0.5675675675675675
                                            RT_DIALOG0x2a65740x32edataKoreanSouth Korea0.5675675675675675
                                            RT_DIALOG0x2a68a40x2c2dataChineseChina0.5722379603399433
                                            RT_DIALOG0x2a6b680x48edata0.3936535162950257
                                            RT_STRING0x2a6ff80xeedataChineseTaiwan0.5378151260504201
                                            RT_STRING0x2a70e80x10adataGermanGermany0.5225563909774437
                                            RT_STRING0x2a71f40x104dataEnglishUnited States0.5076923076923077
                                            RT_STRING0x2a72f80x116dataFrenchFrance0.5215827338129496
                                            RT_STRING0x2a74100x10cdataItalianItaly0.5111940298507462
                                            RT_STRING0x2a751c0xfcdataJapaneseJapan0.5674603174603174
                                            RT_STRING0x2a76180xf0dataKoreanNorth Korea0.5625
                                            RT_STRING0x2a76180xf0dataKoreanSouth Korea0.5625
                                            RT_STRING0x2a77080xeedataChineseChina0.542016806722689
                                            RT_STRING0x2a77f80x116data0.5179856115107914
                                            RT_STRING0x2a79100xdeMatlab v4 mat-file (little endian) Gr-N\011g, numeric, rows 0, columns 0ChineseTaiwan0.6891891891891891
                                            RT_STRING0x2a79f00x204Matlab v4 mat-file (little endian) a, numeric, rows 0, columns 0GermanGermany0.4573643410852713
                                            RT_STRING0x2a7bf40x1aaMatlab v4 mat-file (little endian) , numeric, rows 0, columns 0EnglishUnited States0.4624413145539906
                                            RT_STRING0x2a7da00x20aMatlab v4 mat-file (little endian) n, numeric, rows 0, columns 0FrenchFrance0.4521072796934866
                                            RT_STRING0x2a7fac0x1acMatlab v4 mat-file (little endian) n, numeric, rows 0, columns 0ItalianItaly0.4532710280373832
                                            RT_STRING0x2a81580x116Matlab v4 mat-file (little endian) \3740\3230\3740\205Qn0\2710\2570\3520\3270\3100L0\237S\340Vg0 , numeric, rows 0, columns 0JapaneseJapan0.6438848920863309
                                            RT_STRING0x2a82700x100Matlab v4 mat-file (little endian) , numeric, rows 0, columns 0KoreanNorth Korea0.796875
                                            RT_STRING0x2a82700x100Matlab v4 mat-file (little endian) , numeric, rows 0, columns 0KoreanSouth Korea0.796875
                                            RT_STRING0x2a83700xe0Matlab v4 mat-file (little endian) Gr-N\204v\320g*N\032\201,g\374[\364\201 , numeric, rows 0, columns 0ChineseChina0.6696428571428571
                                            RT_STRING0x2a84500x1a8Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 00.5070754716981132
                                            RT_STRING0x2a85f80x56Matlab v4 mat-file (little endian) \326S\201\211, numeric, rows 0, columns 0ChineseTaiwan0.5348837209302325
                                            RT_STRING0x2a86500x110Matlab v4 mat-file (little endian) \344, numeric, rows 0, columns 0GermanGermany0.41544117647058826
                                            RT_STRING0x2a87600xcaMatlab v4 mat-file (little endian) e, numeric, rows 0, columns 0EnglishUnited States0.45544554455445546
                                            RT_STRING0x2a882c0x106Matlab v4 mat-file (little endian) h, numeric, rows 0, columns 0FrenchFrance0.44274809160305345
                                            RT_STRING0x2a89340xfaMatlab v4 mat-file (little endian) e, numeric, rows 0, columns 0ItalianItaly0.384
                                            RT_STRING0x2a8a300x8eMatlab v4 mat-file (little endian) \2420\3030\3270\3550\3740\3110Y0\2130\3250\2410\2440\3530\2220x\220\236bW0~0Y0 , numeric, rows 0, columns 0JapaneseJapan0.5
                                            RT_STRING0x2a8ac00x7cdataKoreanNorth Korea0.6290322580645161
                                            RT_STRING0x2a8ac00x7cdataKoreanSouth Korea0.6290322580645161
                                            RT_STRING0x2a8b3c0x5cMatlab v4 mat-file (little endian) \351b\201\211, numeric, rows 0, columns 0ChineseChina0.4891304347826087
                                            RT_STRING0x2a8b980x138Matlab v4 mat-file (little endian) e, numeric, rows 0, columns 00.4166666666666667
                                            RT_STRING0x2a8cd00x52dataChineseTaiwan0.8536585365853658
                                            RT_STRING0x2a8d240xaadataGermanGermany0.6
                                            RT_STRING0x2a8dd00x98dataEnglishUnited States0.6052631578947368
                                            RT_STRING0x2a8e680xd6dataFrenchFrance0.5373831775700935
                                            RT_STRING0x2a8f400xaadataItalianItaly0.5764705882352941
                                            RT_STRING0x2a8fec0x70dataJapaneseJapan0.7857142857142857
                                            RT_STRING0x2a905c0x58dataKoreanNorth Korea0.8977272727272727
                                            RT_STRING0x2a905c0x58dataKoreanSouth Korea0.8977272727272727
                                            RT_STRING0x2a90b40x52dataChineseChina0.8048780487804879
                                            RT_STRING0x2a91080xc8data0.54
                                            RT_ACCELERATOR0x2a91d00x80dataEnglishUnited States0.6875
                                            RT_GROUP_CURSOR0x2a92500x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0294117647058822
                                            RT_GROUP_CURSOR0x2a92740x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0
                                            RT_GROUP_CURSOR0x2a92980x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                            RT_GROUP_ICON0x2a92ac0x126data0.5544217687074829
                                            RT_GROUP_ICON0x2a93d40x102dataEnglishUnited States0.6046511627906976
                                            RT_GROUP_ICON0x2a94d80xaedataEnglishUnited States0.6206896551724138
                                            RT_GROUP_ICON0x2a95880x84dataEnglishUnited States0.6363636363636364
                                            RT_VERSION0x2a960c0x3c4dataEnglishUnited States0.4221991701244813
                                            RT_DLGINCLUDE0x2a99d00x6dc36PC bitmap, Windows 3.x format, 56755 x 2 x 45, image size 449690, cbSize 449590, bits offset 540.699535132009164
                                            RT_ANIICON0x3176080xe52ePC bitmap, Windows 3.x format, 7462 x 2 x 45, image size 58788, cbSize 58670, bits offset 540.3828532469746037
                                            RT_ANIICON0x325b380xadb5PC bitmap, Windows 3.x format, 6091 x 2 x 54, image size 44877, cbSize 44469, bits offset 540.3292181069958848
                                            RT_ANIICON0x3308f00xc408PC bitmap, Windows 3.x format, 6487 x 2 x 36, image size 50833, cbSize 50184, bits offset 540.3397895743663319
                                            RT_ANIICON0x33ccf80x3251cPC bitmap, Windows 3.x format, 26260 x 2 x 36, image size 206180, cbSize 206108, bits offset 540.4970597938944631
                                            RT_ANIICON0x36f2140x2d4bfPC bitmap, Windows 3.x format, 23999 x 2 x 52, image size 185728, cbSize 185535, bits offset 540.4973832430538712
                                            DLLImport
                                            WSOCK32.dllsetsockopt, gethostbyname, htonl, ioctlsocket, htons, WSAStartup, ntohl, WSACleanup
                                            WININET.dllHttpQueryInfoA
                                            CRYPT32.dllCertFreeCertificateContext, CertVerifySubjectCertificateContext, CertFindCertificateInStore, CertCreateCertificateContext, CryptGetMessageCertificates, CryptVerifyMessageSignature, CertCloseStore
                                            VERSION.dllGetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA
                                            WINMM.dllwaveInStop, waveInAddBuffer, waveInStart, waveInGetNumDevs, waveOutGetNumDevs, waveInClose, waveOutGetDevCapsA, waveOutPrepareHeader, waveOutWrite, waveOutReset, waveOutUnprepareHeader, waveInReset, waveInUnprepareHeader, waveInPrepareHeader, waveInOpen, waveInGetDevCapsA, timeGetTime, waveOutClose, waveOutOpen, timeKillEvent, timeSetEvent, timeGetDevCaps, timeBeginPeriod, timeEndPeriod
                                            KERNEL32.dllGetSystemInfo, GetUserDefaultLangID, ExitThread, GlobalFree, GetFileAttributesA, GetFileAttributesW, LockResource, LoadResource, FindResourceExA, FindResourceExW, GlobalAlloc, CreateThread, GetTimeZoneInformation, GetSystemTime, SystemTimeToFileTime, DeleteFileA, DeleteFileW, MoveFileA, VirtualQuery, RemoveDirectoryA, RemoveDirectoryW, CreateDirectoryA, CreateDirectoryW, CreateFileA, CreateFileW, ReadFile, WriteFile, GetTempFileNameA, GetTempPathA, GetTempFileNameW, GetTempPathW, SetFilePointer, GetFileSize, GetFileAttributesExA, GetFileAttributesExW, FindFirstFileA, FindFirstFileW, FindNextFileA, FindNextFileW, FindClose, GetSystemDirectoryA, GetModuleFileNameA, MoveFileExA, CreateMutexA, ReleaseMutex, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, WaitForSingleObject, WideCharToMultiByte, GlobalUnlock, GlobalLock, IsDBCSLeadByteEx, lstrlenA, SetEndOfFile, CopyFileA, CopyFileW, GetModuleFileNameW, GetCommandLineW, ExitProcess, GetModuleHandleA, GetCommandLineA, GetProcessTimes, GetCurrentProcess, CreateEventA, SetEvent, TlsAlloc, SetThreadPriority, InterlockedIncrement, InterlockedDecrement, ResetEvent, WaitForMultipleObjects, VirtualFree, VirtualAlloc, GetThreadPriority, GetCurrentThread, GetSystemDefaultLangID, FreeLibrary, GetLastError, GetStartupInfoA, CreateProcessA, CloseHandle, LCMapStringW, LCMapStringA, GetTickCount, GetCurrentThreadId, GetLocaleInfoA, SetErrorMode, LoadLibraryA, GetProcAddress, QueryPerformanceCounter, QueryPerformanceFrequency, IsDBCSLeadByte, GetACP, GetCPInfo, MultiByteToWideChar, GetVersionExA, InterlockedExchange, InterlockedCompareExchange, Sleep, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, HeapAlloc, GetProcessHeap, MoveFileW, HeapFree
                                            USER32.dllGetSubMenu, LoadMenuA, SetTimer, KillTimer, GetClientRect, ScreenToClient, GetCursorPos, SetCursor, LoadCursorA, EndPaint, BeginPaint, GetMenu, DestroyWindow, GetFocus, WindowFromPoint, GetCapture, ReleaseCapture, SetCapture, TrackPopupMenu, ClientToScreen, DeleteMenu, GetMenuItemID, IsWindow, DefWindowProcA, GetWindowLongA, CreateWindowExA, RegisterClipboardFormatA, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, SetClipboardData, EmptyClipboard, InsertMenuA, InsertMenuW, RemoveMenu, GetWindow, UnregisterClassA, LoadStringW, MoveWindow, SetMenu, UpdateWindow, ShowWindow, SetDlgItemTextA, SetDlgItemTextW, EnableWindow, GetDlgItemTextA, GetWindowTextLengthA, DestroyMenu, GetWindowTextLengthW, PostQuitMessage, GetMenuStringA, GetMenuStringW, RegisterClassA, DispatchMessageA, TranslateMessage, TranslateAcceleratorA, GetMessageA, LoadAcceleratorsA, PostThreadMessageA, GetQueueStatus, PeekMessageA, MsgWaitForMultipleObjects, RegisterWindowMessageA, SystemParametersInfoA, DialogBoxIndirectParamW, DialogBoxIndirectParamA, PostMessageA, EndDialog, SetWindowLongA, GetParent, GetWindowRect, GetDesktopWindow, SetWindowPos, LoadIconA, GetDlgItem, SendMessageA, SetWindowTextA, SetFocus, GetMenuItemCount, GetMenuItemInfoA, GetSystemMetrics, InsertMenuItemA, DdeInitializeA, DdeCreateStringHandleA, DdeConnect, DdeClientTransaction, DdeDisconnect, DdeFreeStringHandle, DdeUninitialize, SendInput, GetKeyboardLayout, GetDC, ReleaseDC, GetDoubleClickTime, LoadStringA, EnableMenuItem, CheckMenuItem, InvalidateRect, WaitForInputIdle, MapVirtualKeyA, FillRect, GetKeyState, DialogBoxParamW, DialogBoxParamA, GetDlgItemTextW, MessageBoxA
                                            GDI32.dllGetTextMetricsA, GetClipRgn, SetTextColor, ExtTextOutW, ExtTextOutA, CreateRectRgn, GetTextAlign, GetBkMode, GetTextColor, EnumFontFamiliesA, SetTextCharacterExtra, BeginPath, EndPage, DPtoLP, FillPath, ExtCreatePen, StrokePath, EndDoc, StartDocA, LPtoDP, CreateSolidBrush, GetClipBox, GetSystemPaletteEntries, CreatePalette, GetTextExtentPoint32A, CreatePen, GetBkColor, SetBkColor, GetCurrentObject, GetTextExtentPoint32W, EndPath, SetPolyFillMode, MoveToEx, LineTo, PolyBezierTo, SelectClipPath, SaveDC, RestoreDC, GdiFlush, DeleteObject, SelectObject, StretchDIBits, SetDIBitsToDevice, CreateCompatibleBitmap, GetObjectA, CreateCompatibleDC, DeleteDC, CreateDIBSection, GetDeviceCaps, BitBlt, RealizePalette, SelectPalette, GetStockObject, CreateFontIndirectA, SetBkMode, SetTextAlign, IntersectClipRect, SelectClipRgn, StartPage
                                            comdlg32.dllGetOpenFileNameA, PrintDlgA, GetOpenFileNameW, GetSaveFileNameW, CommDlgExtendedError, GetSaveFileNameA
                                            ADVAPI32.dllRegCloseKey, RegQueryValueExA, RegOpenKeyExA, RegQueryValueExW, RegOpenKeyExW, RegSetValueExA, RegCreateKeyA, RegSetValueA
                                            SHELL32.dllDragQueryFileA, DragAcceptFiles, SHBrowseForFolderA, SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHAppBarMessage, DragQueryFileW
                                            ole32.dllCoTaskMemAlloc, CoFreeUnusedLibraries, CoInitialize, CoUninitialize, CoCreateInstance, CoTaskMemFree
                                            Language of compilation systemCountry where language is spokenMap
                                            EnglishUnited States
                                            ChineseTaiwan
                                            GermanGermany
                                            FrenchFrance
                                            ItalianItaly
                                            JapaneseJapan
                                            KoreanNorth Korea
                                            KoreanSouth Korea
                                            ChineseChina
                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                            2024-12-04T14:47:59.108471+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1104.37.175.2327716192.168.2.649737TCP
                                            TimestampSource PortDest PortSource IPDest IP
                                            Dec 4, 2024 14:47:57.703474998 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:47:57.826267004 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:57.826364040 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:47:57.826865911 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:47:57.949245930 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:58.985044956 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:58.988096952 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:47:59.108470917 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.343328953 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.352206945 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:47:59.472039938 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.743448973 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.744162083 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.744223118 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:47:59.745659113 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.746453047 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.746469021 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.746480942 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.746495008 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:47:59.746516943 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:47:59.747247934 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.747262001 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.747307062 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:47:59.752427101 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.752439976 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.752485037 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:47:59.754503965 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.754673004 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.754717112 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:47:59.863930941 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.921435118 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:47:59.937306881 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.938060045 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.938225985 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:47:59.942459106 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.943197966 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.943250895 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:47:59.946224928 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.946389914 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.946429968 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:47:59.953188896 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.953360081 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.953402042 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:47:59.961009026 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.961173058 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.961229086 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:47:59.971925020 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.971947908 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.972059011 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:47:59.983234882 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.983963966 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.984028101 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:47:59.991487980 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.991503000 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.991575003 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:47:59.993004084 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.993153095 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:47:59.993196964 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.000184059 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.000329971 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.000381947 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.007991076 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.008258104 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.008313894 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.041172028 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.041331053 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.041378975 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.214373112 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.215238094 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.215430975 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.218650103 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.218667984 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.218734026 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.227072954 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.227086067 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.227155924 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.236288071 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.236299992 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.236380100 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.245666981 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.245678902 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.245748043 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.248614073 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.249361038 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.249372005 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.249417067 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.250121117 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.250132084 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.250143051 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.250185966 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.250206947 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.250860929 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.250878096 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.250916958 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.254417896 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.254569054 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.254616022 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.259593010 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.259730101 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.259782076 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.265050888 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.265269995 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.265320063 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.270093918 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.270281076 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.270328045 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.275984049 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.276194096 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.276242971 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.280798912 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.280956030 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.281002998 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.286221981 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.286429882 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.286478996 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.291829109 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.292037964 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.292079926 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.297374010 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.297596931 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.297636986 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.302727938 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.302840948 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.302889109 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.308471918 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.308641911 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.308691978 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.337730885 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.337973118 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.338020086 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.340318918 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.406136036 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.406155109 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.406191111 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.408941984 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.408953905 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.408987999 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.416635036 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.416656971 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.416697979 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.423244953 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.423307896 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.424071074 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.429995060 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.430022001 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.430063963 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.437187910 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.437200069 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.437256098 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.439024925 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.439074039 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.439937115 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.439948082 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.439958096 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.439989090 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.440627098 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.440645933 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.440665960 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.441344976 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.441356897 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.441386938 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.443564892 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.443610907 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.443713903 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.447691917 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.447755098 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.447916031 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.452308893 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.452364922 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.452521086 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.456490993 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.456542015 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.456794977 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.460345984 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.460385084 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.460546970 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.463521957 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.463572025 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.463690996 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.467478991 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.467545033 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.467588902 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.469455957 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.469506979 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.469573975 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.471987009 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.472033024 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.472062111 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.473990917 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.474047899 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.474179983 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.475850105 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.475913048 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.475929976 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.477310896 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.477359056 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.477483034 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.479116917 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.479161024 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.479305983 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.480905056 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.480971098 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.481127024 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.482882977 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.482924938 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.483057022 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.485080004 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.485124111 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.485274076 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.487289906 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.487341881 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.487406969 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.489437103 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.489479065 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.489609957 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.491755009 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.491815090 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.491858959 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.493870974 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.493916035 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.493985891 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.495970011 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.496011972 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.496162891 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.498130083 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.498195887 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.598119020 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.598875046 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.598942041 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.600491047 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.600502014 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.600549936 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.604242086 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.604254007 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.604321003 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.607484102 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.608298063 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.608350992 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.612425089 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.612937927 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.613048077 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.615663052 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.615674973 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.615721941 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.618439913 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.619190931 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.619246960 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.622339964 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.622350931 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.622406960 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.626789093 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.627482891 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.627545118 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.630511999 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.630530119 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.630573988 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.632766008 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.632776976 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.632833004 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.633547068 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.633559942 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.633610010 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.634278059 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.634290934 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.634313107 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.634356976 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.635245085 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.635256052 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.635309935 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.635967970 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.635979891 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.636012077 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.636559010 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.636590958 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.636599064 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.637310982 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.637322903 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.637356997 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.638009071 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.638020992 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.638031006 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.638063908 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.638088942 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.638732910 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.638760090 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.638798952 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.639501095 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.639512062 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.639548063 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.640250921 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.640261889 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.640300989 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.641000986 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.641012907 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.641024113 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.641043901 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.641714096 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.641755104 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.642076969 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.642087936 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.642117023 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.642745972 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.642756939 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.642796993 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.643987894 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.644242048 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.644282103 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.645814896 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.645972013 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.646015882 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.647519112 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.647691965 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.647728920 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.649342060 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.649521112 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.649569035 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.651199102 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.651442051 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.651477098 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.653417110 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.653567076 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.653604984 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.655169964 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.655322075 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.655370951 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.657040119 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.657120943 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.657174110 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.658644915 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.658785105 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.658821106 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.660226107 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.660378933 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.660414934 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.661967993 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.662102938 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.663575888 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.663746119 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.665374041 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.665551901 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.665570974 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.665606976 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.667129040 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.667309046 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.667346954 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.668945074 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.669173956 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.669209957 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.670727015 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.670891047 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.670937061 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.672496080 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.672755957 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.672794104 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.674230099 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.674459934 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.674495935 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.676045895 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.676218987 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.676254988 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.677829027 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.678025007 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.678066969 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.679598093 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.679783106 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.679826975 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.681436062 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.681593895 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.681636095 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.683152914 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.683367014 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.683403969 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.684947014 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.685125113 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.685159922 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.686876059 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.687062025 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.687108994 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.688512087 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.688788891 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.688827038 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.690284967 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.690412998 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.690473080 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.792517900 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.793142080 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.793199062 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.793751001 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.793762922 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.793807983 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.797252893 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.798037052 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.798090935 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.800148964 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.800168991 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.800220013 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.802098989 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.802112103 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.802174091 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.804852962 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.805407047 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.805450916 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.806598902 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.806610107 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.806657076 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.809473038 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.810070992 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.810142994 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.811521053 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.811532021 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.811593056 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.813965082 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.813977003 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.814039946 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.816869020 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.817514896 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.817565918 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.819077015 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.819088936 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.819134951 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.822040081 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.822761059 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.822801113 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.824657917 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.824671030 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.824712992 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.826194048 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.826937914 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.826975107 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.828433990 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.828448057 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.828464031 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.828493118 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.829171896 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.829185009 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.829220057 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.829911947 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.829940081 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.829957008 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.830694914 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.830708027 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.830734015 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.831407070 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.831443071 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.831443071 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.832190037 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.832210064 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.832217932 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.832230091 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.832257032 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.832952023 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.832964897 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.833000898 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.833688974 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.833700895 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.833739996 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.834453106 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.834464073 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.834552050 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.835573912 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.835586071 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.835628986 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.836173058 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.836184025 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.836194038 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.836236000 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.836848974 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.836860895 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.836899042 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.837579966 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.837589979 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.837635994 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.838247061 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.838278055 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.838298082 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.839052916 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.839063883 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.839091063 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.839792013 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.839832067 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.839833975 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.839843035 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.839874983 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.840529919 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.840543032 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.840586901 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.841272116 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.841284990 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.841342926 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.842127085 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.842139959 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.842180967 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.844252110 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.844274044 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.844312906 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.844782114 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.844794989 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.844826937 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.844827890 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.845413923 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.845427990 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.845460892 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.846045017 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.846055984 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.846085072 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.846750021 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.846761942 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.846788883 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.847405910 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.847419024 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.847429991 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.847453117 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.847486019 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.847934961 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.847940922 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.847968102 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.848560095 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.848572016 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.848608971 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.849123001 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.849160910 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.849210024 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.849757910 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.849776983 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.849812984 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.850064039 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.850075960 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.850116968 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.850694895 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.850707054 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.850759029 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.852437973 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.852623940 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.852634907 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.852680922 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.853274107 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.853317976 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.853672981 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.854079008 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.854115963 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.855073929 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.855241060 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.855281115 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.856218100 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.921471119 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.985220909 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.986027956 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.986041069 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.986107111 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.986773014 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.986835957 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.988193989 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.988205910 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.988253117 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.991175890 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.991197109 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.991247892 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.992742062 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.992754936 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.992798090 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.993978024 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.994558096 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.994630098 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.995837927 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.995856047 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.995910883 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:00.999560118 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.999574900 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:00.999653101 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.001022100 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.001759052 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.001837015 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.003304958 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.003397942 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.003447056 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.005558014 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.005569935 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.005630970 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.007057905 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.007812023 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.007852077 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.009428978 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.009443045 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.009538889 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.011555910 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.011569023 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.011610031 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.013195038 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.013873100 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.013961077 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.016462088 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.017189980 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.017236948 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.018719912 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.019524097 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.019582987 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.021166086 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.021178961 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.021214962 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.022521019 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.023230076 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.023257017 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.023296118 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.023972988 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.023987055 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.023999929 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.024024963 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.024049997 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.025521040 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.026506901 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.026531935 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.026552916 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.027213097 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.027228117 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.027280092 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.027718067 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.027730942 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.027759075 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.028542995 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.028556108 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.028584003 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.029249907 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.029273987 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.029289007 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.029289961 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.029314995 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.030052900 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.030066967 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.030097961 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.030742884 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.031141043 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.031155109 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.031181097 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.031852961 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.031864882 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.031891108 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.032629013 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.032640934 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.032654047 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.032672882 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.032705069 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.033566952 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.033579111 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.033616066 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.034279108 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.034327030 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.034365892 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.034991980 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.035007000 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.035039902 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.035624027 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.035648108 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.035659075 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.035682917 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.036391973 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.036413908 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.036437988 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.037122965 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.037161112 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.037178993 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.037971973 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.037983894 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.038013935 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.038662910 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.038676023 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.038710117 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.039383888 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.039396048 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.039407969 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.039428949 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.039450884 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.040143013 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.040153980 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.040194035 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.040882111 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.040894032 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.040961981 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.041613102 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.041656017 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.041688919 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.042381048 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.042392969 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.042403936 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.042437077 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.043142080 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.043154001 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.043184042 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.043903112 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.043915033 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.043945074 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.044678926 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.044692039 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.044720888 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.045412064 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.045423031 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.045454979 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.046163082 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.046174049 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.046183109 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.046210051 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.046230078 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.046933889 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.046945095 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.046955109 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.046993017 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.176175117 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.176188946 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.176255941 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.176788092 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.176800013 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.176842928 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.179008007 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.179043055 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.179079056 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.180382013 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.181126118 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.181174040 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.183768034 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.184721947 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.184777975 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.186723948 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.186736107 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.186788082 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.188997030 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.189008951 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.189053059 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.190455914 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.191032887 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.191174030 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.192266941 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.193036079 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.193077087 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.196162939 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.196178913 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.196232080 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.197736025 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.198528051 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.198576927 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.200134039 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.200145960 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.200282097 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.202236891 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.202248096 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.202301025 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.203723907 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.204438925 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.204494953 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.206022024 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.206747055 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.206801891 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.207971096 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.208856106 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.208928108 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.211946964 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.211958885 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.212022066 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.213176966 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.213799000 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.213850975 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.215068102 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.215080023 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.215142965 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.215694904 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.215707064 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.215717077 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.215756893 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.216517925 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.216564894 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.217233896 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.217246056 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.217284918 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.217967033 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.217978954 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.218010902 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.218560934 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.218571901 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.218605995 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.219105005 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.219121933 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.219132900 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.219172001 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.219984055 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.219994068 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.220043898 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.220690966 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.220701933 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.220753908 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.221384048 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.221395016 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.221486092 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.222141027 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.222160101 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.222182035 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.222989082 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.223011017 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.223022938 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.223030090 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.223063946 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.223726988 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.223745108 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.223781109 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.224632978 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.224644899 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.224694014 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.225457907 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.225469112 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.225512028 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.226361990 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.226373911 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.226382971 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.226408958 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.227153063 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.227164030 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.227205038 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.227973938 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.227986097 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.228010893 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.228605986 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.228619099 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.228656054 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.229454041 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.229465961 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.229497910 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.230176926 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.230187893 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.230199099 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.230221987 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.230241060 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.230998039 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.231009960 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.231057882 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.231640100 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.231659889 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.231697083 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.232570887 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.232582092 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.232614994 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.233640909 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.233654022 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.233664989 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.233696938 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.234493017 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.234529018 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.234539032 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.235466957 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.235485077 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.235503912 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.236242056 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.236253977 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.236277103 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.237159967 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.237169981 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.237195969 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.238131046 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.238142014 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.238151073 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.238178015 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.238204956 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.238914013 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.238924980 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.238955975 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.239675045 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.239694118 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.239737034 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.240339994 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.368063927 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.368330002 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.368814945 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.370353937 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.370409966 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.371083975 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.372926950 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.372941971 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.372980118 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.374102116 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.374115944 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.374162912 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.376616955 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.376629114 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.376671076 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.378200054 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.378257036 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.378771067 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.381911039 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.381923914 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.381964922 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.383856058 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.383867979 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.383908987 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.385484934 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.385539055 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.386147976 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.387690067 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.387702942 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.387746096 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.389982939 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.389996052 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.390045881 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.391434908 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.391484976 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.392194986 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.393641949 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.393651962 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.393693924 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.397445917 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.397460938 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.397494078 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.399610996 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.399629116 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.399688005 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.401398897 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.401458025 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.402482033 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.403780937 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.403841019 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.404509068 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.405810118 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.405828953 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.405862093 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.407284021 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.407324076 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.408205032 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.408217907 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.408231020 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.408257961 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.408958912 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.408977985 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.409032106 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.409796000 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.409805059 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.409845114 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.410542965 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.410554886 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.410598993 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.411127090 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.411139011 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.411168098 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.411766052 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.411777020 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.411787987 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.411811113 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.411832094 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.412326097 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.412336111 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.412381887 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.413017988 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.413029909 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.413060904 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.413903952 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.413932085 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.413983107 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.414573908 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.414592028 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.414628029 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.415513039 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.415532112 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.415543079 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.415568113 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.416388988 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.416400909 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.416429996 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.417134047 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.417151928 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.417171955 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.418051958 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.418065071 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.418090105 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.418909073 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.418927908 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.418947935 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.419765949 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.419780016 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.419791937 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.419802904 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.419828892 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.420530081 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.420555115 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.420593977 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.421396017 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.421407938 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.421468973 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.422079086 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.422092915 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.422137976 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.422805071 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.422817945 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.422835112 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.422859907 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.423610926 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.423624992 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.423651934 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.424298048 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.424310923 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.424339056 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.425107002 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.425120115 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.425153971 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.425777912 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.425791979 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.425820112 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.426295042 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.426307917 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.426320076 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.426337004 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.426358938 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.427206039 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.427218914 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.427269936 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.428030968 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.428050041 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.428085089 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.428708076 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.428719997 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.428755045 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.429249048 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.429269075 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.429281950 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.429306030 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.429984093 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.429996967 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.430030107 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.430629015 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.430641890 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.430651903 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.430671930 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.430691957 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.560810089 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.561533928 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.561549902 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.561638117 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.562300920 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.562355995 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.563787937 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.563805103 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.563848972 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.566867113 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.567558050 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.567619085 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.569293022 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.570044994 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.570101976 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.571321011 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.571336985 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.571382046 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.573595047 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.573620081 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.573664904 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.575131893 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.575808048 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.575866938 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.577332020 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.577351093 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.577409983 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.579602957 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.579622030 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.579691887 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.581104040 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.581866026 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.581918001 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.585050106 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.585063934 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.585124969 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.587415934 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.587429047 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.587480068 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.589046955 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.589669943 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.589734077 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.591130972 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.591684103 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.591727972 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.592957020 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.593570948 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.593622923 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.595006943 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.595021963 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.595099926 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.597271919 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.597289085 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.597361088 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.599543095 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.599561930 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.599575043 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.599617958 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.600259066 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.600275993 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.600313902 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.601145029 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.601167917 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.601200104 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.602015018 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.602061987 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.602947950 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.602963924 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.603009939 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.603611946 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.603626966 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.603669882 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.604228973 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.604243994 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.604307890 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.604898930 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.604912996 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.604954958 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.605683088 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.605695963 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.605709076 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.605740070 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.606287956 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.606321096 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.606333971 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.607044935 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.607059002 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.607088089 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.607857943 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.607872009 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.607918978 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.608520031 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.608566046 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.609332085 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.609345913 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.609359026 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.609397888 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.610110998 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.610122919 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.610146999 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.610780954 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.610801935 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.610824108 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.611628056 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.611640930 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.611665964 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.612348080 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.612360001 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.612382889 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.613080978 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.613101959 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.613112926 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.613121033 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.613153934 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.613897085 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.613917112 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.613944054 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.614751101 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.614763975 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.614793062 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.615480900 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.615497112 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.615526915 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.616195917 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.616214991 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.616225958 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.616245031 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.617065907 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.617079020 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.617098093 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.617683887 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.617696047 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.617713928 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.618360043 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.618371964 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.618392944 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.619108915 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.619122028 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.619146109 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.619837046 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.619849920 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.619863033 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.619869947 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.619894028 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.620579958 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.620593071 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.620626926 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.621340036 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.621351957 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.621388912 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.622159958 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.622173071 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.622229099 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.622853041 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.622864962 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.622875929 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.622910023 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.623596907 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.623609066 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.623639107 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.685070038 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.752933979 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.753873110 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.753885031 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.753923893 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.754523993 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.754560947 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.757905006 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.757917881 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.757967949 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.758567095 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.759294987 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.759339094 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.760040045 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.763236046 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.763247967 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.763278008 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.764678001 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.764715910 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.765346050 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.767221928 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.767280102 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.767930031 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.769720078 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.769731998 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.769762993 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.772419930 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.772432089 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.772468090 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.774172068 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.774209976 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.774949074 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.776535988 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.776551962 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.776573896 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.779290915 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.779333115 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.779937983 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.781232119 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.781295061 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.781848907 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.783528090 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.783538103 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.783557892 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.785249949 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.785262108 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.785288095 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.787538052 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.787549973 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.787584066 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.788804054 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.788851023 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.789655924 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.790916920 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.790957928 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.791584969 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.792289019 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.792331934 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.792844057 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.792855978 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.792891979 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.793504000 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.793521881 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.793561935 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.794085026 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.794102907 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.794145107 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.794768095 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.794779062 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.794790983 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.794816017 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.795496941 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.795512915 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.795547009 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.796194077 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.796205044 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.796241045 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.796915054 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.796926022 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.796957016 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.797677994 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.797693968 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.797724962 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.798562050 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.798608065 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.799441099 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.799490929 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.799503088 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.799531937 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.800168991 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.800225019 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.800543070 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.800569057 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.800623894 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.801275015 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.801286936 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.801333904 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.801850080 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.801886082 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.801928997 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.802541971 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.802555084 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.802570105 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.802599907 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.803333998 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.803345919 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.803375959 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.804101944 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.804115057 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.804176092 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.804936886 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.804948092 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.804992914 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.805737972 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.805756092 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.805799961 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.806566954 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.806586027 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.806597948 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.806612015 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.806638002 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.807323933 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.807346106 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.807394028 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.807976007 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.807987928 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.808032036 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.808846951 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.808860064 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.808909893 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.809329987 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.809341908 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.809353113 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.809951067 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.810082912 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.810094118 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.810131073 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.810816050 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.810828924 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.810878992 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.811582088 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.811594009 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.811619043 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.812381029 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.812392950 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.812421083 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.813114882 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.813127041 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.813136101 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.813153028 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.813172102 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.813905954 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.813916922 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.813965082 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.814673901 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.814687014 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.814785004 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.815411091 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.815431118 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.815442085 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.815485954 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.945378065 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.945455074 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.946161032 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.946173906 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.946223021 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.946866035 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.948637962 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.948649883 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.948682070 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.951389074 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.951401949 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.951476097 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.953650951 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.953665018 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.953710079 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.955163002 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.955230951 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.955895901 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.957500935 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.957519054 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.957545996 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.959799051 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.959811926 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.959853888 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.962738991 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.962779999 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.963427067 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.965006113 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.965018988 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.965053082 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.967197895 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.967210054 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.967240095 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.968801975 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.968858957 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.969454050 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.970961094 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.970973015 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.971005917 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.973217010 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.973229885 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.973262072 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.974762917 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.974853992 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.975451946 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.978200912 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.978269100 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.978914022 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.980393887 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.980453014 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.981153011 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.982722998 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.982743025 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.982784986 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.984790087 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.984802961 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.984834909 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.988133907 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.988148928 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.988159895 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.988172054 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.988181114 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.988184929 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.988198996 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.988202095 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.988248110 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.988631010 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.988643885 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.988704920 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.989485025 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.989501953 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.989562988 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.990323067 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.990335941 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.990348101 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.990377903 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.990413904 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.991023064 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.991053104 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.991173029 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.991906881 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.992609978 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.992621899 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.992670059 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.993479967 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.993493080 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.993544102 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.994312048 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.994486094 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.994508982 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.994541883 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.994560957 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.995206118 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.995246887 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.995301962 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.995712996 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.995727062 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.995774984 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.996411085 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.996423960 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.996436119 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.996469021 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.997221947 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.997271061 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.997400045 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.998006105 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.998018026 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.998059034 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.998723984 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.998738050 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.998773098 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.999424934 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.999439955 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.999449968 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:01.999514103 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:01.999546051 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.000123978 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.000279903 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.000329971 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.000833035 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.000998020 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.001036882 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.001490116 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.001645088 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.002154112 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.002165079 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.002201080 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.002222061 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.003184080 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.003196001 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.003206968 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.003245115 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.003952980 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.004007101 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.004137993 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.004858017 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.004869938 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.004895926 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.005413055 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.005426884 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.005458117 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.006119967 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.006136894 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.006150007 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.006161928 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.006196976 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.007050991 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.007062912 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.007107973 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.007725954 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.007750034 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.008733034 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.008744955 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.008780956 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.008811951 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.009428024 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.009440899 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.009479046 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.010155916 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.010166883 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.010219097 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.138119936 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.138137102 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.138147116 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.138279915 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.138967037 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.139014006 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.140392065 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.141141891 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.141204119 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.143368959 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.144305944 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.144367933 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.145656109 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.145687103 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.145742893 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.147950888 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.147962093 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.148036957 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.149393082 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.150166988 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.150228977 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.151664972 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.151678085 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.151717901 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.154942989 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.155550003 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.155616045 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.157244921 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.157946110 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.158005953 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.159353971 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.159364939 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.159435987 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.161499977 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.161513090 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.161569118 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.163028955 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.163844109 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.163893938 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.165198088 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.165210009 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.165251017 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.167115927 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.167841911 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.167901039 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.170813084 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.170831919 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.170892000 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.172499895 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.173253059 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.174599886 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.174611092 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.174650908 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.174670935 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.176134109 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.176845074 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.176863909 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.176907063 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.177611113 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.177644014 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.177654982 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.177695990 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.177716970 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.178364038 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.178376913 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.178420067 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.179243088 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.179255962 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.179299116 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.179878950 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.179891109 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.179935932 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.180686951 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.180701017 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.180748940 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.181364059 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.181377888 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.181387901 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.181425095 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.182204008 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.182216883 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.182261944 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.183006048 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.183017969 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.183053970 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.183660030 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.183671951 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.183708906 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.184377909 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.184396982 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.184407949 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.184448957 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.184459925 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.185185909 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.185197115 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.185246944 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.185877085 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.185889959 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.185945034 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.186644077 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.186655998 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.186708927 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.187361002 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.187374115 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.187418938 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.188143969 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.188163996 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.188224077 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.189002991 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.189014912 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.189029932 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.189059019 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.189615011 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.189634085 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.189681053 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.190419912 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.190433025 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.190494061 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.191246986 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.191258907 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.191303015 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.192085028 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.192095995 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.192135096 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.192653894 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.192666054 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.192676067 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.192713976 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.193456888 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.193470001 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.193531036 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.194158077 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.194169998 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.194226027 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.194933891 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.194946051 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.194993973 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.195976019 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.195988894 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.195998907 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.196033955 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.196701050 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.196713924 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.196749926 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.197459936 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.197473049 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.197516918 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.198086023 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.198097944 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.198137999 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.198658943 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.198677063 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.198715925 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.199433088 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.199445963 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.199460030 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.199498892 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.199520111 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.201375008 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.330836058 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.330923080 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.331597090 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.332189083 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.332201958 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.332247019 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.336945057 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.336961031 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.337003946 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.337730885 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.337779045 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.338489056 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.340708017 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.340723038 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.340775013 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.342756987 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.342772007 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.342806101 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.344032049 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.344084978 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.344679117 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.345910072 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.346036911 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.346044064 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.348325968 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.348376989 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.348465919 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.350080013 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.350147009 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.350713015 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.353089094 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.353102922 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.353157997 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.355117083 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.355133057 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.355170012 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.356647015 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.357291937 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.357326031 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.358740091 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.358757019 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.358808041 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.360786915 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.360801935 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.360830069 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.361654043 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.361670017 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.361761093 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.363878012 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.363903046 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.363934040 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.367244959 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.367270947 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.367346048 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.368721962 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.368884087 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.369401932 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.369416952 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.369463921 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.369962931 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.370018959 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.370033026 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.370071888 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.370938063 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.370954037 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.370987892 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.371720076 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.371733904 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.371777058 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.372283936 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.372308016 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.372324944 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.373085022 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.373100042 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.373132944 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.373775959 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.373790026 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.373802900 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.373826027 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.373852015 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.376878977 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.377021074 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.377083063 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.378026962 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.378192902 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.378207922 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.378222942 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.378237963 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.378252029 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.378254890 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.378266096 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.378279924 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.378294945 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.378385067 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.378400087 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.378453016 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.379367113 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.379419088 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.379524946 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.380300045 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.380317926 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.380367041 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.381145000 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.381171942 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.381191015 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.381886959 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.381901979 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.381916046 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.381987095 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.381987095 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.382348061 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.382363081 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.382396936 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.383162975 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.383337021 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.383457899 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.384000063 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.384016991 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.384054899 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.384617090 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.384633064 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.384646893 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.384691954 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.385620117 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.385637045 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.385694981 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.386236906 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.386255026 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.386298895 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.387203932 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.387219906 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.387453079 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.388001919 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.388016939 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.388071060 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.388621092 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.388644934 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.388659000 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.388696909 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.388715029 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.389534950 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.389550924 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.389601946 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.390487909 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.390505075 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.390547037 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.391526937 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.391542912 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.391592979 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.392533064 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.392548084 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.392560959 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.392613888 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.393378019 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.393394947 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.393434048 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.394165993 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.394184113 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.394213915 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.394855976 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.394913912 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.522926092 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.523540020 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.523555994 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.523610115 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.524302006 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.524955034 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.525820971 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.525842905 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.525887966 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.527425051 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.528064966 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.528107882 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.531169891 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.531796932 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.531852961 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.533430099 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.533443928 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.533492088 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.537062883 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.537086964 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.537141085 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.538618088 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.539376974 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.539475918 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.540946007 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.540961027 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.541008949 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.543117046 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.543132067 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.543184996 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.544656992 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.545417070 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.545464039 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.546926975 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.546941042 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.546998978 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.549139023 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.549155951 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.549202919 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.553122997 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.553138018 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.553183079 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.554550886 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.555182934 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.555244923 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.556647062 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.557424068 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.557467937 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.558949947 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.558964968 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.559030056 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.561379910 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.561402082 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.561449051 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.562758923 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.562772989 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.562814951 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.563431025 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.563457012 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.563496113 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.564131975 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.564147949 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.564184904 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.564728975 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.564743996 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.564759016 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.564800024 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.565490961 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.565512896 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.565525055 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.566170931 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.566184998 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.566215992 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.566860914 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.566875935 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.566903114 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.567748070 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.567771912 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.567786932 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.567822933 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.567822933 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.568470955 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.568821907 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.568836927 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.568869114 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.569499016 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.569514990 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.569545031 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.570271969 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.570288897 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.570313931 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.571003914 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.571021080 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.571038008 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.571054935 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.571069956 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.571724892 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.571739912 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.571784019 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.572415113 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.572442055 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.572488070 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.573287010 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.573302984 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.573345900 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.573973894 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.573999882 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.574073076 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.574721098 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.574736118 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.574752092 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.574784994 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.575489998 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.575505972 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.575546980 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.576216936 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.576236010 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.576284885 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.577014923 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.577028990 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.577068090 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.577780008 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.577795982 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.577812910 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.577838898 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.577852964 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.578536034 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.578573942 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.578618050 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.579294920 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.579310894 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.579360962 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.580056906 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.580073118 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.580104113 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.580723047 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.580739975 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.580786943 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.581604958 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.581619024 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.581631899 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.581665993 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.582379103 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.582393885 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.582425117 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.583053112 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.583076000 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.583091974 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.583792925 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.583806992 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.583837986 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.584546089 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.584568024 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.584574938 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.584608078 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.584639072 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.585299015 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.585314035 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.585325956 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.585352898 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.641401052 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.714890957 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.714921951 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.714987993 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.715684891 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.715706110 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.715789080 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.718692064 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.719600916 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.719674110 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.720314980 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.721165895 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.721291065 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.723772049 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.723788977 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.723838091 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.726658106 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.726672888 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.726711035 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.728075027 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.728755951 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.728815079 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.730463982 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.730484962 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.730530024 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.732672930 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.732695103 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.732739925 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.734117031 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.734872103 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.734919071 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.736066103 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.736079931 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.736119986 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.738284111 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.738303900 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.738347054 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.741597891 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.742242098 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.743961096 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.743980885 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.744016886 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.744031906 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.745781898 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.746370077 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.746423960 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.747837067 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.747852087 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.747905970 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.749917030 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.749946117 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.749994040 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.751424074 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.752258062 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.753273964 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.753670931 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.753684998 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.753722906 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.754380941 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.754395962 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.755156040 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.755170107 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.755198956 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.755224943 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.756057024 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.756079912 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.756120920 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.757050037 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.757062912 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.757113934 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.758096933 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.758111000 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.758133888 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.758156061 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.758770943 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.758786917 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.758836985 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.759452105 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.759466887 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.759521961 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.760126114 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.760150909 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.760170937 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.761035919 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.761051893 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.761065006 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.761099100 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.761136055 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.761666059 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.761989117 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.762002945 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.762032032 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.762665033 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.762701035 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.762748957 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.763478041 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.763513088 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.763560057 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.764225006 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.764244080 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.764288902 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.764905930 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.764923096 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.764936924 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.764950037 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.764980078 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.765645981 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.765671015 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.765717030 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.766479969 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.766494989 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.767193079 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.767216921 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.767237902 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.767261028 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.768028021 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.768043041 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.768076897 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.768575907 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.768594027 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.768634081 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.769062996 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.769085884 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.769099951 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.769121885 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.769948006 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.769962072 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.770001888 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.770714045 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.770730019 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.770771027 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.771338940 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.771361113 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.771379948 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.772083044 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.772097111 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.772140026 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.772798061 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.772813082 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.772820950 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.772891045 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.773583889 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.773597956 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.773642063 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.774352074 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.774365902 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.774414062 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.775073051 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.775089025 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.775132895 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.775912046 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.775933981 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.775948048 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.775994062 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.776602030 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.776618004 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.776659012 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.777288914 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.777303934 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.777348042 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.824599981 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.824656963 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.907511950 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.907526970 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.907655001 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.908119917 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.908143044 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.908183098 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.909899950 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.910550117 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.910604000 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.912477016 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.912489891 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.912538052 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.914710045 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.914725065 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.914787054 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.915690899 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.916098118 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.916143894 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.918942928 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.918957949 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.919004917 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.921196938 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.921211958 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.921284914 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.922735929 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.923470974 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.923546076 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.924967051 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.924981117 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.925024986 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.927196980 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.927220106 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.927285910 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.928745985 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.929502010 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.931075096 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.931087971 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.931147099 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.931176901 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.934806108 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.934822083 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.934892893 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.936315060 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.937119961 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.937164068 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.938148022 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.939023018 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.940674067 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.940733910 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.941350937 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.942713976 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.942735910 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.942857027 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.942857027 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.945029974 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.945044041 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.945094109 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.945684910 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.946446896 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.946465015 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.946490049 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.947177887 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.947194099 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.947206020 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.947215080 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.947247028 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.947885036 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.947935104 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.947973967 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.948662996 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.948683023 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.948721886 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.949476957 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.949511051 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.949544907 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.950189114 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.950202942 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.950246096 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.950910091 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.950923920 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.950937986 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.950958967 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.951633930 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.951658010 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.951699972 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.952455044 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.952480078 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.952522039 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.953182936 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.953207970 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.953221083 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.953934908 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.953950882 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.953989029 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.954679966 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.954716921 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.954756975 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.955439091 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.955462933 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.955476999 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.955477953 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.955513000 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.956182957 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.956202984 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.957020044 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.957070112 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.957663059 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.957685947 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.957726002 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.958442926 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.958458900 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.958476067 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.958499908 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.958513021 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.959197998 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.959214926 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.959254980 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.959950924 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.959965944 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.960747957 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.960777998 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.960794926 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.960819960 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.961456060 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.961477995 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.961519957 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.962785959 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.962812901 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.962833881 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.962853909 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.963027000 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.963056087 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.963057995 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.963752031 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.963773012 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.963808060 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.964610100 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.964631081 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.964672089 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.965253115 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.965277910 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.965316057 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.966015100 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.966038942 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.966058016 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.966067076 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.966097116 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.966770887 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.966793060 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.967482090 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.967509985 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.967520952 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.968208075 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.968226910 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.968292952 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.969227076 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.969239950 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.969302893 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:02.969757080 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.969772100 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:02.973328114 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.098975897 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.099777937 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.099800110 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.099844933 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.100447893 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.100564957 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.103580952 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.103595972 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.103642941 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.104207993 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.104964972 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.105009079 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.105696917 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.108011961 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.108057976 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.108731031 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.110208988 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.110236883 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.110265017 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.112529039 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.112544060 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.112790108 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.114008904 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.114504099 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.114695072 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.116261959 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.116286993 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.116322041 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.119277954 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.119338036 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.120094061 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.121609926 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.121673107 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.122262001 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.123864889 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.123878002 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.123939037 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.126147985 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.126172066 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.126204967 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.127829075 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.127878904 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.128472090 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.129481077 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.129523039 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.130230904 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.131731033 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.131799936 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.132484913 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.135451078 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.135468006 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.135495901 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.136960983 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.137001038 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.137728930 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.137752056 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.137866020 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.138468027 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.138489962 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.138546944 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.139228106 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.139246941 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.139295101 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.139952898 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.139967918 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.140028000 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.140953064 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.140974045 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.140986919 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.141019106 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.141632080 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.141655922 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.141695976 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.142203093 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.142215967 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.142301083 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.142925024 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.142956018 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.142985106 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.143757105 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.143773079 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.143784046 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.143804073 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.143826008 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.144488096 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.145222902 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.145246029 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.145257950 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.145277023 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.145299911 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.146024942 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.146047115 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.146125078 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.146720886 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.148585081 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.148598909 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.148679018 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.149359941 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.149375916 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.149415970 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.150122881 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.150135994 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.150146008 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.150187016 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.150204897 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.150588036 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.150872946 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.151309967 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.151647091 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.151662111 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.151704073 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.152388096 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.152400970 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.152585030 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.153104067 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.153117895 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.153130054 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.153148890 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.153162003 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.153856993 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.153908014 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.153987885 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.154723883 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.154736996 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.154789925 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.155391932 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.155405998 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.155459881 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.156167984 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.156181097 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.156233072 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.156893969 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.156919003 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.156929970 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.156972885 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.157869101 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.157882929 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.157922983 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.158448935 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.158488989 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.158497095 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.159157038 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.159169912 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.159218073 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.160038948 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.160052061 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.160089970 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.160649061 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.160660982 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.160671949 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.160691977 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.160705090 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.161442995 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.161463976 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.161520958 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.162309885 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.162322998 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.162606955 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.163008928 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.163022041 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.163033009 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.163060904 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.165157080 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.165683031 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.291421890 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.292105913 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.292155981 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.292216063 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.292859077 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.292917967 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.296170950 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.296186924 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.296236992 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.297846079 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.297861099 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.297931910 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.299901009 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.299925089 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.299988031 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.302615881 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.302639008 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.302690029 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.304168940 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.304852009 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.304912090 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.306602955 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.306617022 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.306663990 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.308733940 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.308749914 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.308918953 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.310219049 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.310966015 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.311021090 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.312477112 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.313416958 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.313462019 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.314848900 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.314862013 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.314940929 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.317854881 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.318602085 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.318986893 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.320141077 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.320154905 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.320199966 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.322228909 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.322992086 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.323051929 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.324636936 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.324659109 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.324726105 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.326734066 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.326746941 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.326777935 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.328000069 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.328584909 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.328733921 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.330132008 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.330147028 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.330189943 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.330934048 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.330948114 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.330987930 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.331629992 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.331646919 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.331684113 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.332442999 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.332458019 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.332518101 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.333146095 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.333163977 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.333205938 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.333869934 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.333883047 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.333925962 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.334575891 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.334589005 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.334599972 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.334625959 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.335345030 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.335356951 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.335400105 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.336146116 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.336158991 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.336199045 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.337034941 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.337047100 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.337089062 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.337568045 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.337604046 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.337630987 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.338361025 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.338373899 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.338383913 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.338404894 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.338429928 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.339132071 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.339904070 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.339915991 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.339989901 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.340627909 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.340640068 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.340671062 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.341448069 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.341466904 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.341480970 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.341496944 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.341510057 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.342160940 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.342180014 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.342235088 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.342880964 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.342892885 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.342941046 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.343657017 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.343668938 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.343708992 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.344388962 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.344403028 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.344474077 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.345139980 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.345153093 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.345164061 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.345205069 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.345890999 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.345904112 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.345942020 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.346653938 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.346664906 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.346708059 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.347429037 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.347441912 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.347472906 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.348432064 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.348449945 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.348462105 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.348486900 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.348536015 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.349275112 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.349287987 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.349344969 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.350035906 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.350049019 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.350089073 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.350883961 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.350894928 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.350941896 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.351579905 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.351593018 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.351643085 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.352329016 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.352343082 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.352354050 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.352406025 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.353003025 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.353025913 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.353044987 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.353765965 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.353779078 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.353815079 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.354396105 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.354408026 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.354446888 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.482825041 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.483443975 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.483527899 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.484958887 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.484971046 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.485030890 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.485727072 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.487231016 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.487251997 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.487318993 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.489468098 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.489480972 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.489545107 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.492489100 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.492501974 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.492577076 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.494024038 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.494776011 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.494832039 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.496244907 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.496299982 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.497014046 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.498511076 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.498524904 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.498579025 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.501061916 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.501082897 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.501146078 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.502285957 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.503072977 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.503138065 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.506036043 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.506051064 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.506100893 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.507586002 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.507647038 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.508296967 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.509826899 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.509875059 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.510548115 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.512049913 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.512079000 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.512104988 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.514025927 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.514046907 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.514074087 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.516182899 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.516208887 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.516238928 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.517713070 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.517805099 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.518444061 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.521460056 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.521477938 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.521513939 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.523030996 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.523077011 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.523734093 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.523749113 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.523760080 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.523802042 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.524451017 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.524467945 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.524545908 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.525183916 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.525212049 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.525235891 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.525269985 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.525969982 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.525995970 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.526029110 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.526751041 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.526767969 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.526812077 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.527503014 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.527518034 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.527529955 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.527549028 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.527575016 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.528261900 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.528280020 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.528331995 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.529088020 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.529103041 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.529154062 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.529747963 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.529763937 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.529815912 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.530457973 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.530846119 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.530860901 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.530872107 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.530900002 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.530920029 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.531618118 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.531632900 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.531718016 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.532392979 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.532407999 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.532454967 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.533107996 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.533134937 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.533288956 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.533859015 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.533900976 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.533947945 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.534657955 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.534673929 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.534684896 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.534723997 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.535370111 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.535384893 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.535501003 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.536103964 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.536118984 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.536176920 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.536942959 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.536958933 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.537004948 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.538423061 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.538496017 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.539129019 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.539141893 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.539154053 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.539206028 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.539988041 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.540002108 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.540034056 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.540600061 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.540627003 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.540662050 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.541380882 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.541393995 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.541443110 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.542253017 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.542269945 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.542282104 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.542308092 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.542344093 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.542893887 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.542907000 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.542999029 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.543770075 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.543786049 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.543900967 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.544399023 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.544507027 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.544574022 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.545161963 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.545173883 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.545223951 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.545882940 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.545902967 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.545913935 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.545953035 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.546646118 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.546658039 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.546694994 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.547405005 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.547419071 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.547456026 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.676038027 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.676054955 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.676145077 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.676856041 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.676903963 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.677287102 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.678796053 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.679682016 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.679744959 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.681612968 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.681627989 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.681687117 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.683909893 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.683927059 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.683998108 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.685364962 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.686115026 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.686266899 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.687376976 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.687891006 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.687948942 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.690572023 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.690588951 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.690682888 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.691977978 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.692651987 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.692799091 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.694096088 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.694109917 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.694159985 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.696348906 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.696366072 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.696460009 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.697923899 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.698581934 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.698637009 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.700087070 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.700828075 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.700964928 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.702341080 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.702354908 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.702408075 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.704617023 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.704631090 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.704698086 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.708194017 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.708209038 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.708693027 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.709530115 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.710278034 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.710433006 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.711745977 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.711760998 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.711817980 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.714047909 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.714061975 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.714107990 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.715496063 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.715516090 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.715583086 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.716254950 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.716268063 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.716320038 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.717063904 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.717077971 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.717128992 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.717844963 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.717859030 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.717869997 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.717991114 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.718513012 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.718527079 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.718570948 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.719293118 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.719305992 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.719429970 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.720020056 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.720033884 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.720077991 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.720788956 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.720803022 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.720813036 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.720841885 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.720870018 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.721520901 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.721534014 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.721580982 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.722291946 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.722305059 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.722348928 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.723057032 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.723071098 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.723141909 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.723808050 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.723822117 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.723897934 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.724622965 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.724637032 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.724647999 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.724700928 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.725326061 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.725338936 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.725374937 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.726042032 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.726053953 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.726092100 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.726787090 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.726821899 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.726835012 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.727551937 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.727565050 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.727607965 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.728302956 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.728316069 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.728348970 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.729058981 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.729089975 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.729168892 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.729860067 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.729873896 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.730021000 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.730632067 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.730649948 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.730688095 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.731362104 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.731379986 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.731410980 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.732070923 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.732084036 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.732095957 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.732122898 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.732147932 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.732933998 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.732948065 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.732989073 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.733644962 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.733697891 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.733766079 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.734618902 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.734637976 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.734690905 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.735451937 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.735464096 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.735505104 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.736279964 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.736301899 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.736310005 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.736354113 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.737034082 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.737054110 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.737078905 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.737884998 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.737898111 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.737947941 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.738610029 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.738624096 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.738648891 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.739540100 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.739552021 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.739563942 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.739594936 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.739625931 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.868253946 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.868271112 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.868334055 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.869714975 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.870429993 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.870491028 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.871843100 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.872585058 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.872646093 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.874080896 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.874102116 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.874193907 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.876383066 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.877105951 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.877156019 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.878602982 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.878613949 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.878663063 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.881011963 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.881025076 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.881095886 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.882366896 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.883114100 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.883169889 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.884645939 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.885389090 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.885437012 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.886987925 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.887001991 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.887048960 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.889138937 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.889151096 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.889210939 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.892168045 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.892184019 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.892249107 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.894392967 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.894408941 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.894457102 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.896272898 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.896828890 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.896904945 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.898159981 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.898907900 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.898961067 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.900073051 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.900820971 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.900866985 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.902388096 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.902400017 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.902453899 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.904575109 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.904592037 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.904635906 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.907576084 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.907593012 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.907659054 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.908334970 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.908349991 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.908396006 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.909065008 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.909079075 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.909090042 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.909118891 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.909853935 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.909868002 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.909909010 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.910621881 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.910634995 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.910672903 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.911367893 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.911384106 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.911494970 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.912142038 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.912158966 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.912174940 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.912209988 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.912240982 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.912861109 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.912874937 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.912933111 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.913551092 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.913572073 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.913733006 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.914336920 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.914350986 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.914402962 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.915092945 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.915115118 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.915160894 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.916019917 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.916395903 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.916409016 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.916419983 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.916448116 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.916460991 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.917217970 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.917236090 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.917282104 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.918020010 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.918032885 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.918080091 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.918708086 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.918720961 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.918761015 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.919466972 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.919478893 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.919488907 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.919516087 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.920069933 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.920083046 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.920106888 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.920800924 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.920821905 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.920851946 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.921473980 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.921488047 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.921529055 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.922234058 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.922247887 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.922293901 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.922980070 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.922992945 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.923003912 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.923021078 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.923044920 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.923764944 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.923784971 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.923854113 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.924622059 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.924635887 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.924690008 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.925220966 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.925240993 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.925293922 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.926028967 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.926042080 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.926100016 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.926778078 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.926791906 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.926806927 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.926848888 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.927536964 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.927551031 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.927591085 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.928344011 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.928356886 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.928400993 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.929009914 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.929022074 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.929083109 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.929837942 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.929881096 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.929893017 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.929893970 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.929940939 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:03.930501938 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.930526018 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.930536985 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:03.930561066 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:04.030884981 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:04.060780048 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.061568975 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.061583042 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.061636925 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:04.062334061 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.062386036 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:04.063746929 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.064608097 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.064654112 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:04.066024065 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.066036940 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.066114902 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:04.069535017 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.069550991 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.069607019 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:04.070691109 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.070715904 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.070766926 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:04.073540926 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.074331045 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.074512005 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:04.075855970 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.075870037 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.075934887 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:04.078108072 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.078125000 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.078172922 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:04.079608917 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.080322981 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.080475092 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:04.081861019 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.082554102 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.082607031 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:04.084110975 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.084134102 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.084184885 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:04.086402893 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.086419106 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.086471081 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:04.089365959 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.089380026 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.089447021 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:04.091284990 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.091970921 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.093310118 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:04.093430042 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.093458891 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.095731020 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.095760107 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.095793009 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:04.095824003 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:04.097270966 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.098057032 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.098120928 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:04.099781990 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.099797010 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.099853039 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:04.100421906 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.100435019 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.100491047 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:04.101015091 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.101027966 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.101064920 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:04.101805925 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.101824045 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.101874113 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:04.102535009 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.102549076 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.102591038 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:04.103293896 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.103351116 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.104006052 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.104021072 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.104032040 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.104062080 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:04.104089022 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:04.104954958 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.104970932 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.104983091 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.105026007 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:04.105041981 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:04.105535984 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:04.105600119 CET497377716192.168.2.6104.37.175.232
                                            Dec 4, 2024 14:48:04.225363970 CET771649737104.37.175.232192.168.2.6
                                            Dec 4, 2024 14:48:04.225382090 CET771649737104.37.175.232192.168.2.6

                                            Click to jump to process

                                            Click to jump to process

                                            Click to dive into process behavior distribution

                                            Click to jump to process

                                            Target ID:0
                                            Start time:08:47:35
                                            Start date:04/12/2024
                                            Path:C:\Users\user\Desktop\ZtnN5sSpDk.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\Desktop\ZtnN5sSpDk.exe"
                                            Imagebase:0x400000
                                            File size:2'981'888 bytes
                                            MD5 hash:5BE6145C6351BC7F52EA7EBDF01CBC8F
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:low
                                            Has exited:true

                                            Target ID:3
                                            Start time:08:47:52
                                            Start date:04/12/2024
                                            Path:C:\Users\user\Desktop\ZtnN5sSpDk.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\Desktop\ZtnN5sSpDk.exe"
                                            Imagebase:0x400000
                                            File size:2'981'888 bytes
                                            MD5 hash:5BE6145C6351BC7F52EA7EBDF01CBC8F
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000003.00000003.2303401516.0000000000970000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000003.00000003.2305879583.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000003.00000003.2306139848.0000000003150000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000003.00000002.2312794430.0000000000C40000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:low
                                            Has exited:true

                                            Target ID:4
                                            Start time:08:47:54
                                            Start date:04/12/2024
                                            Path:C:\Windows\SysWOW64\svchost.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Windows\System32\svchost.exe"
                                            Imagebase:0x520000
                                            File size:46'504 bytes
                                            MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.2307024843.0000000002B00000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000004.00000003.2312327470.0000000004C50000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000004.00000003.2312063827.0000000004A30000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000002.2402466698.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:high
                                            Has exited:true

                                            Target ID:7
                                            Start time:08:47:54
                                            Start date:04/12/2024
                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                            Wow64 process (32bit):true
                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 408
                                            Imagebase:0xd30000
                                            File size:483'680 bytes
                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            Target ID:9
                                            Start time:08:48:03
                                            Start date:04/12/2024
                                            Path:C:\Windows\System32\fontdrvhost.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Windows\System32\fontdrvhost.exe"
                                            Imagebase:0x7ff7d9200000
                                            File size:827'408 bytes
                                            MD5 hash:BBCB897697B3442657C7D6E3EDDBD25F
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:moderate
                                            Has exited:true

                                            Target ID:11
                                            Start time:08:48:06
                                            Start date:04/12/2024
                                            Path:C:\Windows\System32\WerFault.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\system32\WerFault.exe -u -p 1924 -s 4
                                            Imagebase:0x7ff746110000
                                            File size:570'736 bytes
                                            MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            Reset < >

                                              Execution Graph

                                              Execution Coverage:0%
                                              Dynamic/Decrypted Code Coverage:0%
                                              Signature Coverage:7.8%
                                              Total number of Nodes:51
                                              Total number of Limit Nodes:0
                                              execution_graph 33911 42b640 45 API calls 33917 40de70 26 API calls 33832 424870 OpenClipboard GetClipboardData GetClipboardData GetClipboardData CloseClipboard 33920 417273 28 API calls 33921 420670 16 API calls 33924 4c9670 GetCurrentThreadId GetKeyboardLayout GetLocaleInfoA 33834 4dc870 EnterCriticalSection LeaveCriticalSection 33930 4275fe 16 API calls 33837 4d8000 EndDoc 33931 40d210 46 API calls 33841 4fc810 InitializeCriticalSection 33936 408220 14 API calls 33843 401031 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 33844 41d430 56 API calls 33945 4012c0 16 API calls 33948 40fad0 26 API calls 33847 4118d0 7 API calls 33849 4144de 34 API calls 33952 4086e0 19 API calls 33850 41d8e0 35 API calls 33851 4210e0 InterlockedCompareExchange Sleep InterlockedCompareExchange InterlockedExchange 33954 41bee8 19 API calls 33961 411a80 27 API calls 33962 40c290 QueryPerformanceCounter QueryPerformanceCounter 33862 427090 GetACP GetCPInfo 33864 401ca0 278 API calls 33965 40eaa0 28 API calls 33869 41b4b0 48 API calls 33968 41eab0 28 API calls 33974 4f9340 CoCreateInstance 33875 40d560 29 API calls 33977 417f61 29 API calls 33876 401170 12 API calls 33983 50af60 CoTaskMemAlloc 33821 4dc300 GetCommandLineA 33822 42c310 33821->33822 33881 40fd10 39 API calls 33818 44a710 33819 44a712 ExitProcess 33818->33819 33887 40d530 25 API calls 33995 41ef32 26 API calls 33888 40cdc0 17 API calls 34000 4ddfc0 64 API calls 34001 4263cc 18 API calls 33891 40d1d0 24 API calls 33893 41e5d0 GetSystemTime GetTimeZoneInformation 34002 42abd0 30 API calls 33897 41cde0 36 API calls 33900 412180 25 API calls 34009 4dd780 46 API calls 33903 428191 26 API calls

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 0 44a710-44a719 2 44a729 0->2 3 44a71b-44a727 0->3 4 44a73a-44a748 ExitProcess 2->4 3->4
                                              APIs
                                              • ExitProcess.KERNEL32(00000000), ref: 0044A748
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: ExitProcess
                                              • String ID:
                                              • API String ID: 621844428-399585960
                                              • Opcode ID: 293620465462d170643fb551289f4f82b8ddd7fd95f4a21ffe41ffa866c1d984
                                              • Instruction ID: 4153d7d145e48ef0bfada68ad49838f97c765877aadb4e058581a2a78d09dbec
                                              • Opcode Fuzzy Hash: 293620465462d170643fb551289f4f82b8ddd7fd95f4a21ffe41ffa866c1d984
                                              • Instruction Fuzzy Hash: E7E04F75E4A25CCEEB30CA56EC017B8B775EB94316F0040EBD54D96241C6344D958F56

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 5 44a6e0-44a6fa 6 44a6fc-44a706 5->6 7 44a708 5->7 8 44a712-44a719 6->8 7->8 9 44a729 8->9 10 44a71b-44a727 8->10 11 44a73a-44a748 ExitProcess 9->11 10->11
                                              APIs
                                              • ExitProcess.KERNEL32(00000000), ref: 0044A748
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: ExitProcess
                                              • String ID:
                                              • API String ID: 621844428-0
                                              • Opcode ID: 301b0aacc8fca0e78445999e19763b72f532b71fd961c991c7f3581a4234fff3
                                              • Instruction ID: 1ceb8dd2f8bb3b7ec6cf47d3eabd97270618131fd29c238ba72ea5f4f3f95bef
                                              • Opcode Fuzzy Hash: 301b0aacc8fca0e78445999e19763b72f532b71fd961c991c7f3581a4234fff3
                                              • Instruction Fuzzy Hash: 79F01C7494622DCEEF308F61C8457ACB7B0BB04315F1082EAC46D67780C3348E829F86

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 12 4dc300-4dc310 GetCommandLineA call 42c310
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CommandLine
                                              • String ID:
                                              • API String ID: 3253501508-0
                                              • Opcode ID: 04003b1c6e78a75645abe312a21659dec6fb72e0dd25253600e7555adc4d96f0
                                              • Instruction ID: 324ae4de550c7ee1837b525cc46cc1c53208b04041f71095fcaff5b360da8b69
                                              • Opcode Fuzzy Hash: 04003b1c6e78a75645abe312a21659dec6fb72e0dd25253600e7555adc4d96f0
                                              • Instruction Fuzzy Hash: 51B012788003A00E83717B3834455CE7FF50C1D2E43844A58FCC1A3315D61488975AFA

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 14 4d7960-4d796e 15 4d7977-4d797a 14->15 16 4d7970-4d7976 14->16 17 4d797c-4d7984 15->17 18 4d7985-4d7995 LoadLibraryA 15->18 19 4d7ad8-4d7aeb 18->19 20 4d799b-4d7aac GetProcAddress * 19 18->20 20->19 22 4d7aae-4d7ab5 20->22 23 4d7ab7-4d7ab9 22->23 24 4d7ad2 22->24 23->24 25 4d7abb-4d7ad1 23->25 24->19
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: WSAAsyncGetHostByName$WSAAsyncSelect$WSACancelAsyncRequest$WSACleanup$WSAGetLastError$WSAStartup$WSOCK32.DLL$accept$bind$closesocket$connect$htonl$htons$inet_addr$listen$recv$recvfrom$send$sendto$socket
                                              • API String ID: 0-3677570488
                                              • Opcode ID: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                              • Instruction ID: 8c9ac86f1f98df4bb1f2f2f05f7a43d8bd4a8589446ea9a4d4fdb8b68f6288ad
                                              • Opcode Fuzzy Hash: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                              • Instruction Fuzzy Hash: 5031DE71D523646AD7206BB9EC19DEF3EACFBB6704B510517F000972A0EAF88458AF94

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 689 4d9ab0-4d9ab7 690 4d9abd-4d9ac0 689->690 691 4d9c1c-4d9c1d 689->691 690->691 692 4d9ac6-4d9ad4 690->692 693 4d9ada-4d9aeb call 4b8000 692->693 694 4d9ba3-4d9ba5 692->694 699 4d9c19-4d9c1b 693->699 700 4d9af1-4d9b14 call 421380 GlobalAlloc 693->700 696 4d9ba8-4d9bad 694->696 696->696 698 4d9baf-4d9bc2 GlobalAlloc 696->698 698->699 701 4d9bc4-4d9bcb GlobalLock 698->701 699->691 706 4d9b2e-4d9b3f call 52b380 700->706 707 4d9b16-4d9b28 GlobalLock call 4b81c0 GlobalUnlock 700->707 703 4d9bd0-4d9bd8 701->703 703->703 705 4d9bda-4d9bdb GlobalUnlock 703->705 708 4d9be1-4d9be3 705->708 718 4d9b41-4d9b6b WideCharToMultiByte GlobalAlloc 706->718 719 4d9b90-4d9ba1 call 439d00 706->719 707->706 711 4d9be9-4d9bf3 OpenClipboard 708->711 712 4d9be5-4d9be7 708->712 711->699 713 4d9bf5-4d9c03 EmptyClipboard 711->713 712->699 712->711 716 4d9c0a-4d9c0c 713->716 717 4d9c05-4d9c08 SetClipboardData 713->717 720 4d9c0e-4d9c11 SetClipboardData 716->720 721 4d9c13 CloseClipboard 716->721 717->716 723 4d9b6d-4d9b70 GlobalLock 718->723 724 4d9b87-4d9b8d call 439d00 718->724 719->708 720->721 721->699 727 4d9b76-4d9b7e 723->727 724->719 727->727 728 4d9b80-4d9b81 GlobalUnlock 727->728 728->724
                                              APIs
                                              • GlobalAlloc.KERNEL32(00002002,00000002), ref: 004D9B06
                                              • GlobalLock.KERNEL32(00000000), ref: 004D9B17
                                              • GlobalUnlock.KERNEL32(00000000), ref: 004D9B28
                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,00000000,00000000), ref: 004D9B51
                                              • GlobalAlloc.KERNEL32(00002002,00000001), ref: 004D9B61
                                              • GlobalLock.KERNEL32(00000000), ref: 004D9B70
                                              • GlobalUnlock.KERNEL32(00000000), ref: 004D9B81
                                              • GlobalAlloc.KERNEL32(00002002,00000003,?,?,?,00000000,0040D599,00000000,00000000), ref: 004D9BB8
                                              • GlobalLock.KERNEL32(00000000), ref: 004D9BC5
                                              • GlobalUnlock.KERNEL32(00000000), ref: 004D9BDB
                                              • OpenClipboard.USER32(00000000), ref: 004D9BEB
                                              • EmptyClipboard.USER32 ref: 004D9BF5
                                              • SetClipboardData.USER32(0000000D,00000000), ref: 004D9C08
                                              • SetClipboardData.USER32(00000001,00000000), ref: 004D9C11
                                              • CloseClipboard.USER32 ref: 004D9C13
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: Global$Clipboard$AllocLockUnlock$Data$ByteCharCloseEmptyMultiOpenWide
                                              • String ID:
                                              • API String ID: 3392129136-0
                                              • Opcode ID: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                              • Instruction ID: e40826f6a6b6de4095afa5ba746f594757548e465f4129e7c784a6b23cc7d310
                                              • Opcode Fuzzy Hash: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                              • Instruction Fuzzy Hash: 7A41F371104302ABE3111B61BC99B277BFCAFA1B04F09041BF986D7341DA69EC09D7BA

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 778 416621-416631 779 416637-41663c 778->779 780 416b2e-416b35 778->780 779->780 781 416642-416651 call 49ad90 779->781 784 416653 781->784 785 416655-41665b 781->785 784->785 786 41666d-41667a call 4848b0 785->786 787 41665d-41666b call 4848b0 785->787 792 41667e-416682 786->792 787->792 793 416684-416688 792->793 794 4166bc-4166c1 792->794 793->794 797 41668a-416692 793->797 795 4166c3 794->795 796 4166c5-4166c9 794->796 795->796 798 41686a-41687b call 40cef0 796->798 799 4166cf-4166e7 call 463050 call 411870 796->799 797->794 800 416694-41669d 797->800 810 4168a5-4168ae 798->810 811 41687d-416881 798->811 799->798 818 4166ed-4167be call 4c9000 call 40ceb0 call 4900f0 call 4c9000 call 40ceb0 call 4900f0 call 4c9000 call 40ceb0 call 4900f0 call 4c9000 call 40ceb0 call 4900f0 799->818 800->794 802 41669f-4166ac 800->802 805 4166ba 802->805 806 4166ae-4166b2 802->806 805->794 806->805 809 4166b4-4166b8 806->809 809->794 809->805 813 4168b0-4168b5 810->813 814 4168c5-4168c9 810->814 811->810 812 416883-41688b 811->812 812->810 816 41688d-416895 812->816 813->814 817 4168b7-4168c0 call 40f880 813->817 819 416b0f-416b2b call 439d00 814->819 820 4168cf-4168d9 814->820 816->810 821 416897-4168a0 call 40f880 816->821 817->814 916 4167c0-4167d5 call 4c9000 818->916 917 4167d7-4167e7 call 4c9000 818->917 819->780 825 4168f9-41690e call 415860 820->825 826 4168db-4168f3 call 463050 call 411870 820->826 821->810 835 416af2-416b0e call 439d00 825->835 836 416914-416928 825->836 826->825 826->835 840 416940-416950 836->840 841 41692a-41693b call 4900f0 836->841 846 416952-416963 call 4900f0 840->846 847 416968-416978 840->847 855 416ab6-416ac8 call 4c9030 841->855 846->855 851 416990-4169a0 847->851 852 41697a-41698b call 4900f0 847->852 858 4169a2-4169b3 call 4900f0 851->858 859 4169b8-4169c8 851->859 852->855 875 416ad7-416aec call 415860 855->875 876 416aca-416ad2 call 4900f0 855->876 858->855 862 4169e0-4169f0 859->862 863 4169ca-4169db call 4900f0 859->863 869 4169f2-416a03 call 4900f0 862->869 870 416a08-416a18 862->870 863->855 869->855 870->855 877 416a1e-416a3b call 4900f0 call 48c060 870->877 875->835 875->836 876->875 890 416a3d-416a6d call 463070 call 490dd0 call 48c060 877->890 891 416a6f-416a79 call 4023b0 877->891 890->855 890->891 891->855 900 416a7b-416a86 call 411870 891->900 900->855 909 416a88-416a9e call 48c020 call 495630 900->909 909->855 921 416aa0-416ab3 call 4900f0 call 439d00 909->921 925 4167ec-416812 call 40ceb0 call 4900f0 916->925 917->925 921->855 933 416814-416827 call 495630 925->933 934 41683f-416852 call 495630 925->934 933->934 940 416829-41683c call 4900f0 call 439d00 933->940 934->798 939 416854-416867 call 4900f0 call 439d00 934->939 939->798 940->934
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: COMM$TALB$TCON$TIT2$TPE1$TRCK$TYER$album$artist$comment$genre$songname$track$year
                                              • API String ID: 0-590896439
                                              • Opcode ID: 58e90cd763c27353f5f737474b6cde04d51412e2af52a5f89d8bdd9097ff8991
                                              • Instruction ID: 644f6fcce6cd6c0cf36f8c2a49984ad5006fbd26ddfeab9ab515d91a446fbcca
                                              • Opcode Fuzzy Hash: 58e90cd763c27353f5f737474b6cde04d51412e2af52a5f89d8bdd9097ff8991
                                              • Instruction Fuzzy Hash: 36D1F471204240ABDB14EA55C892BBB77E9AF84304F05482EF64587382EF7DDC49C7AA
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: _level$gfff$gfff$landscape$paperHeight$portrait$printAsBitmap$xMax$xMin$yMax$yMin
                                              • API String ID: 0-188115620
                                              • Opcode ID: dea08f720592daa481637ef8359b17615b2d3d0a0cce9d10a90a14ebba861c01
                                              • Instruction ID: 70ff334641663e0afb433915ac50cfd4971647fdd0d0ab24e810831b83e0dab3
                                              • Opcode Fuzzy Hash: dea08f720592daa481637ef8359b17615b2d3d0a0cce9d10a90a14ebba861c01
                                              • Instruction Fuzzy Hash: 7C6290706047019FC714DF29D491AABB7E1FF88344F14896EF58A8B791DB38E884CB99
                                              APIs
                                              • OpenClipboard.USER32(00000000), ref: 004D9C27
                                              • GetClipboardData.USER32(00000001), ref: 004D9C3A
                                              • GetClipboardData.USER32(0000000D), ref: 004D9C42
                                              • GetClipboardData.USER32(00000000), ref: 004D9C4B
                                              • CloseClipboard.USER32 ref: 004D9C56
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: Clipboard$Data$CloseOpen
                                              • String ID:
                                              • API String ID: 464010812-0
                                              • Opcode ID: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                              • Instruction ID: 2f18cbc0f6c8a3dbd26954e8439ab7c802a903eab365c315afdcc22c9d276e9e
                                              • Opcode Fuzzy Hash: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                              • Instruction Fuzzy Hash: 41E09AB230022517EB9026BA6C4CF97A2EC9F54F90F050123F604C6340E6A6CC0457B1
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $K$gfff$gfff$gfff
                                              • API String ID: 0-1048959944
                                              • Opcode ID: d12f4ee0db7e837eeaddada9b02ab57d1ed414e4daef55ec7281e1621cc72c7d
                                              • Instruction ID: 9d2a5138eda07fb78ed16dc27847904d5eff4784a57d1f73a6c8b6feaa4118fd
                                              • Opcode Fuzzy Hash: d12f4ee0db7e837eeaddada9b02ab57d1ed414e4daef55ec7281e1621cc72c7d
                                              • Instruction Fuzzy Hash: 91426DB06083558FC728CF19D590A6BBBE5BFC8304F44895EF88A8B352D738D945CB96
                                              APIs
                                              • GetCurrentThreadId.KERNEL32 ref: 004C9674
                                              • GetKeyboardLayout.USER32(00000000), ref: 004C967B
                                              • GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,?,?,004D9D12,?,000000FF), ref: 004C9693
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CurrentInfoKeyboardLayoutLocaleThread
                                              • String ID:
                                              • API String ID: 4094687451-0
                                              • Opcode ID: 1ddd6823bd2bc3ee9e8a39c3bbd18c243f80e9d84aa9d73e1ce1e55aef709746
                                              • Instruction ID: c18c3e67b2d418a81a9ed34cd04b46ff7c576915d0efad72319c368f8fc6f991
                                              • Opcode Fuzzy Hash: 1ddd6823bd2bc3ee9e8a39c3bbd18c243f80e9d84aa9d73e1ce1e55aef709746
                                              • Instruction Fuzzy Hash: A9E0E57A6003107BD601EB68BC09FAB77F8AB54B01F408419FA44C2280E338D90897FB
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $
                                              • API String ID: 0-227171996
                                              • Opcode ID: 395a1bfc07a86bc1b17be198384b933d6e74c24733d271f90db895820ae6568e
                                              • Instruction ID: e3b698b264220c6a4a7ff30e5bd10faba35ce6b07e42392d760f651db3adf898
                                              • Opcode Fuzzy Hash: 395a1bfc07a86bc1b17be198384b933d6e74c24733d271f90db895820ae6568e
                                              • Instruction Fuzzy Hash: E46249716183419FC364CF29C980A6BB7E5FFC8304F148A2EE59997391D738E905CB9A
                                              APIs
                                              • GetSystemTime.KERNEL32(?,?,004CE646,?,0041E572), ref: 004CE5B7
                                              • GetTimeZoneInformation.KERNEL32(00563D90,?,?,004CE646,?,0041E572), ref: 004CE607
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: Time$InformationSystemZone
                                              • String ID:
                                              • API String ID: 702727434-0
                                              • Opcode ID: f738a3c553d765e04b5bec4b324b6c4fee79bb83ad17f4052d4625c48ac5b856
                                              • Instruction ID: 027c201d87c87fe04e998a3dacbc9da3b97e28b55a26ca5f2fa1b84a2cf7f3f2
                                              • Opcode Fuzzy Hash: f738a3c553d765e04b5bec4b324b6c4fee79bb83ad17f4052d4625c48ac5b856
                                              • Instruction Fuzzy Hash: E9011D78608201DBC310BF09E85556BB7F9FB78B10FC0850AE48583321E3F68D88DB29
                                              APIs
                                              • GetProcessHeap.KERNEL32(00000000,?,00528C3A,-00000003), ref: 0052B447
                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004012F9), ref: 0052B44E
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: Heap$AllocProcess
                                              • String ID:
                                              • API String ID: 1617791916-0
                                              • Opcode ID: 59176d969d8d5ab64b55edfac97e4b95670c40f205a4eeb4c3389c15a55de6de
                                              • Instruction ID: 2d67d1c8230b34df0e9697497b7d0e8b3de7afbebdcce056a4f33b586f436b97
                                              • Opcode Fuzzy Hash: 59176d969d8d5ab64b55edfac97e4b95670c40f205a4eeb4c3389c15a55de6de
                                              • Instruction Fuzzy Hash: 61B092B9604200ABDE009BA0AE0CB1BB678AB54702F000400B619C1160C630C804EB31
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: R
                                              • API String ID: 0-1968290334
                                              • Opcode ID: 8546aa269060c6db0e10336a880f1cd0ec7275522bd7a3a93064d1100faa0acd
                                              • Instruction ID: ce0d7d11e4424d034f190161494b7aac1bec0c29b2276794a3ebc18ef3406d1c
                                              • Opcode Fuzzy Hash: 8546aa269060c6db0e10336a880f1cd0ec7275522bd7a3a93064d1100faa0acd
                                              • Instruction Fuzzy Hash: 84C1D1B2E041689AFB208A14DC84BFBB775FF95310F1480FAD84DA7641D6791EC28F66
                                              APIs
                                              • CoCreateInstance.OLE32(00549E88,00000000,00000001,0054A654,?,?,?,004FB325,?,?,00000000,7734E820), ref: 004F9365
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CreateInstance
                                              • String ID:
                                              • API String ID: 542301482-0
                                              • Opcode ID: 32cc378c3d08419dc9c729465278953167982d40ee5e1f975ead0e7be58d7922
                                              • Instruction ID: d33697237a28c181885f9fc6147cb760b8f27fbda8fa23562785bbd0682874fe
                                              • Opcode Fuzzy Hash: 32cc378c3d08419dc9c729465278953167982d40ee5e1f975ead0e7be58d7922
                                              • Instruction Fuzzy Hash: E8F0823270111167D7288A2EEC45BE7B7D9AFD8710B05412ABD04D7280D7A0EC418594
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: Version
                                              • String ID:
                                              • API String ID: 1889659487-0
                                              • Opcode ID: ee60f9e95fcef11a94c07e1fc1ede8b3207cc5aa390eaa880cb51700aab72f76
                                              • Instruction ID: 055774edfa36a1cc0f2afeca4167b9a8919af704cd7fbd49c209ae17ea6089f8
                                              • Opcode Fuzzy Hash: ee60f9e95fcef11a94c07e1fc1ede8b3207cc5aa390eaa880cb51700aab72f76
                                              • Instruction Fuzzy Hash: D3E0C22C0042804EE7608F38A90AB593BB1AB65244F8804DCD4E443213D3B9021FE766
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: dc5a42f13e7841349ae14dd0d814db7469e84fc1a093c776fc8443455eaf0811
                                              • Instruction ID: 01d32cbd04fd490b405bbb3076ca95c53af9ac6c7c72bf4527c2ddcebbd18577
                                              • Opcode Fuzzy Hash: dc5a42f13e7841349ae14dd0d814db7469e84fc1a093c776fc8443455eaf0811
                                              • Instruction Fuzzy Hash: D58269703083119FD714DF29E580B6BB7E5BB98708F84895EE8898B341D738EC56CB5A
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a904873dfafe76d50723d2220b700b55706c147e6e180d2363eb77a360958730
                                              • Instruction ID: 96a45275b5f9c73a41d1d8337e9608839c2e373e62523567d3dab65913c056f8
                                              • Opcode Fuzzy Hash: a904873dfafe76d50723d2220b700b55706c147e6e180d2363eb77a360958730
                                              • Instruction Fuzzy Hash: 1212AF71608B019BC714DF69C890AABB3F5BF88304F444A2EF585C3741E778E949CB9A
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 04095868b29765f6348be8197726760830473c8083571c9ba6bc4c95f4dee8ec
                                              • Instruction ID: 498cbeb692f4c70c8915f573c8722a097fb1111c7146c1bbe368278cd5f5e3e7
                                              • Opcode Fuzzy Hash: 04095868b29765f6348be8197726760830473c8083571c9ba6bc4c95f4dee8ec
                                              • Instruction Fuzzy Hash: 5F02CE71A04B049FD310CF29E84679AB7F5FFD8304F04892EF4CA96691D7B8E4699B09
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 927d87f6a08cd34fb77d99441a45c3a4ce47cf1e0f25776f7bb3331dde36990d
                                              • Instruction ID: 1e7c3244e7452ae8d69b03c5c8d6f6dafe267a2916603bd4dd3bb4cac85038a4
                                              • Opcode Fuzzy Hash: 927d87f6a08cd34fb77d99441a45c3a4ce47cf1e0f25776f7bb3331dde36990d
                                              • Instruction Fuzzy Hash: FCC15171A087A28FC304CF5884C0406FFE2BED535072DC7AAD8985B3A6D378A899D7D5
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 328fd253c3d3266b9f1183c168a7c073fa13225f90af89d8ccac7b3aac2585fb
                                              • Instruction ID: bfa59705cebf717bb77a31e3df0fdea1df1b133d84f49527330e693498930ead
                                              • Opcode Fuzzy Hash: 328fd253c3d3266b9f1183c168a7c073fa13225f90af89d8ccac7b3aac2585fb
                                              • Instruction Fuzzy Hash: 0091A4B2D001285FF728CA18DD56AEBBB79EB84314F0541BBE40DA6684D7785FC1CE42
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6a5c0a1541d3030db029717021fe89afd2a5752fc6c068978f495cf4b702206e
                                              • Instruction ID: daade82ce8e1d1b2ee71ce6920598c29f2be78123f22ed51f0027d5a07208b60
                                              • Opcode Fuzzy Hash: 6a5c0a1541d3030db029717021fe89afd2a5752fc6c068978f495cf4b702206e
                                              • Instruction Fuzzy Hash: F471E8B2D001285FF768CA18DD56AEBBB78EB45314F0541FBE80DA6680D6385FC5CE52
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 68be6958af1c6a53e962f91bcc0efa0a9d1af6a4e755137e866c4c74eff88070
                                              • Instruction ID: 95a1ac05ea7bf9e85cb9af7e548825cad19751d86e8640f90a726477929908b6
                                              • Opcode Fuzzy Hash: 68be6958af1c6a53e962f91bcc0efa0a9d1af6a4e755137e866c4c74eff88070
                                              • Instruction Fuzzy Hash: 6351B5B2D011285FF768CA18DE56AEBBB78EF94314F0541BBE40DA6680D6385FC4CD42
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 75b50ff1b9ba4dd892b9e41ada2c345e4812fadd8f996589414a3cb6cb0e819a
                                              • Instruction ID: 53d2608e8c54cd10bb4b85a771cf95748db63415cbca46aee886de67e8a57e6b
                                              • Opcode Fuzzy Hash: 75b50ff1b9ba4dd892b9e41ada2c345e4812fadd8f996589414a3cb6cb0e819a
                                              • Instruction Fuzzy Hash: E0218EB1B054214FDB2C9B0E942113AB7E3EFDE30234A82BEE8579B3A9D9741D11D694

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 26 4f4a60-4f4a93 EnterCriticalSection 27 4f4a95-4f4a9d 26->27 28 4f4aa3-4f4aab 26->28 27->28 29 4f4aad-4f4ab5 28->29 30 4f4abb-4f4ac3 28->30 29->30 31 4f4ac5-4f4acd 30->31 32 4f4ad3-4f4adb 30->32 31->32 33 4f4aed-4f4af5 32->33 34 4f4add-4f4ae7 32->34 35 4f4afb-4f4b07 LeaveCriticalSection 33->35 36 4f4bf2-4f4bfe LeaveCriticalSection 33->36 34->33 39 4f4b09-4f4b19 35->39 40 4f4b21-4f4b27 35->40 37 4f4c18-4f4c1e 36->37 38 4f4c00-4f4c10 36->38 43 4f4c38-4f4c3e 37->43 44 4f4c20-4f4c30 37->44 38->37 39->40 41 4f4b29-4f4b39 40->41 42 4f4b41-4f4b47 40->42 41->42 45 4f4bbb-4f4bc1 42->45 46 4f4b49-4f4b69 42->46 47 4f4cb2-4f4cb8 43->47 48 4f4c40-4f4c60 43->48 44->43 49 4f4f2f-4f4f35 45->49 50 4f4bc7-4f4bf1 45->50 51 4f4b6b 46->51 52 4f4b71-4f4bb8 call 462e80 call 4a5380 call 439d00 46->52 53 4f4cdc-4f4d05 EnterCriticalSection LeaveCriticalSection 47->53 54 4f4cba-4f4cd4 47->54 55 4f4c68-4f4caf call 462e80 call 4a5380 call 439d00 48->55 56 4f4c62 48->56 51->52 52->45 58 4f4f2e 53->58 59 4f4d0b-4f4d1c EnterCriticalSection LeaveCriticalSection 53->59 54->53 55->47 56->55 58->49 63 4f4d24-4f4d42 EnterCriticalSection 59->63 66 4f4df8-4f4e1d EnterCriticalSection call 4f3bc0 LeaveCriticalSection 63->66 67 4f4d48-4f4d50 63->67 76 4f4e1f-4f4e2b 66->76 77 4f4e3b-4f4e46 call 4f3340 66->77 67->66 72 4f4d56-4f4d6e EnterCriticalSection LeaveCriticalSection 67->72 74 4f4d74-4f4df1 EnterCriticalSection LeaveCriticalSection EnterCriticalSection LeaveCriticalSection 72->74 75 4f4df3 72->75 74->66 74->75 75->66 80 4f4e2d 76->80 81 4f4e32-4f4e34 76->81 89 4f4e97-4f4e9c LeaveCriticalSection 77->89 90 4f4e48-4f4e4d 77->90 80->81 81->77 86 4f4e36-4f4e39 81->86 86->77 86->89 91 4f4ea2-4f4ebd EnterCriticalSection 89->91 92 4f4e4f-4f4e51 90->92 93 4f4e69-4f4e73 call 4f3d00 90->93 95 4f4ebf-4f4ec1 91->95 96 4f4ed8-4f4ee5 LeaveCriticalSection 91->96 92->93 97 4f4e53-4f4e55 92->97 98 4f4e78-4f4e8f LeaveCriticalSection 93->98 99 4f4eca-4f4ed2 95->99 100 4f4ec3-4f4ec8 95->100 101 4f4f0c-4f4f12 96->101 102 4f4ee7-4f4efb EnterCriticalSection 96->102 97->93 103 4f4e57-4f4e67 call 4ff020 call 439d00 97->103 98->63 104 4f4e95 98->104 99->96 100->96 101->58 108 4f4f14-4f4f29 101->108 105 4f4efd 102->105 106 4f4f01-4f4f06 LeaveCriticalSection 102->106 103->98 104->91 105->106 106->101 108->58
                                              APIs
                                              • EnterCriticalSection.KERNEL32 ref: 004F4A89
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4AFB
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4BF2
                                              • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F4CEA
                                              • LeaveCriticalSection.KERNEL32(?,?), ref: 004F4CFD
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4D17
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4D1A
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4D36
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4D5D
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4D66
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4D81
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4D87
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4DB6
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4DC0
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4E05
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4E11
                                              • LeaveCriticalSection.KERNEL32(?,00000000), ref: 004F4E7D
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4E9C
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4EB3
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4ED9
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4EF4
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4F06
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Leave$Enter
                                              • String ID: NetStream.Play.Start$NetStream.Play.Stop$NetStream.Play.StreamNotFound$NetStream.Seek.InvalidTime$NetStream.Seek.Notify$error$status
                                              • API String ID: 2978645861-761530088
                                              • Opcode ID: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                              • Instruction ID: 162dc2aece2cb8deeda7270d3cf99ca9d96a23cce06d37320eaaf024755f17c1
                                              • Opcode Fuzzy Hash: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                              • Instruction Fuzzy Hash: C7E190352047459FD320DB34C845BABBBE1BF89714F04895DE9AA57382CB74F80ACB65

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 590 4d5d20-4d5d40 call 435350 593 4d6069-4d6073 590->593 594 4d5d46-4d5d56 call 435400 590->594 597 4d5d58-4d5d6f DestroyWindow 594->597 598 4d5d72-4d5d82 call 435400 594->598 601 4d5dab-4d5dbb call 435400 598->601 602 4d5d84-4d5da8 call 4d5380 call 4db4e0 598->602 608 4d5dbd-4d5dec call 4d5380 call 4a7ac0 601->608 609 4d5def-4d5dff call 435400 601->609 616 4d5fdc-4d5fec call 435400 609->616 617 4d5e05-4d5e12 609->617 628 4d5fee-4d602f call 4d5380 GetMenu call 4dad30 616->628 629 4d6032-4d6042 call 435400 616->629 620 4d5e14-4d5e16 617->620 621 4d5e41-4d5e55 GetModuleFileNameA 617->621 625 4d5e1c-4d5e1e 620->625 626 4d5e18-4d5e1a 620->626 622 4d605c-4d6066 621->622 623 4d5e5b-4d5e5c 621->623 623->622 627 4d5e62-4d5e69 623->627 631 4d5e24-4d5e26 625->631 632 4d5e20-4d5e22 625->632 626->625 630 4d5e38-4d5e3f 626->630 633 4d5e6b-4d5e6e 627->633 634 4d5e80-4d5e82 627->634 629->593 647 4d6044-4d6056 call 4d5380 629->647 630->620 630->621 637 4d5e2c-4d5e2e 631->637 638 4d5e28-4d5e2a 631->638 632->630 632->631 633->634 639 4d5e70-4d5e71 633->639 634->622 641 4d5e88-4d5e92 634->641 637->630 643 4d5e30-4d5e32 637->643 638->630 638->637 639->627 644 4d5e73-4d5e7d 639->644 646 4d5e95-4d5e9a 641->646 643->622 643->630 646->646 649 4d5e9c-4d5ec2 call 52b380 * 2 646->649 647->622 656 4d5fbf-4d5fd9 call 439d00 * 2 649->656 657 4d5ec8-4d5eca 649->657 657->656 658 4d5ed0-4d5eda 657->658 660 4d5ee0-4d5ee8 658->660 660->660 663 4d5eea-4d5eed 660->663 665 4d5ef0-4d5ef6 663->665 665->665 666 4d5ef8-4d5f20 665->666 667 4d5f22-4d5f2a 666->667 667->667 668 4d5f2c-4d5f30 667->668 669 4d5f33-4d5f39 668->669 669->669 670 4d5f3b-4d5f4d 669->670 671 4d5f50-4d5f55 670->671 671->671 672 4d5f57-4d5f5d 671->672 673 4d5f60-4d5f66 672->673 673->673 674 4d5f68-4d5fb9 CreateProcessA 673->674 674->656
                                              APIs
                                              • DestroyWindow.USER32(?,?,?,?,?), ref: 004D5D5F
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: DestroyWindow
                                              • String ID: D$FSCommand:$\fscommand$allowscale$exec$fullscreen$quit$showmenu$trapallkeys
                                              • API String ID: 3375834691-1928458085
                                              • Opcode ID: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                              • Instruction ID: 7647b0b3e504c4bbb0374484e0d8b702cf2a7569de5a553b4a60fd35f403e9ef
                                              • Opcode Fuzzy Hash: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                              • Instruction Fuzzy Hash: 27914C35504B015BCB24EF28EC617FBB791AFA6309F44451FE8888B341DB2A990BC7D9

                                              Control-flow Graph

                                              APIs
                                              • GetWindowLongA.USER32(?,000000F0), ref: 004DB511
                                              • GetWindowRect.USER32(?,?), ref: 004DB531
                                              • GetClientRect.USER32(?,?), ref: 004DB541
                                              • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB55D
                                              • GetMenu.USER32(?), ref: 004DB581
                                              • SetMenu.USER32(?,00000000), ref: 004DB596
                                              • GetDesktopWindow.USER32 ref: 004DB5B0
                                              • GetWindowRect.USER32(00000000,?), ref: 004DB5BC
                                              • SetWindowPos.USER32(?,00000000,?,?,?,?,00000000,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB5E1
                                              • GetWindowLongA.USER32(?,000000F0), ref: 004DB604
                                              • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB62A
                                              • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB66D
                                              • GetWindowRect.USER32(?,?), ref: 004DB6A5
                                              • GetClientRect.USER32(?,?), ref: 004DB6B7
                                              • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB702
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: Window$Rect$Long$ClientMenuMove$Desktop
                                              • String ID:
                                              • API String ID: 3087884050-0
                                              • Opcode ID: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                              • Instruction ID: afb7dc4107877f96dc9ff69242aee4b267e14dc018c2a581ac30f1de2d6509eb
                                              • Opcode Fuzzy Hash: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                              • Instruction Fuzzy Hash: 1C61F7756047009FE714CF79D888FA7B7E9EB98314F108A1EE5AA83344DE74B8088B65

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 730 4cfe40-4cfe62 731 4cfe68-4cfe6d call 497d20 730->731 732 4cffe0-4cfffd RegOpenKeyExA 730->732 739 4cfe6f call 4cb0e0 731->739 734 4cffff-4d002b RegQueryValueExA 732->734 735 4d0049-4d0059 732->735 737 4d002d-4d0039 call 435020 734->737 738 4d003e-4d0042 734->738 737->738 741 4d0043 RegCloseKey 738->741 742 4cfe74-4cfe76 739->742 741->735 743 4cfe7c-4cfe99 RegOpenKeyExW 742->743 744 4cff3f-4cff5c RegOpenKeyExA 742->744 743->735 745 4cfe9f-4cfecb RegQueryValueExW 743->745 744->735 746 4cff62-4cff8e RegQueryValueExA 744->746 745->738 747 4cfed1-4cfee3 call 4b8350 745->747 748 4cffd9-4cffde 746->748 749 4cff90-4cff93 746->749 747->738 757 4cfee9-4cfeec 747->757 748->741 751 4cffc8-4cffd4 call 435020 749->751 752 4cff95-4cffa9 call 4b8440 749->752 751->748 752->748 758 4cffab-4cffc6 call 435020 call 439d00 752->758 759 4cfeee-4cff04 call 435020 call 439d00 757->759 760 4cff09-4cff1e call 4d9d70 call 439d00 757->760 758->741 759->738 760->738 773 4cff24-4cff3a call 435020 call 439d00 760->773 773->738
                                              APIs
                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFE8F
                                              • RegQueryValueExW.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFEC1
                                              • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFF52
                                              • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFF84
                                              • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFFF3
                                              • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004D0021
                                              • RegCloseKey.ADVAPI32(00000000), ref: 004D0043
                                                • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: OpenQueryValue$CloseVersion
                                              • String ID: AppData$AppData$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                              • API String ID: 3944000476-502054578
                                              • Opcode ID: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                              • Instruction ID: f72081d33d1e3e5e856db847e9c33e0e25e3821136d69a0383b26c3c547fa845
                                              • Opcode Fuzzy Hash: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                              • Instruction Fuzzy Hash: 0151B2715087017BC725DB50EC95FAB73E8AF88754F00891EF98553381EAB9D80AC7AA

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 949 4f5fc0-4f5fd7 950 4f5fdd-4f5ff0 call 4f5cb0 949->950 951 4f6093-4f6095 949->951 960 4f605d-4f6065 950->960 961 4f5ff2-4f6058 call 4fe010 950->961 952 4f60f7-4f60f9 951->952 953 4f6097-4f609f 951->953 955 4f60ff-4f6101 952->955 956 4f61a1 952->956 957 4f60b2-4f60ba 953->957 958 4f60a1-4f60a6 953->958 962 4f6107-4f6148 EnterCriticalSection LeaveCriticalSection EnterCriticalSection LeaveCriticalSection call 4f2bf0 955->962 963 4f62e5-4f62ec 955->963 956->963 965 4f61a7-4f61a9 956->965 957->952 966 4f60bc-4f60be 957->966 958->957 964 4f60a8-4f60b0 958->964 960->951 968 4f6067-4f607c EnterCriticalSection 960->968 961->960 979 4f614a 962->979 980 4f6167-4f6174 call 4f2bf0 962->980 964->957 964->966 965->963 970 4f61af-4f61c2 call 4f24f0 965->970 971 4f60d3 966->971 972 4f60c0-4f60c5 966->972 973 4f607e 968->973 974 4f6085-4f608d LeaveCriticalSection 968->974 985 4f624e-4f625b call 4f24f0 970->985 986 4f61c8-4f61ce 970->986 978 4f60d9-4f60f2 call 4e5ec0 971->978 972->971 977 4f60c7-4f60d1 972->977 973->974 974->951 977->971 977->978 978->952 984 4f6150-4f6165 call 4f3d00 call 4f2bf0 979->984 980->963 995 4f617a 980->995 984->980 985->963 1001 4f6261 985->1001 987 4f61d0-4f61df EnterCriticalSection 986->987 992 4f61e6-4f61ef 987->992 993 4f61e1 987->993 998 4f6201-4f620a 992->998 999 4f61f1-4f61ff 992->999 993->992 1000 4f6180-4f6195 call 4f3d00 call 4f2bf0 995->1000 1003 4f6211-4f622b LeaveCriticalSection EnterCriticalSection 998->1003 999->1003 1021 4f6197-4f619e 1000->1021 1005 4f6267-4f6276 EnterCriticalSection 1001->1005 1007 4f622d-4f6233 1003->1007 1008 4f6240-4f624c LeaveCriticalSection 1003->1008 1010 4f627d-4f6286 1005->1010 1011 4f6278 1005->1011 1014 4f623a-4f623d 1007->1014 1015 4f6235-4f6238 1007->1015 1008->985 1008->987 1012 4f6298-4f62a1 1010->1012 1013 4f6288-4f6296 1010->1013 1011->1010 1017 4f62a8-4f62c2 LeaveCriticalSection EnterCriticalSection 1012->1017 1013->1017 1014->1008 1015->1008 1019 4f62d7-4f62e3 LeaveCriticalSection 1017->1019 1020 4f62c4-4f62ca 1017->1020 1019->963 1019->1005 1022 4f62cc-4f62cf 1020->1022 1023 4f62d1-4f62d4 1020->1023 1022->1019 1023->1019
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,00000000,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F606E
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F608D
                                              • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6111
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F611B
                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F612B
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6135
                                                • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                                • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                                • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                                • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                                • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                                • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                              • EnterCriticalSection.KERNEL32(?,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F61D1
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6212
                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F621C
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6244
                                              • EnterCriticalSection.KERNEL32(?,00000001,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6268
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62A9
                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62B3
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62DB
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave
                                              • String ID:
                                              • API String ID: 3168844106-0
                                              • Opcode ID: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                              • Instruction ID: 143f1fb28292c6c8f5848ec82d72cb0c1768edffe3cb57bca7300ec5568bca4f
                                              • Opcode Fuzzy Hash: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                              • Instruction Fuzzy Hash: 2AA1113020430E8BC725DF349854BBBBBB9AF94304F15056EFA5687382DB79E809CB65
                                              APIs
                                              • StartDocA.GDI32(?,00000000), ref: 004D7F29
                                              • GetDeviceCaps.GDI32(?,00000008), ref: 004D7F47
                                              • GetDeviceCaps.GDI32(?,0000000A), ref: 004D7F55
                                              • LPtoDP.GDI32(00000000,00000002), ref: 004D7F83
                                              • GetDeviceCaps.GDI32(00000000,0000006E), ref: 004D7FA0
                                              • GetDeviceCaps.GDI32(00000000,0000006F), ref: 004D7FAE
                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 004D7FBC
                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004D7FD2
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CapsDevice$Start
                                              • String ID: portrait
                                              • API String ID: 1738886688-2504013051
                                              • Opcode ID: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                              • Instruction ID: 78bfa520cedcb1c13f518f393ea8421dc938ea51f70754ce75912898c89e0c82
                                              • Opcode Fuzzy Hash: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                              • Instruction Fuzzy Hash: 7641DFB0604B109FC324DF2AD980A1AFBF5BF98710F108A1EE58A877A1D771E845CF91
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,00000000,?,00000000,00000000,?,004AC0BD,?,?), ref: 004F705A
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F7081
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F709A
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F70A3
                                              • timeGetTime.WINMM(00000000,00000000,00000000,00000000,?), ref: 004F7390
                                              • LeaveCriticalSection.KERNEL32(?,?), ref: 004F73D5
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Leave$Enter$Timetime
                                              • String ID:
                                              • API String ID: 4022644143-0
                                              • Opcode ID: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                              • Instruction ID: 3d57daaa4b40982c2e4bbac1192c2a7fdd3e5fb289d79a2cbb097eeb1d58369f
                                              • Opcode Fuzzy Hash: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                              • Instruction Fuzzy Hash: 60A12B303083495BC7259F398890BBBBBE59F85700F04456EFA9AC7392DB6CE905D768
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,?,00000000,004F7352,?), ref: 004F2A19
                                              • timeGetTime.WINMM ref: 004F2A25
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F2A39
                                              • timeGetTime.WINMM(?), ref: 004F2A46
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F2AD7
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$LeaveTimetime$Enter
                                              • String ID: NetStream.Buffer.Empty$NetStream.Buffer.Full$status
                                              • API String ID: 2943255653-4242577526
                                              • Opcode ID: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                              • Instruction ID: adfbc573f46a5ae42de3eb127535f59d6c3a8125dfae6686c248f3bcdabba04f
                                              • Opcode Fuzzy Hash: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                              • Instruction Fuzzy Hash: 33217471740705ABD7308F14DD86B6BB7A4FB50B21F24462BF267966D0C7B4B8408754
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B64,00000002), ref: 004F3ED0
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F3EDE
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F3F20
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Leave$Enter
                                              • String ID:
                                              • API String ID: 2978645861-0
                                              • Opcode ID: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                              • Instruction ID: 85195bc957575009e4a7604c5a43e45099f91f30af12cfc7e5b33174ac27f883
                                              • Opcode Fuzzy Hash: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                              • Instruction Fuzzy Hash: BF81C0316047494FC724DF39989057BB7F1AF853117148A2FE6A787B81DB38E805CB68
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?), ref: 00401181
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004011B1
                                              • timeGetTime.WINMM ref: 004011C5
                                              • timeGetTime.WINMM ref: 004011D5
                                              • EnterCriticalSection.KERNEL32(?), ref: 004011E3
                                              • LeaveCriticalSection.KERNEL32(?), ref: 0040122A
                                              • timeGetTime.WINMM ref: 0040123E
                                              • EnterCriticalSection.KERNEL32(?), ref: 00401261
                                              • LeaveCriticalSection.KERNEL32(?), ref: 0040129E
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeaveTimetime
                                              • String ID:
                                              • API String ID: 3486229058-0
                                              • Opcode ID: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                              • Instruction ID: b4a63a4f06c8fcffd2d454e61e85ed039b73bf68413dd997414ba6e559c29426
                                              • Opcode Fuzzy Hash: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                              • Instruction Fuzzy Hash: 6641D6357003148FCB309F60E80466BB7F4AF6575470486AEE896BB3E1DB38EC459AA5
                                              APIs
                                              • InterlockedExchange.KERNEL32(00000020,00000000), ref: 00411B68
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: ExchangeInterlocked
                                              • String ID: GET$_bytesLoaded$_bytesTotal$_customHeaders$contentType$loaded
                                              • API String ID: 367298776-2876428247
                                              • Opcode ID: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                              • Instruction ID: 337a073203a489cf9af6a636d5e82807fd5ac3b12a53b57697a6972a4ae57270
                                              • Opcode Fuzzy Hash: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                              • Instruction Fuzzy Hash: F6D126706047056BC714EF65D842AABB7E5BF88304F404A2EFA4687392EB38F945C799
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,004F5BA3,00000000), ref: 004F34EA
                                              • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3537
                                              • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3545
                                              • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3556
                                              • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F355F
                                              • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3594
                                              • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F359D
                                              • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36AD
                                              • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36BB
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Enter$Leave
                                              • String ID:
                                              • API String ID: 2801635615-0
                                              • Opcode ID: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                              • Instruction ID: 93c01fc31a9ee7373f9c1d93048bf40271cec5808ab28bfcb2eca2428eaae834
                                              • Opcode Fuzzy Hash: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                              • Instruction Fuzzy Hash: 1F51BE3020474A9BD7249F319558BBBBBF8AF84742F04485EE5DEC3361DB28EA08C724
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,?,?), ref: 004F3709
                                              • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F374C
                                              • LeaveCriticalSection.KERNEL32(?,?), ref: 004F375C
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F376D
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F377A
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F37A9
                                              • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F37C5
                                              • LeaveCriticalSection.KERNEL32(?,?), ref: 004F37D5
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F37EC
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Leave$Enter
                                              • String ID:
                                              • API String ID: 2978645861-0
                                              • Opcode ID: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                              • Instruction ID: 1822ab8b2bc00c4b335a7296647f06df4fe24da2c1cedc303b1505dbbb5a7089
                                              • Opcode Fuzzy Hash: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                              • Instruction Fuzzy Hash: 2831D1B11087894BC610AF35A9807EBFBF8BF89714F04499DE5E953251C734AA1DC726
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: gethostbynamehtonlhtonsinet_addr
                                              • String ID: localhost
                                              • API String ID: 4009071410-2663516195
                                              • Opcode ID: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                              • Instruction ID: cf482c115b2fa46a5b5609c5aae3d134ea41c2cdeafd480f3feffcf81808ee73
                                              • Opcode Fuzzy Hash: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                              • Instruction Fuzzy Hash: 9131ED30208311ABDB20DF249C85BBBB7E5FF95710F004A1EF9559B381E7719948C7A6
                                              APIs
                                              • timeGetTime.WINMM(00000000), ref: 004145E1
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: Timetime
                                              • String ID: gfff$gfff$gfff$gfff
                                              • API String ID: 17336451-2178600047
                                              • Opcode ID: a6eb4a1a4bf024f16c397edd5e841aed2049ab2de515439dd25e44f6491a1c28
                                              • Instruction ID: e32ce3efbecf0e845fb5c017bd6949167df468d5a0ad1b28c98723774e94ba96
                                              • Opcode Fuzzy Hash: a6eb4a1a4bf024f16c397edd5e841aed2049ab2de515439dd25e44f6491a1c28
                                              • Instruction Fuzzy Hash: 79C17E313046059BD718DF15C494BEA77A6BFC8704F18856EE8498F382CB79ED42CB9A
                                              APIs
                                              • timeKillEvent.WINMM(?), ref: 004D8B13
                                              • Sleep.KERNEL32(00000001,?,0041D4A9), ref: 004D8B2D
                                              • waveOutReset.WINMM(?,?,0041D4A9), ref: 004D8B34
                                              • waveOutUnprepareHeader.WINMM(?,-000013C4,00000020,?,?,0041D4A9), ref: 004D8B5A
                                              • Sleep.KERNEL32(00000001,?,?,0041D4A9), ref: 004D8B63
                                              • waveOutClose.WINMM(?,?,0041D4A9), ref: 004D8B86
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: wave$Sleep$CloseEventHeaderKillResetUnpreparetime
                                              • String ID:
                                              • API String ID: 3030913982-0
                                              • Opcode ID: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                              • Instruction ID: 723e303dfaa0e6e3e16fcc3d7d301ea8209cd941138754b25ec6b12d62c8e06b
                                              • Opcode Fuzzy Hash: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                              • Instruction Fuzzy Hash: 0401ADB5A00214ABC3149F14EC88AAEB7F8FB98B11F00091BF41497301CB79A9598BF5
                                              APIs
                                              • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000,?,?,?,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF94E
                                              • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,-00000001,00000000,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF99D
                                              • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000), ref: 004CF9BF
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CreateFile
                                              • String ID: \\?\
                                              • API String ID: 823142352-4282027825
                                              • Opcode ID: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                              • Instruction ID: d900b4c61e2357813c95f9d4093febd61d3ae0210469f6574eac6d9984f09979
                                              • Opcode Fuzzy Hash: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                              • Instruction Fuzzy Hash: A141C2B5904300BBEB50EB21DC86F1B77A9EB89348F24092EF54597381D63DDC48C7A6
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,00000000,?,?,004DDFDB,000000FF,00000001,004DE7BA), ref: 004DD6FC
                                              • EnterCriticalSection.KERNEL32(?), ref: 004DD71E
                                                • Part of subcall function 004FA760: EnterCriticalSection.KERNEL32(?,?,00000000,7734E820,?,004DD732), ref: 004FA76A
                                                • Part of subcall function 004FA760: LeaveCriticalSection.KERNEL32(?), ref: 004FA77A
                                                • Part of subcall function 004DC9A0: EnterCriticalSection.KERNEL32 ref: 004DCA0C
                                                • Part of subcall function 004DC9A0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?), ref: 004DCA1D
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004DD741
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004DD744
                                              • EnterCriticalSection.KERNEL32(?), ref: 004DD74C
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004DD771
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004DD774
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Leave$Enter
                                              • String ID:
                                              • API String ID: 2978645861-0
                                              • Opcode ID: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                              • Instruction ID: 32add75de912499d63db8df7e296ef1919b4cd71e3024a8d459c2c8f380e6b48
                                              • Opcode Fuzzy Hash: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                              • Instruction Fuzzy Hash: 59012975302A155FD324EB2ADC90B6BE3F9AF91354F00842FE546C3750CB64FC058AA9
                                              APIs
                                              • CreateWindowExA.USER32(00000000,STATIC,Dummy,80000000,00000000,00000000,00000005,00000005,00000000,00000000,00000000,00000000), ref: 004D866B
                                              • SetWindowLongA.USER32(00000000,000000EB,00000000), ref: 004D8683
                                              • SetWindowLongA.USER32(?,000000FC,004D8520), ref: 004D8690
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: Window$Long$Create
                                              • String ID: Dummy$STATIC
                                              • API String ID: 1733017098-132613206
                                              • Opcode ID: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                              • Instruction ID: 60c9263fdfddd51d1a46959990d996e43c4a0f9c9599785539e6d357df671051
                                              • Opcode Fuzzy Hash: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                              • Instruction Fuzzy Hash: 35F0303138471076E630A66ABC06F57B6EC9B59F31F21071AB319F76E0DAE0F8004A2C
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,00000010,?,00000000,00000000,004EF87C,?,?,004AC02B,?,?), ref: 004F5A80
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F5A8A
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F5B2E
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F5B3D
                                              • EnterCriticalSection.KERNEL32(?,00000002), ref: 004F5B78
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F5B8A
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave
                                              • String ID:
                                              • API String ID: 3168844106-0
                                              • Opcode ID: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                              • Instruction ID: 42192e3c7faa4449eaa7148df56c5331408008ed83f87a65c0d534a8c29348b8
                                              • Opcode Fuzzy Hash: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                              • Instruction Fuzzy Hash: EE41B634300B0D5BD7259F319894BBB77A9AF80704F08415EEB6A8B392DB18FC15D768
                                              APIs
                                              • timeGetTime.WINMM(?,?,?,?,?,?), ref: 004F274C
                                              • EnterCriticalSection.KERNEL32(?,00000000,?,?,?), ref: 004F277D
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 004F2787
                                              • timeGetTime.WINMM(?,?), ref: 004F2792
                                              • timeGetTime.WINMM(?,?,?,?,?), ref: 004F27C6
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: Timetime$CriticalSection$EnterLeave
                                              • String ID:
                                              • API String ID: 1404962471-0
                                              • Opcode ID: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                              • Instruction ID: 9d8894fa7cd5c1a3a8d1574b016894ebc4e8e1121a62fd2c9071eafdbb47ea2c
                                              • Opcode Fuzzy Hash: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                              • Instruction Fuzzy Hash: B531BC35208B049BC314DF25E9956ABB7F1FFC9720F148A2DE4EA83390DB34A419CB56
                                              APIs
                                              • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 00529421
                                              • Sleep.KERNEL32(00000000,?,08000041,?,?,00529592,?,?), ref: 00529431
                                              • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 0052943A
                                              • InterlockedExchange.KERNEL32(00000378,00000000), ref: 0052944F
                                              • __aulldiv.LIBCMT ref: 0052947B
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: ExchangeInterlocked$Compare$Sleep__aulldiv
                                              • String ID:
                                              • API String ID: 1430435781-0
                                              • Opcode ID: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                              • Instruction ID: c7c6432b147b16162d76303af8a74e071e756cb34c164aed74e4a8b1f06fd785
                                              • Opcode Fuzzy Hash: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                              • Instruction Fuzzy Hash: 9C215AB15007409FD7219F2A9844A67FEFCFFA1705F10851FA45A873A1D7B4A904CB64
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave
                                              • String ID:
                                              • API String ID: 3168844106-0
                                              • Opcode ID: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                              • Instruction ID: 3111dceef54b192a201187cebb12310cd19e01e5115420dd7c98ed3fae01612e
                                              • Opcode Fuzzy Hash: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                              • Instruction Fuzzy Hash: 2921A73520174A4BD710AF66E888BFFB7B8EB60305F00852FEB4643251C779A84ADB64
                                              APIs
                                              • CreateSolidBrush.GDI32(?), ref: 004D802E
                                              • SelectObject.GDI32(?,00000000), ref: 004D8044
                                              • FillRect.USER32(?,?,00000000), ref: 004D8067
                                              • SelectObject.GDI32(?,00000000), ref: 004D8075
                                              • DeleteObject.GDI32(00000000), ref: 004D8078
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: Object$Select$BrushCreateDeleteFillRectSolid
                                              • String ID:
                                              • API String ID: 3777265051-0
                                              • Opcode ID: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                              • Instruction ID: d8a686452ba02d7e488f009474b8275e6b936404318e954abf19810798465268
                                              • Opcode Fuzzy Hash: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                              • Instruction Fuzzy Hash: 76019A752042046FC304DB69ED88C6B7BF8EACD614B000A5DFA8983312E635E806DB71
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E468C
                                              • LeaveCriticalSection.KERNEL32(?,0041D485), ref: 004E46A2
                                              • DeleteCriticalSection.KERNEL32(?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D0
                                              • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D9
                                              • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46E6
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Delete$EnterLeave
                                              • String ID:
                                              • API String ID: 3104255891-0
                                              • Opcode ID: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                              • Instruction ID: c031ed0988ac34fb64eb35ca7992c3622ed3d26c78e5592643255ae209dbdd49
                                              • Opcode Fuzzy Hash: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                              • Instruction Fuzzy Hash: D101D4B750060C5BC2106B35EC81BAF73A8AFC4214F05051EF54F93241DA68B8088BA1
                                              APIs
                                              • GetFileAttributesExA.KERNEL32(?,00000000,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?), ref: 004CFE0F
                                                • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                              • GetFileAttributesExW.KERNEL32(00000000,00000000,?,?,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852), ref: 004CFDAF
                                              • GetFileAttributesExA.KERNEL32(00000000,00000000,?,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?,00000000), ref: 004CFDED
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: AttributesFile$Version
                                              • String ID: \\?\
                                              • API String ID: 3849939888-4282027825
                                              • Opcode ID: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                              • Instruction ID: f991edffad243b4bd670aca913d189ed867c40d808b57564552852d0b3f79ee3
                                              • Opcode Fuzzy Hash: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                              • Instruction Fuzzy Hash: 6431277A90031067D710AA65AC42FEB73995F85704F54042FF90687352EB6D9C0EC2EA
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,00000000,00000000), ref: 004FA67B
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004FA749
                                                • Part of subcall function 004F9B30: EnterCriticalSection.KERNEL32(?,00000000,?,004FA7A6,?,?,7734FFB0), ref: 004F9B35
                                                • Part of subcall function 004F9B30: LeaveCriticalSection.KERNEL32(?), ref: 004F9B84
                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000100,00000000,00000000,?), ref: 004FA715
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave$ByteCharMultiWide
                                              • String ID: FriendlyName
                                              • API String ID: 904232820-3623505368
                                              • Opcode ID: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                              • Instruction ID: 4f25218f4a75fa1caa45750efdb6ff353ea89136e06b91a5ad3ed6f7a0914714
                                              • Opcode Fuzzy Hash: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                              • Instruction Fuzzy Hash: 9A212A75244301AFD220EB54DC49F5BB7F8BF88714F008A1DFA899B290D774F8098BA6
                                              APIs
                                              • CreateCompatibleDC.GDI32(00000000), ref: 004CADB4
                                              • CreateDIBSection.GDI32(00000000,?,00000000,?,00000000,00000000), ref: 004CADC8
                                              • GetObjectA.GDI32(00000000,00000018,?), ref: 004CADD8
                                              • DeleteDC.GDI32(00000000), ref: 004CADFF
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: Create$CompatibleDeleteObjectSection
                                              • String ID:
                                              • API String ID: 3137390749-0
                                              • Opcode ID: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                              • Instruction ID: ec125f8efd539a004f5243cd975522e641b23088832de904e1665531ca55df12
                                              • Opcode Fuzzy Hash: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                              • Instruction Fuzzy Hash: 2981AFB56043458FC324CF29D484A67FBF1BF98314F148A6ED58A87712D334E989CBA6
                                              APIs
                                              • QueryPerformanceCounter.KERNEL32 ref: 0052AFF0
                                              • QueryPerformanceCounter.KERNEL32(?), ref: 0052B016
                                                • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C25F
                                                • Part of subcall function 0040C250: Sleep.KERNEL32(00000000,?,?,0052B390,?,004012F9,00000008), ref: 0040C272
                                                • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C279
                                              • InterlockedExchange.KERNEL32(?,00000000), ref: 0052B050
                                              • QueryPerformanceCounter.KERNEL32(?), ref: 0052B05B
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CounterExchangeInterlockedPerformanceQuery$Compare$Sleep
                                              • String ID:
                                              • API String ID: 188302963-0
                                              • Opcode ID: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                              • Instruction ID: 331ae7ec3883c6fb41667714d1c2397b805b788a0704fbfdebc2abdcd4384ec1
                                              • Opcode Fuzzy Hash: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                              • Instruction Fuzzy Hash: 19212A75604712ABC318DF65D884A9AF7E8BF89300F040A1DE85993780D734F918CBA2
                                              APIs
                                                • Part of subcall function 004E4850: waveInGetNumDevs.WINMM(defaultmicrophone,00000000,?,00000000,?,?,?,?,004E8459,?,?,?,?,?,?,?), ref: 004E489B
                                                • Part of subcall function 004E4C80: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C7E,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E4C8A
                                                • Part of subcall function 004E4C80: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E4CD7
                                                • Part of subcall function 004E3860: EnterCriticalSection.KERNEL32(?,00000000,?,004E5C91,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E3868
                                                • Part of subcall function 004E3860: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E388F
                                                • Part of subcall function 004E5B40: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C9B,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?), ref: 004E5B4C
                                                • Part of subcall function 004E5B40: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5B71
                                              • EnterCriticalSection.KERNEL32(00000004,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E5CA2
                                              • LeaveCriticalSection.KERNEL32(00000004,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5CB2
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave$Devswave
                                              • String ID: echosuppression$gain
                                              • API String ID: 967401230-1829011300
                                              • Opcode ID: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                              • Instruction ID: eec625d20ecc8ac728587d7ca18c0fda910ff7f544bd80cb39fcd025b5d808b6
                                              • Opcode Fuzzy Hash: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                              • Instruction Fuzzy Hash: 4C118E35700B449BC711EB67C9A1A2BB3B9BF8871AB15049EE5464B741CB24FC02CBA4
                                              APIs
                                                • Part of subcall function 0050B060: CreateEventA.KERNEL32(00000000,?,00000000,00000000,00000000,00509F02,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E), ref: 0050B06E
                                              • InitializeCriticalSection.KERNEL32(0000007C,00000001,00000001,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E,00549D98,?,?), ref: 00509F34
                                              • InitializeCriticalSection.KERNEL32(00000094,?,?,?,?,?,?,?,?,7734FFB0), ref: 00509F3D
                                              • InitializeCriticalSection.KERNEL32 ref: 00509F6E
                                              • SetEvent.KERNEL32 ref: 00509F74
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalInitializeSection$Event$Create
                                              • String ID:
                                              • API String ID: 662013055-0
                                              • Opcode ID: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                              • Instruction ID: a00b6d7b902e657a52a59b9571d5736a80dfe09fbfe7896e9036a1fe9281f1e6
                                              • Opcode Fuzzy Hash: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                              • Instruction Fuzzy Hash: 9B21C4B1540B049FE320DF6AD884A9BFBE8FF94704F00490EE1AA83661D7B1B405CB61
                                              APIs
                                              • GetSystemDirectoryA.KERNEL32(?,00000105), ref: 004D2AB9
                                              • CreateCompatibleDC.GDI32(00000000), ref: 004D2B3D
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CompatibleCreateDirectorySystem
                                              • String ID: Macromed\Flash\
                                              • API String ID: 2606042488-1438515271
                                              • Opcode ID: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                              • Instruction ID: 299e9cb63676f09c6c690dce7675c16131e739682a5e940449f79e26451de6f9
                                              • Opcode Fuzzy Hash: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                              • Instruction Fuzzy Hash: 8F118A711047016FC704EF21EC52AAF77E4BF98704F40491EF19943281DB78A908CFAA
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B22,00000001,000000FF), ref: 004F2BFE
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F2C88
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F2CCE
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F2CF1
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Leave$Enter
                                              • String ID:
                                              • API String ID: 2978645861-0
                                              • Opcode ID: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                              • Instruction ID: d821757bbb06b5f881817bb4be3b83133dcd2ebdcf47b2e92145d0cebd45ebc1
                                              • Opcode Fuzzy Hash: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                              • Instruction Fuzzy Hash: D631D2762042854FD3248F29D898A3BBBF5EFD9351F19856EE696C7381C779D808C720
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,004F7247,?), ref: 004F64C1
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F64E6
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F64EC
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F6515
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave
                                              • String ID:
                                              • API String ID: 3168844106-0
                                              • Opcode ID: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                              • Instruction ID: c39e4b2d7a975ea5970b06f88a1f0ae82272a8bb6f48ad921d14b69448efe04b
                                              • Opcode Fuzzy Hash: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                              • Instruction Fuzzy Hash: FC0188352003485BC714EF24D880A77F3A9AF46258B19559DE5C657342CA39EC06CBA4
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?), ref: 0040139D
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004013B3
                                              • EnterCriticalSection.KERNEL32(00000005), ref: 004013CA
                                              • LeaveCriticalSection.KERNEL32(00000005), ref: 004013D8
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2342525110.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2342423441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342715994.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342750133.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2342802590.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343730463.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343856794.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343914433.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343936171.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2343951026.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344416561.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344437344.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344455208.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344472721.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344532317.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2344556160.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave
                                              • String ID:
                                              • API String ID: 3168844106-0
                                              • Opcode ID: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                              • Instruction ID: 1dc668918495c93d19b35d2f921703afc781594381be1afc9f76799b5a6aac2f
                                              • Opcode Fuzzy Hash: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                              • Instruction Fuzzy Hash: 280112B620070AAFC310CF69D884946FBF8FFA8314B10C55AE95983711C771F956CBA0
                                              APIs
                                              • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 007D90C1
                                              • VirtualFree.KERNELBASE(00000000,00000000,?), ref: 007D926D
                                              Memory Dump Source
                                              • Source File: 00000003.00000003.2306942713.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_3_7a0000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: Virtual$AllocFree
                                              • String ID:
                                              • API String ID: 2087232378-0
                                              • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                              • Instruction ID: 0fc34a67d6a827dc0d7c73ac8cbc6399621bf70b2ed37733089f3a1ac3a5ace5
                                              • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                              • Instruction Fuzzy Hash: 3B717B71E0424AEFDB41CF98C985BEDBBF0BB09314F244096E565F7341D238AA91DB64
                                              APIs
                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 007D9314
                                                • Part of subcall function 007D9098: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 007D90C1
                                                • Part of subcall function 007D9098: VirtualFree.KERNELBASE(00000000,00000000,?), ref: 007D926D
                                              • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 007D9366
                                              • VirtualProtect.KERNELBASE(0000002C,?,00000040,0000002C), ref: 007D93C0
                                              • VirtualFree.KERNELBASE(00000000,00000000,?), ref: 007D93F3
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000003.2306942713.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_3_7a0000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: Virtual$Alloc$Free$Protect
                                              • String ID: ,
                                              • API String ID: 1004437363-3772416878
                                              • Opcode ID: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                              • Instruction ID: ee00285b848096d9d149dff14d2196b619dd9fb5748accbcb1c1095e45e7ac29
                                              • Opcode Fuzzy Hash: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                              • Instruction Fuzzy Hash: A351E975900609EFCB20DFA9C885A9EBBF8FF08354F10851AFA59A7241D374E951CBA4
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000003.00000003.2306942713.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_3_7a0000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: __freea$__alloca_probe_16
                                              • String ID:
                                              • API String ID: 3509577899-0
                                              • Opcode ID: f7a03af1f28fe692d224fce8426d8e90eb535a2185ddb9f5c56a6e2cdb0b48ca
                                              • Instruction ID: 081cf3fe198209f33fe3a0b120c8ca826e5becfb798a419be24fc89da9dc40e2
                                              • Opcode Fuzzy Hash: f7a03af1f28fe692d224fce8426d8e90eb535a2185ddb9f5c56a6e2cdb0b48ca
                                              • Instruction Fuzzy Hash: 0251917270020AAAEB219FA0CC49FAB76BAEF84710F15112BFD0596351E778ED1086A0
                                              APIs
                                              • LCMapStringEx.KERNELBASE(?,007D0C92,?,?,-00000008,?,00000000,00000000,00000000,00000000,00000000), ref: 007D3D75
                                              Memory Dump Source
                                              • Source File: 00000003.00000003.2306942713.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_3_7a0000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: String
                                              • String ID:
                                              • API String ID: 2568140703-0
                                              • Opcode ID: 175506e9baa064e8de5336ff9f9c35cc612b60ef2b7bb8bbe571b4be71336b6e
                                              • Instruction ID: c3c72d564a4f20c8bea0f29fec32ed21c670867db13d8b38512067307f666f9c
                                              • Opcode Fuzzy Hash: 175506e9baa064e8de5336ff9f9c35cc612b60ef2b7bb8bbe571b4be71336b6e
                                              • Instruction Fuzzy Hash: 08F0683610025ABBCF125F90DC099DE3F26AB48360B058111BA1969220C73ACA31AFA1
                                              APIs
                                              • VirtualFree.KERNELBASE(?,00000000,?), ref: 007CBFCE
                                              Memory Dump Source
                                              • Source File: 00000003.00000003.2306942713.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_3_7a0000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: FreeVirtual
                                              • String ID:
                                              • API String ID: 1263568516-0
                                              • Opcode ID: 2b2b09fd54bcda281bc1361cc72eafe3c16d7000e3994f5a488a0eb69cbcd1b9
                                              • Instruction ID: 9dbe86c5b4215908777a3276febbbed1dde0bcd46da8c6c5dc297dcfcc1c5923
                                              • Opcode Fuzzy Hash: 2b2b09fd54bcda281bc1361cc72eafe3c16d7000e3994f5a488a0eb69cbcd1b9
                                              • Instruction Fuzzy Hash: 1631F371900209ABCB10CFA9D881FAEBBF8BF08704F10842DE955A7390D779A9458F94
                                              APIs
                                              • CloseHandle.KERNELBASE(00000000), ref: 007CBCC7
                                              Memory Dump Source
                                              • Source File: 00000003.00000003.2306942713.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_3_7a0000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CloseHandle
                                              • String ID:
                                              • API String ID: 2962429428-0
                                              • Opcode ID: 9ac12d75cf364b735dce5310dc04a39102ca413bb26d0aa9ec29b9aecec6e3ff
                                              • Instruction ID: 8cae220516fcf033456b5b081b1e20611534ce2899c4ed54bab4f52bb7db096b
                                              • Opcode Fuzzy Hash: 9ac12d75cf364b735dce5310dc04a39102ca413bb26d0aa9ec29b9aecec6e3ff
                                              • Instruction Fuzzy Hash: 61E0EDB6902662BBD3212B209D4AE7B732CEF95701B00842CFD10E6340DF28DC01C6B0
                                              APIs
                                              • GlobalAlloc.KERNEL32(00002002,00000002), ref: 004D9B06
                                              • GlobalLock.KERNEL32(00000000), ref: 004D9B17
                                              • GlobalUnlock.KERNEL32(00000000), ref: 004D9B28
                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,00000000,00000000), ref: 004D9B51
                                              • GlobalAlloc.KERNEL32(00002002,00000001), ref: 004D9B61
                                              • GlobalLock.KERNEL32(00000000), ref: 004D9B70
                                              • GlobalUnlock.KERNEL32(00000000), ref: 004D9B81
                                              • GlobalAlloc.KERNEL32(00002002,00000003,?,?,?,00000000,0040D599,00000000,00000000), ref: 004D9BB8
                                              • GlobalLock.KERNEL32(00000000), ref: 004D9BC5
                                              • GlobalUnlock.KERNEL32(00000000), ref: 004D9BDB
                                              • OpenClipboard.USER32(00000000), ref: 004D9BEB
                                              • EmptyClipboard.USER32 ref: 004D9BF5
                                              • SetClipboardData.USER32(0000000D,00000000), ref: 004D9C08
                                              • SetClipboardData.USER32(00000001,00000000), ref: 004D9C11
                                              • CloseClipboard.USER32 ref: 004D9C13
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: Global$Clipboard$AllocLockUnlock$Data$ByteCharCloseEmptyMultiOpenWide
                                              • String ID:
                                              • API String ID: 3392129136-0
                                              • Opcode ID: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                              • Instruction ID: e40826f6a6b6de4095afa5ba746f594757548e465f4129e7c784a6b23cc7d310
                                              • Opcode Fuzzy Hash: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                              • Instruction Fuzzy Hash: 7A41F371104302ABE3111B61BC99B277BFCAFA1B04F09041BF986D7341DA69EC09D7BA
                                              Memory Dump Source
                                              • Source File: 00000003.00000003.2306942713.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_3_7a0000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d226f714bff62ed29fbfbeeb9c07e0a6250ee3561ac2043c385ee9577c71bd29
                                              • Instruction ID: ca6b49ba8c948b0b2a1321171176cbff8534267d0d71147791947335bfaf874a
                                              • Opcode Fuzzy Hash: d226f714bff62ed29fbfbeeb9c07e0a6250ee3561ac2043c385ee9577c71bd29
                                              • Instruction Fuzzy Hash: BD516AB2A112059FEB19CF59D895BEABBF4FB48310F24806ED809EB250D3789D41CF50
                                              Memory Dump Source
                                              • Source File: 00000003.00000003.2306942713.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_3_7a0000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                              • Instruction ID: ef0fd70ec8bd2bfbf285bcc601704a758f7e28addf8dfbedece5c33eca63a78d
                                              • Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                              • Instruction Fuzzy Hash: 22F06275B00200EF8714DF0AC544C9577F6FB857147654596D5049B321D3B4FD44CB50
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: WSAAsyncGetHostByName$WSAAsyncSelect$WSACancelAsyncRequest$WSACleanup$WSAGetLastError$WSAStartup$WSOCK32.DLL$accept$bind$closesocket$connect$htonl$htons$inet_addr$listen$recv$recvfrom$send$sendto$socket
                                              • API String ID: 0-3677570488
                                              • Opcode ID: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                              • Instruction ID: 8c9ac86f1f98df4bb1f2f2f05f7a43d8bd4a8589446ea9a4d4fdb8b68f6288ad
                                              • Opcode Fuzzy Hash: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                              • Instruction Fuzzy Hash: 5031DE71D523646AD7206BB9EC19DEF3EACFBB6704B510517F000972A0EAF88458AF94
                                              APIs
                                              • EnterCriticalSection.KERNEL32 ref: 004F4A89
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4AFB
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4BF2
                                              • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F4CEA
                                              • LeaveCriticalSection.KERNEL32(?,?), ref: 004F4CFD
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4D17
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4D1A
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4D36
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4D5D
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4D66
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4D81
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4D87
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4DB6
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4DC0
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4E05
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4E11
                                              • LeaveCriticalSection.KERNEL32(?,00000000), ref: 004F4E7D
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4E9C
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4EB3
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4ED9
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4EF4
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4F06
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Leave$Enter
                                              • String ID: NetStream.Play.Start$NetStream.Play.Stop$NetStream.Play.StreamNotFound$NetStream.Seek.InvalidTime$NetStream.Seek.Notify$error$status
                                              • API String ID: 2978645861-761530088
                                              • Opcode ID: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                              • Instruction ID: 162dc2aece2cb8deeda7270d3cf99ca9d96a23cce06d37320eaaf024755f17c1
                                              • Opcode Fuzzy Hash: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                              • Instruction Fuzzy Hash: C7E190352047459FD320DB34C845BABBBE1BF89714F04895DE9AA57382CB74F80ACB65
                                              APIs
                                              • DestroyWindow.USER32(?,?,?,?,?), ref: 004D5D5F
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: DestroyWindow
                                              • String ID: D$FSCommand:$\fscommand$allowscale$exec$fullscreen$quit$showmenu$trapallkeys
                                              • API String ID: 3375834691-1928458085
                                              • Opcode ID: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                              • Instruction ID: 7647b0b3e504c4bbb0374484e0d8b702cf2a7569de5a553b4a60fd35f403e9ef
                                              • Opcode Fuzzy Hash: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                              • Instruction Fuzzy Hash: 27914C35504B015BCB24EF28EC617FBB791AFA6309F44451FE8888B341DB2A990BC7D9
                                              APIs
                                              • GetWindowLongA.USER32(?,000000F0), ref: 004DB511
                                              • GetWindowRect.USER32(?,?), ref: 004DB531
                                              • GetClientRect.USER32(?,?), ref: 004DB541
                                              • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB55D
                                              • GetMenu.USER32(?), ref: 004DB581
                                              • SetMenu.USER32(?,00000000), ref: 004DB596
                                              • GetDesktopWindow.USER32 ref: 004DB5B0
                                              • GetWindowRect.USER32(00000000,?), ref: 004DB5BC
                                              • SetWindowPos.USER32(?,00000000,?,?,?,?,00000000,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB5E1
                                              • GetWindowLongA.USER32(?,000000F0), ref: 004DB604
                                              • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB62A
                                              • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB66D
                                              • GetWindowRect.USER32(?,?), ref: 004DB6A5
                                              • GetClientRect.USER32(?,?), ref: 004DB6B7
                                              • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB702
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: Window$Rect$Long$ClientMenuMove$Desktop
                                              • String ID:
                                              • API String ID: 3087884050-0
                                              • Opcode ID: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                              • Instruction ID: afb7dc4107877f96dc9ff69242aee4b267e14dc018c2a581ac30f1de2d6509eb
                                              • Opcode Fuzzy Hash: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                              • Instruction Fuzzy Hash: 1C61F7756047009FE714CF79D888FA7B7E9EB98314F108A1EE5AA83344DE74B8088B65
                                              APIs
                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFE8F
                                              • RegQueryValueExW.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFEC1
                                              • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFF52
                                              • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFF84
                                              • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFFF3
                                              • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004D0021
                                              • RegCloseKey.ADVAPI32(00000000), ref: 004D0043
                                                • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: OpenQueryValue$CloseVersion
                                              • String ID: AppData$AppData$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                              • API String ID: 3944000476-502054578
                                              • Opcode ID: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                              • Instruction ID: f72081d33d1e3e5e856db847e9c33e0e25e3821136d69a0383b26c3c547fa845
                                              • Opcode Fuzzy Hash: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                              • Instruction Fuzzy Hash: 0151B2715087017BC725DB50EC95FAB73E8AF88754F00891EF98553381EAB9D80AC7AA
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,00000000,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F606E
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F608D
                                              • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6111
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F611B
                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F612B
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6135
                                                • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                                • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                                • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                                • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                                • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                                • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                              • EnterCriticalSection.KERNEL32(?,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F61D1
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6212
                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F621C
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6244
                                              • EnterCriticalSection.KERNEL32(?,00000001,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6268
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62A9
                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62B3
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62DB
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave
                                              • String ID:
                                              • API String ID: 3168844106-0
                                              • Opcode ID: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                              • Instruction ID: 143f1fb28292c6c8f5848ec82d72cb0c1768edffe3cb57bca7300ec5568bca4f
                                              • Opcode Fuzzy Hash: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                              • Instruction Fuzzy Hash: 2AA1113020430E8BC725DF349854BBBBBB9AF94304F15056EFA5687382DB79E809CB65
                                              APIs
                                              • StartDocA.GDI32(?,00000000), ref: 004D7F29
                                              • GetDeviceCaps.GDI32(?,00000008), ref: 004D7F47
                                              • GetDeviceCaps.GDI32(?,0000000A), ref: 004D7F55
                                              • LPtoDP.GDI32(00000000,00000002), ref: 004D7F83
                                              • GetDeviceCaps.GDI32(00000000,0000006E), ref: 004D7FA0
                                              • GetDeviceCaps.GDI32(00000000,0000006F), ref: 004D7FAE
                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 004D7FBC
                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004D7FD2
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CapsDevice$Start
                                              • String ID: portrait
                                              • API String ID: 1738886688-2504013051
                                              • Opcode ID: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                              • Instruction ID: 78bfa520cedcb1c13f518f393ea8421dc938ea51f70754ce75912898c89e0c82
                                              • Opcode Fuzzy Hash: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                              • Instruction Fuzzy Hash: 7641DFB0604B109FC324DF2AD980A1AFBF5BF98710F108A1EE58A877A1D771E845CF91
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,00000000,?,00000000,00000000,?,004AC0BD,?,?), ref: 004F705A
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F7081
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F709A
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F70A3
                                              • timeGetTime.WINMM(00000000,00000000,00000000,00000000,?), ref: 004F7390
                                              • LeaveCriticalSection.KERNEL32(?,?), ref: 004F73D5
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Leave$Enter$Timetime
                                              • String ID:
                                              • API String ID: 4022644143-0
                                              • Opcode ID: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                              • Instruction ID: 3d57daaa4b40982c2e4bbac1192c2a7fdd3e5fb289d79a2cbb097eeb1d58369f
                                              • Opcode Fuzzy Hash: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                              • Instruction Fuzzy Hash: 60A12B303083495BC7259F398890BBBBBE59F85700F04456EFA9AC7392DB6CE905D768
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,?,00000000,004F7352,?), ref: 004F2A19
                                              • timeGetTime.WINMM ref: 004F2A25
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F2A39
                                              • timeGetTime.WINMM(?), ref: 004F2A46
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F2AD7
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$LeaveTimetime$Enter
                                              • String ID: NetStream.Buffer.Empty$NetStream.Buffer.Full$status
                                              • API String ID: 2943255653-4242577526
                                              • Opcode ID: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                              • Instruction ID: adfbc573f46a5ae42de3eb127535f59d6c3a8125dfae6686c248f3bcdabba04f
                                              • Opcode Fuzzy Hash: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                              • Instruction Fuzzy Hash: 33217471740705ABD7308F14DD86B6BB7A4FB50B21F24462BF267966D0C7B4B8408754
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B64,00000002), ref: 004F3ED0
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F3EDE
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F3F20
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Leave$Enter
                                              • String ID:
                                              • API String ID: 2978645861-0
                                              • Opcode ID: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                              • Instruction ID: 85195bc957575009e4a7604c5a43e45099f91f30af12cfc7e5b33174ac27f883
                                              • Opcode Fuzzy Hash: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                              • Instruction Fuzzy Hash: BF81C0316047494FC724DF39989057BB7F1AF853117148A2FE6A787B81DB38E805CB68
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?), ref: 00401181
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004011B1
                                              • timeGetTime.WINMM ref: 004011C5
                                              • timeGetTime.WINMM ref: 004011D5
                                              • EnterCriticalSection.KERNEL32(?), ref: 004011E3
                                              • LeaveCriticalSection.KERNEL32(?), ref: 0040122A
                                              • timeGetTime.WINMM ref: 0040123E
                                              • EnterCriticalSection.KERNEL32(?), ref: 00401261
                                              • LeaveCriticalSection.KERNEL32(?), ref: 0040129E
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeaveTimetime
                                              • String ID:
                                              • API String ID: 3486229058-0
                                              • Opcode ID: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                              • Instruction ID: b4a63a4f06c8fcffd2d454e61e85ed039b73bf68413dd997414ba6e559c29426
                                              • Opcode Fuzzy Hash: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                              • Instruction Fuzzy Hash: 6641D6357003148FCB309F60E80466BB7F4AF6575470486AEE896BB3E1DB38EC459AA5
                                              APIs
                                              • InterlockedExchange.KERNEL32(00000020,00000000), ref: 00411B68
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: ExchangeInterlocked
                                              • String ID: GET$_bytesLoaded$_bytesTotal$_customHeaders$contentType$loaded
                                              • API String ID: 367298776-2876428247
                                              • Opcode ID: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                              • Instruction ID: 337a073203a489cf9af6a636d5e82807fd5ac3b12a53b57697a6972a4ae57270
                                              • Opcode Fuzzy Hash: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                              • Instruction Fuzzy Hash: F6D126706047056BC714EF65D842AABB7E5BF88304F404A2EFA4687392EB38F945C799
                                              APIs
                                              • type_info::operator==.LIBVCRUNTIME ref: 007CE960
                                              • ___TypeMatch.LIBVCRUNTIME ref: 007CEA6E
                                              • _UnwindNestedFrames.LIBCMT ref: 007CEBC0
                                              • CallUnexpected.LIBVCRUNTIME ref: 007CEBDB
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000003.2306942713.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_3_7a0000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                              • String ID: csm$csm$csm
                                              • API String ID: 2751267872-393685449
                                              • Opcode ID: b9ab95a4e47fab344a6e7ab70ab3b70abf1309b41cdc95eee017af9d9d86d884
                                              • Instruction ID: 80a19a395c9a15051bf72db8e440a3931cb9153654a270fcd77bb47acce935fb
                                              • Opcode Fuzzy Hash: b9ab95a4e47fab344a6e7ab70ab3b70abf1309b41cdc95eee017af9d9d86d884
                                              • Instruction Fuzzy Hash: 2FB11871800209EFCF29DFA4C885EAEBBB5BF14310F14456EE8156B212D779EE51CB92
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,004F5BA3,00000000), ref: 004F34EA
                                              • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3537
                                              • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3545
                                              • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3556
                                              • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F355F
                                              • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3594
                                              • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F359D
                                              • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36AD
                                              • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36BB
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Enter$Leave
                                              • String ID:
                                              • API String ID: 2801635615-0
                                              • Opcode ID: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                              • Instruction ID: 93c01fc31a9ee7373f9c1d93048bf40271cec5808ab28bfcb2eca2428eaae834
                                              • Opcode Fuzzy Hash: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                              • Instruction Fuzzy Hash: 1F51BE3020474A9BD7249F319558BBBBBF8AF84742F04485EE5DEC3361DB28EA08C724
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,?,?), ref: 004F3709
                                              • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F374C
                                              • LeaveCriticalSection.KERNEL32(?,?), ref: 004F375C
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F376D
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F377A
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F37A9
                                              • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F37C5
                                              • LeaveCriticalSection.KERNEL32(?,?), ref: 004F37D5
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F37EC
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Leave$Enter
                                              • String ID:
                                              • API String ID: 2978645861-0
                                              • Opcode ID: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                              • Instruction ID: 1822ab8b2bc00c4b335a7296647f06df4fe24da2c1cedc303b1505dbbb5a7089
                                              • Opcode Fuzzy Hash: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                              • Instruction Fuzzy Hash: 2831D1B11087894BC610AF35A9807EBFBF8BF89714F04499DE5E953251C734AA1DC726
                                              APIs
                                              • _ValidateLocalCookies.LIBCMT ref: 007CD977
                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 007CD97F
                                              • _ValidateLocalCookies.LIBCMT ref: 007CDA08
                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 007CDA33
                                              • _ValidateLocalCookies.LIBCMT ref: 007CDA88
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000003.2306942713.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_3_7a0000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                              • String ID: csm
                                              • API String ID: 1170836740-1018135373
                                              • Opcode ID: 2566e749357cb0ba2efa1a1b021d70087ff1bea505c1d32106b274d3e2014b22
                                              • Instruction ID: 73b477d21b9d6c7fbad3c11516e8685cf2d8cd7839a9f3f5ee876fcc05aaaf28
                                              • Opcode Fuzzy Hash: 2566e749357cb0ba2efa1a1b021d70087ff1bea505c1d32106b274d3e2014b22
                                              • Instruction Fuzzy Hash: 3F416F34A00209DBCF20DF68C885F9EBBB5EF45324F14816DE819AB392D739AD15CB91
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: localhost
                                              • API String ID: 0-2663516195
                                              • Opcode ID: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                              • Instruction ID: cf482c115b2fa46a5b5609c5aae3d134ea41c2cdeafd480f3feffcf81808ee73
                                              • Opcode Fuzzy Hash: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                              • Instruction Fuzzy Hash: 9131ED30208311ABDB20DF249C85BBBB7E5FF95710F004A1EF9559B381E7719948C7A6
                                              APIs
                                              • timeGetTime.WINMM(00000000), ref: 004145E1
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: Timetime
                                              • String ID: gfff$gfff$gfff$gfff
                                              • API String ID: 17336451-2178600047
                                              • Opcode ID: 36ada0748ce7ae867fc8d0b968c8e92e83edef51ded80e37bf17f681d92f4674
                                              • Instruction ID: e32ce3efbecf0e845fb5c017bd6949167df468d5a0ad1b28c98723774e94ba96
                                              • Opcode Fuzzy Hash: 36ada0748ce7ae867fc8d0b968c8e92e83edef51ded80e37bf17f681d92f4674
                                              • Instruction Fuzzy Hash: 79C17E313046059BD718DF15C494BEA77A6BFC8704F18856EE8498F382CB79ED42CB9A
                                              APIs
                                              • timeKillEvent.WINMM(?,?,?,00000000,?,0041D4A9), ref: 004D8B13
                                              • Sleep.KERNEL32(00000001,?,0041D4A9), ref: 004D8B2D
                                              • waveOutReset.WINMM(?,?,0041D4A9), ref: 004D8B34
                                              • waveOutUnprepareHeader.WINMM(?,-000013C4,00000020,?,?,0041D4A9), ref: 004D8B5A
                                              • Sleep.KERNEL32(00000001,?,?,0041D4A9), ref: 004D8B63
                                              • waveOutClose.WINMM(?,?,0041D4A9), ref: 004D8B86
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: wave$Sleep$CloseEventHeaderKillResetUnpreparetime
                                              • String ID:
                                              • API String ID: 3030913982-0
                                              • Opcode ID: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                              • Instruction ID: 723e303dfaa0e6e3e16fcc3d7d301ea8209cd941138754b25ec6b12d62c8e06b
                                              • Opcode Fuzzy Hash: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                              • Instruction Fuzzy Hash: 0401ADB5A00214ABC3149F14EC88AAEB7F8FB98B11F00091BF41497301CB79A9598BF5
                                              APIs
                                              • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000,?,?,?,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF94E
                                              • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,-00000001,00000000,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF99D
                                              • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000), ref: 004CF9BF
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CreateFile
                                              • String ID: \\?\
                                              • API String ID: 823142352-4282027825
                                              • Opcode ID: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                              • Instruction ID: d900b4c61e2357813c95f9d4093febd61d3ae0210469f6574eac6d9984f09979
                                              • Opcode Fuzzy Hash: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                              • Instruction Fuzzy Hash: A141C2B5904300BBEB50EB21DC86F1B77A9EB89348F24092EF54597381D63DDC48C7A6
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,00000000,?,?,004DDFDB,000000FF,00000001,004DE7BA), ref: 004DD6FC
                                              • EnterCriticalSection.KERNEL32(?), ref: 004DD71E
                                                • Part of subcall function 004FA760: EnterCriticalSection.KERNEL32(?,?,00000000,0015381C,?,004DD732), ref: 004FA76A
                                                • Part of subcall function 004FA760: LeaveCriticalSection.KERNEL32(?), ref: 004FA77A
                                                • Part of subcall function 004DC9A0: EnterCriticalSection.KERNEL32 ref: 004DCA0C
                                                • Part of subcall function 004DC9A0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?), ref: 004DCA1D
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004DD741
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004DD744
                                              • EnterCriticalSection.KERNEL32(?), ref: 004DD74C
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004DD771
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004DD774
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Leave$Enter
                                              • String ID:
                                              • API String ID: 2978645861-0
                                              • Opcode ID: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                              • Instruction ID: 32add75de912499d63db8df7e296ef1919b4cd71e3024a8d459c2c8f380e6b48
                                              • Opcode Fuzzy Hash: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                              • Instruction Fuzzy Hash: 59012975302A155FD324EB2ADC90B6BE3F9AF91354F00842FE546C3750CB64FC058AA9
                                              APIs
                                              • CreateWindowExA.USER32(00000000,STATIC,Dummy,80000000,00000000,00000000,00000005,00000005,00000000,00000000,00000000,00000000), ref: 004D866B
                                              • SetWindowLongA.USER32(00000000,000000EB,00000000), ref: 004D8683
                                              • SetWindowLongA.USER32(?,000000FC,004D8520), ref: 004D8690
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: Window$Long$Create
                                              • String ID: Dummy$STATIC
                                              • API String ID: 1733017098-132613206
                                              • Opcode ID: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                              • Instruction ID: 60c9263fdfddd51d1a46959990d996e43c4a0f9c9599785539e6d357df671051
                                              • Opcode Fuzzy Hash: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                              • Instruction Fuzzy Hash: 35F0303138471076E630A66ABC06F57B6EC9B59F31F21071AB319F76E0DAE0F8004A2C
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,00000010,?,00000000,00000000,004EF87C,?,?,004AC02B,?,?), ref: 004F5A80
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F5A8A
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F5B2E
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F5B3D
                                              • EnterCriticalSection.KERNEL32(?,00000002), ref: 004F5B78
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F5B8A
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave
                                              • String ID:
                                              • API String ID: 3168844106-0
                                              • Opcode ID: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                              • Instruction ID: 42192e3c7faa4449eaa7148df56c5331408008ed83f87a65c0d534a8c29348b8
                                              • Opcode Fuzzy Hash: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                              • Instruction Fuzzy Hash: EE41B634300B0D5BD7259F319894BBB77A9AF80704F08415EEB6A8B392DB18FC15D768
                                              APIs
                                              • timeGetTime.WINMM(?,?,?,?,?,?), ref: 004F274C
                                              • EnterCriticalSection.KERNEL32(?,00000000,?,?,?), ref: 004F277D
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 004F2787
                                              • timeGetTime.WINMM(?,?), ref: 004F2792
                                              • timeGetTime.WINMM(?,?,?,?,?), ref: 004F27C6
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: Timetime$CriticalSection$EnterLeave
                                              • String ID:
                                              • API String ID: 1404962471-0
                                              • Opcode ID: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                              • Instruction ID: 9d8894fa7cd5c1a3a8d1574b016894ebc4e8e1121a62fd2c9071eafdbb47ea2c
                                              • Opcode Fuzzy Hash: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                              • Instruction Fuzzy Hash: B531BC35208B049BC314DF25E9956ABB7F1FFC9720F148A2DE4EA83390DB34A419CB56
                                              APIs
                                              • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 00529421
                                              • Sleep.KERNEL32(00000000,?,08000041,?,?,00529592,?,?), ref: 00529431
                                              • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 0052943A
                                              • InterlockedExchange.KERNEL32(00000378,00000000), ref: 0052944F
                                              • __aulldiv.LIBCMT ref: 0052947B
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: ExchangeInterlocked$Compare$Sleep__aulldiv
                                              • String ID:
                                              • API String ID: 1430435781-0
                                              • Opcode ID: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                              • Instruction ID: c7c6432b147b16162d76303af8a74e071e756cb34c164aed74e4a8b1f06fd785
                                              • Opcode Fuzzy Hash: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                              • Instruction Fuzzy Hash: 9C215AB15007409FD7219F2A9844A67FEFCFFA1705F10851FA45A873A1D7B4A904CB64
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave
                                              • String ID:
                                              • API String ID: 3168844106-0
                                              • Opcode ID: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                              • Instruction ID: 3111dceef54b192a201187cebb12310cd19e01e5115420dd7c98ed3fae01612e
                                              • Opcode Fuzzy Hash: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                              • Instruction Fuzzy Hash: 2921A73520174A4BD710AF66E888BFFB7B8EB60305F00852FEB4643251C779A84ADB64
                                              APIs
                                              • CreateSolidBrush.GDI32(?), ref: 004D802E
                                              • SelectObject.GDI32(?,00000000), ref: 004D8044
                                              • FillRect.USER32(?,?,00000000), ref: 004D8067
                                              • SelectObject.GDI32(?,00000000), ref: 004D8075
                                              • DeleteObject.GDI32(00000000), ref: 004D8078
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: Object$Select$BrushCreateDeleteFillRectSolid
                                              • String ID:
                                              • API String ID: 3777265051-0
                                              • Opcode ID: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                              • Instruction ID: d8a686452ba02d7e488f009474b8275e6b936404318e954abf19810798465268
                                              • Opcode Fuzzy Hash: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                              • Instruction Fuzzy Hash: 76019A752042046FC304DB69ED88C6B7BF8EACD614B000A5DFA8983312E635E806DB71
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E468C
                                              • LeaveCriticalSection.KERNEL32(?,0041D485), ref: 004E46A2
                                              • DeleteCriticalSection.KERNEL32(?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D0
                                              • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D9
                                              • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46E6
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Delete$EnterLeave
                                              • String ID:
                                              • API String ID: 3104255891-0
                                              • Opcode ID: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                              • Instruction ID: c031ed0988ac34fb64eb35ca7992c3622ed3d26c78e5592643255ae209dbdd49
                                              • Opcode Fuzzy Hash: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                              • Instruction Fuzzy Hash: D101D4B750060C5BC2106B35EC81BAF73A8AFC4214F05051EF54F93241DA68B8088BA1
                                              APIs
                                              • OpenClipboard.USER32(00000000), ref: 004D9C27
                                              • GetClipboardData.USER32(00000001), ref: 004D9C3A
                                              • GetClipboardData.USER32(0000000D), ref: 004D9C42
                                              • GetClipboardData.USER32(00000000), ref: 004D9C4B
                                              • CloseClipboard.USER32 ref: 004D9C56
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: Clipboard$Data$CloseOpen
                                              • String ID:
                                              • API String ID: 464010812-0
                                              • Opcode ID: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                              • Instruction ID: 2f18cbc0f6c8a3dbd26954e8439ab7c802a903eab365c315afdcc22c9d276e9e
                                              • Opcode Fuzzy Hash: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                              • Instruction Fuzzy Hash: 41E09AB230022517EB9026BA6C4CF97A2EC9F54F90F050123F604C6340E6A6CC0457B1
                                              APIs
                                              • GetFileAttributesExA.KERNEL32(?,00000000,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?), ref: 004CFE0F
                                                • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                              • GetFileAttributesExW.KERNEL32(00000000,00000000,?,?,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852), ref: 004CFDAF
                                              • GetFileAttributesExA.KERNEL32(00000000,00000000,?,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?,00000000), ref: 004CFDED
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: AttributesFile$Version
                                              • String ID: \\?\
                                              • API String ID: 3849939888-4282027825
                                              • Opcode ID: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                              • Instruction ID: f991edffad243b4bd670aca913d189ed867c40d808b57564552852d0b3f79ee3
                                              • Opcode Fuzzy Hash: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                              • Instruction Fuzzy Hash: 6431277A90031067D710AA65AC42FEB73995F85704F54042FF90687352EB6D9C0EC2EA
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,00000000,00000000), ref: 004FA67B
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004FA749
                                                • Part of subcall function 004F9B30: EnterCriticalSection.KERNEL32(?,00000000,?,004FA7A6,?,?,00153804), ref: 004F9B35
                                                • Part of subcall function 004F9B30: LeaveCriticalSection.KERNEL32(?), ref: 004F9B84
                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000100,00000000,00000000,?), ref: 004FA715
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave$ByteCharMultiWide
                                              • String ID: FriendlyName
                                              • API String ID: 904232820-3623505368
                                              • Opcode ID: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                              • Instruction ID: 4f25218f4a75fa1caa45750efdb6ff353ea89136e06b91a5ad3ed6f7a0914714
                                              • Opcode Fuzzy Hash: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                              • Instruction Fuzzy Hash: 9A212A75244301AFD220EB54DC49F5BB7F8BF88714F008A1DFA899B290D774F8098BA6
                                              APIs
                                              • CreateCompatibleDC.GDI32(00000000), ref: 004CADB4
                                              • CreateDIBSection.GDI32(00000000,?,00000000,?,00000000,00000000), ref: 004CADC8
                                              • GetObjectA.GDI32(00000000,00000018,?), ref: 004CADD8
                                              • DeleteDC.GDI32(00000000), ref: 004CADFF
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: Create$CompatibleDeleteObjectSection
                                              • String ID:
                                              • API String ID: 3137390749-0
                                              • Opcode ID: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                              • Instruction ID: ec125f8efd539a004f5243cd975522e641b23088832de904e1665531ca55df12
                                              • Opcode Fuzzy Hash: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                              • Instruction Fuzzy Hash: 2981AFB56043458FC324CF29D484A67FBF1BF98314F148A6ED58A87712D334E989CBA6
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000003.00000003.2306942713.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_3_7a0000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: AdjustPointer
                                              • String ID:
                                              • API String ID: 1740715915-0
                                              • Opcode ID: 4af2649a06a45dc76cd1df25169af1e6e16b6486a0d55f5c75e7710ced2ff155
                                              • Instruction ID: a93507f7373f89f0ff85a9b63645c339ff2de69c3e895bea3d106dbd0d861884
                                              • Opcode Fuzzy Hash: 4af2649a06a45dc76cd1df25169af1e6e16b6486a0d55f5c75e7710ced2ff155
                                              • Instruction Fuzzy Hash: 54510072601206EFDB298F14D985FBAB7A4FF54310F24452DEC069B2A1E779EC81DB90
                                              APIs
                                              • QueryPerformanceCounter.KERNEL32 ref: 0052AFF0
                                              • QueryPerformanceCounter.KERNEL32(?), ref: 0052B016
                                                • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C25F
                                                • Part of subcall function 0040C250: Sleep.KERNEL32(00000000,?,?,0052B390,?,004012F9,00000008), ref: 0040C272
                                                • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C279
                                              • InterlockedExchange.KERNEL32(?,00000000), ref: 0052B050
                                              • QueryPerformanceCounter.KERNEL32(?), ref: 0052B05B
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CounterExchangeInterlockedPerformanceQuery$Compare$Sleep
                                              • String ID:
                                              • API String ID: 188302963-0
                                              • Opcode ID: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                              • Instruction ID: 331ae7ec3883c6fb41667714d1c2397b805b788a0704fbfdebc2abdcd4384ec1
                                              • Opcode Fuzzy Hash: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                              • Instruction Fuzzy Hash: 19212A75604712ABC318DF65D884A9AF7E8BF89300F040A1DE85993780D734F918CBA2
                                              APIs
                                                • Part of subcall function 004E4850: waveInGetNumDevs.WINMM(defaultmicrophone,00000000,?,00000000,?,?,?,?,004E8459,?,?,?,?,?,?,?), ref: 004E489B
                                                • Part of subcall function 004E4C80: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C7E,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E4C8A
                                                • Part of subcall function 004E4C80: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E4CD7
                                                • Part of subcall function 004E3860: EnterCriticalSection.KERNEL32(?,00000000,?,004E5C91,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E3868
                                                • Part of subcall function 004E3860: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E388F
                                                • Part of subcall function 004E5B40: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C9B,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?), ref: 004E5B4C
                                                • Part of subcall function 004E5B40: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5B71
                                              • EnterCriticalSection.KERNEL32(00000004,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E5CA2
                                              • LeaveCriticalSection.KERNEL32(00000004,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5CB2
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave$Devswave
                                              • String ID: echosuppression$gain
                                              • API String ID: 967401230-1829011300
                                              • Opcode ID: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                              • Instruction ID: eec625d20ecc8ac728587d7ca18c0fda910ff7f544bd80cb39fcd025b5d808b6
                                              • Opcode Fuzzy Hash: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                              • Instruction Fuzzy Hash: 4C118E35700B449BC711EB67C9A1A2BB3B9BF8871AB15049EE5464B741CB24FC02CBA4
                                              APIs
                                                • Part of subcall function 0050B060: CreateEventA.KERNEL32(00000000,?,00000000,00000000,00000000,00509F02,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E), ref: 0050B06E
                                              • InitializeCriticalSection.KERNEL32(0000007C,00000001,00000001,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E,00549D98,?,?), ref: 00509F34
                                              • InitializeCriticalSection.KERNEL32(00000094,?,?,?,?,?,?,?,?,00153804), ref: 00509F3D
                                              • InitializeCriticalSection.KERNEL32 ref: 00509F6E
                                              • SetEvent.KERNEL32 ref: 00509F74
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalInitializeSection$Event$Create
                                              • String ID:
                                              • API String ID: 662013055-0
                                              • Opcode ID: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                              • Instruction ID: a00b6d7b902e657a52a59b9571d5736a80dfe09fbfe7896e9036a1fe9281f1e6
                                              • Opcode Fuzzy Hash: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                              • Instruction Fuzzy Hash: 9B21C4B1540B049FE320DF6AD884A9BFBE8FF94704F00490EE1AA83661D7B1B405CB61
                                              APIs
                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 007CDEAD
                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 007CDEC6
                                              Memory Dump Source
                                              • Source File: 00000003.00000003.2306942713.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_3_7a0000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: Value___vcrt_
                                              • String ID:
                                              • API String ID: 1426506684-0
                                              • Opcode ID: 5af91477f3fab8113df9f3b3bb695d5f487baed0130933ada832e6682755f51f
                                              • Instruction ID: 7a2976c3ed494013c0fe826b26b4fe6f248fde75f1add784ab675c13f6859036
                                              • Opcode Fuzzy Hash: 5af91477f3fab8113df9f3b3bb695d5f487baed0130933ada832e6682755f51f
                                              • Instruction Fuzzy Hash: 8401D83210A3519EA7343774BC89FA627A8FF557B5B24023EF525491E1EF294C12A250
                                              APIs
                                              • GetSystemDirectoryA.KERNEL32(?,00000105), ref: 004D2AB9
                                              • CreateCompatibleDC.GDI32(00000000), ref: 004D2B3D
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CompatibleCreateDirectorySystem
                                              • String ID: Macromed\Flash\
                                              • API String ID: 2606042488-1438515271
                                              • Opcode ID: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                              • Instruction ID: 299e9cb63676f09c6c690dce7675c16131e739682a5e940449f79e26451de6f9
                                              • Opcode Fuzzy Hash: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                              • Instruction Fuzzy Hash: 8F118A711047016FC704EF21EC52AAF77E4BF98704F40491EF19943281DB78A908CFAA
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B22,00000001,000000FF), ref: 004F2BFE
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F2C88
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F2CCE
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F2CF1
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Leave$Enter
                                              • String ID:
                                              • API String ID: 2978645861-0
                                              • Opcode ID: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                              • Instruction ID: d821757bbb06b5f881817bb4be3b83133dcd2ebdcf47b2e92145d0cebd45ebc1
                                              • Opcode Fuzzy Hash: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                              • Instruction Fuzzy Hash: D631D2762042854FD3248F29D898A3BBBF5EFD9351F19856EE696C7381C779D808C720
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,004F7247,?), ref: 004F64C1
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F64E6
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F64EC
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F6515
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave
                                              • String ID:
                                              • API String ID: 3168844106-0
                                              • Opcode ID: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                              • Instruction ID: c39e4b2d7a975ea5970b06f88a1f0ae82272a8bb6f48ad921d14b69448efe04b
                                              • Opcode Fuzzy Hash: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                              • Instruction Fuzzy Hash: FC0188352003485BC714EF24D880A77F3A9AF46258B19559DE5C657342CA39EC06CBA4
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?), ref: 0040139D
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004013B3
                                              • EnterCriticalSection.KERNEL32(00000005), ref: 004013CA
                                              • LeaveCriticalSection.KERNEL32(00000005), ref: 004013D8
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2311620124.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2311598541.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311799308.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311838443.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.2311905492.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_ZtnN5sSpDk.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave
                                              • String ID:
                                              • API String ID: 3168844106-0
                                              • Opcode ID: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                              • Instruction ID: 1dc668918495c93d19b35d2f921703afc781594381be1afc9f76799b5a6aac2f
                                              • Opcode Fuzzy Hash: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                              • Instruction Fuzzy Hash: 280112B620070AAFC310CF69D884946FBF8FFA8314B10C55AE95983711C771F956CBA0
                                              APIs
                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 004B0326
                                                • Part of subcall function 004B00A4: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 004B00CD
                                                • Part of subcall function 004B00A4: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 004B0279
                                              • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 004B0378
                                              • VirtualProtect.KERNELBASE(0000002C,?,00000040,?), ref: 004B03E7
                                              • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 004B0407
                                              • MapViewOfFile.KERNELBASE(?,00000004,00000000,00000000,00000000), ref: 004B042E
                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 004B0456
                                              • CloseHandle.KERNELBASE(?), ref: 004B0471
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000003.2307209143.00000000004B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 004B0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_3_4b0000_svchost.jbxd
                                              Similarity
                                              • API ID: Virtual$Alloc$Free$CloseFileHandleProtectView
                                              • String ID: ,
                                              • API String ID: 3867569247-3772416878
                                              • Opcode ID: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                              • Instruction ID: 0770210cfe12f7a97ff4b6ced7bae0e04c87bedfc9f51498925d4c671ebb1583
                                              • Opcode Fuzzy Hash: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                              • Instruction Fuzzy Hash: E6610AB1900209EFDB20DFA9C984ADFBBB8FF08355F14851AFA59A7241D734E941CB64
                                              APIs
                                              • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 004B00CD
                                              • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 004B0279
                                              Memory Dump Source
                                              • Source File: 00000004.00000003.2307209143.00000000004B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 004B0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_3_4b0000_svchost.jbxd
                                              Similarity
                                              • API ID: Virtual$AllocFree
                                              • String ID:
                                              • API String ID: 2087232378-0
                                              • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                              • Instruction ID: 8d5b5623917acf762ae40b145b77b7b0a7734b34b292d311720c8eb6d4b63619
                                              • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                              • Instruction Fuzzy Hash: 1271BD71E04249DFCB45CF98C885BEEBBF0AF09315F244096E461FB241C238AA85DF69

                                              Execution Graph

                                              Execution Coverage:33.4%
                                              Dynamic/Decrypted Code Coverage:100%
                                              Signature Coverage:83.3%
                                              Total number of Nodes:24
                                              Total number of Limit Nodes:0
                                              execution_graph 415 23c804d1cf4 417 23c804d1d19 415->417 416 23c804d1fa1 417->416 426 23c804d15c0 417->426 419 23c804d1f98 CloseHandle 419->416 420 23c804d1f88 NtAcceptConnectPort 420->419 421 23c804d1e3a 421->419 421->420 422 23c804d1ecd 421->422 429 23c804d0ac8 421->429 422->422 435 23c804d1aa4 NtAcceptConnectPort 422->435 427 23c804d15f4 NtAcceptConnectPort 426->427 427->421 430 23c804d0c62 429->430 431 23c804d0ae8 429->431 430->422 431->430 432 23c804d0be8 NtAcceptConnectPort 431->432 432->430 433 23c804d0c1b 432->433 433->430 434 23c804d0c33 NtAcceptConnectPort 433->434 434->430 436 23c804d1af7 435->436 440 23c804d1c04 435->440 441 23c804d1870 436->441 438 23c804d1b10 439 23c804d1bb6 NtAcceptConnectPort 438->439 439->440 440->420 442 23c804d1889 441->442 443 23c804d1930 GetProcessMitigationPolicy 442->443 444 23c804d1949 442->444 443->444 444->438

                                              Callgraph

                                              Control-flow Graph

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.2501204944.0000023C804D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000023C804D0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_23c804d0000_fontdrvhost.jbxd
                                              Similarity
                                              • API ID: AcceptCloseConnectHandlePort
                                              • String ID:
                                              • API String ID: 3811980168-0
                                              • Opcode ID: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                              • Instruction ID: f30d037865c512de3a35061c4a2c7607f90ff2420a0ad2d6903fd9d2755ab0b1
                                              • Opcode Fuzzy Hash: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                              • Instruction Fuzzy Hash: 0291E530548E18AFD765DB18D4457E573E1FBC4321F24475EDC8BD3296DA38AA42CB81

                                              Control-flow Graph

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.2501204944.0000023C804D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000023C804D0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_23c804d0000_fontdrvhost.jbxd
                                              Similarity
                                              • API ID: AcceptConnectPort
                                              • String ID:
                                              • API String ID: 1658770261-0
                                              • Opcode ID: 275693e7d66e5d53f7e2184dfa7c88ce453f9d9d0d3e8ba4525500231a394657
                                              • Instruction ID: 7744554a60a80b8feb1e30107d8d88401dfb1a3ca19d650009b68222c1226bf4
                                              • Opcode Fuzzy Hash: 275693e7d66e5d53f7e2184dfa7c88ce453f9d9d0d3e8ba4525500231a394657
                                              • Instruction Fuzzy Hash: D8512630958A650AE32DA6388899778B7D4F7C131AF34075ED8F3C61A3E928C747C782

                                              Control-flow Graph

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.2501204944.0000023C804D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000023C804D0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_23c804d0000_fontdrvhost.jbxd
                                              Similarity
                                              • API ID: AcceptConnectPort$MitigationPolicyProcess
                                              • String ID:
                                              • API String ID: 2923266908-0
                                              • Opcode ID: e7c877b781110a0d6e647df344fb2e40eb660a4b7f668a210715c22aed20397b
                                              • Instruction ID: a307bc3415d40f94aac41e35be04e605f4c1ec64af389354be92a3af91968754
                                              • Opcode Fuzzy Hash: e7c877b781110a0d6e647df344fb2e40eb660a4b7f668a210715c22aed20397b
                                              • Instruction Fuzzy Hash: C3410130208B489FDB44DF2C98897957BD0EB95320F1443AEEC5ACB2D7DA38CA49C795

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 118 23c804d15c0-23c804d15f2 119 23c804d15f9-23c804d15fb 118->119 120 23c804d15f4-23c804d15f7 118->120 122 23c804d160b-23c804d160d 119->122 123 23c804d15fd-23c804d1609 119->123 121 23c804d161f-23c804d166d NtAcceptConnectPort 120->121 124 23c804d161d 122->124 125 23c804d160f-23c804d161b 122->125 123->121 124->121 125->121
                                              APIs
                                              • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,00000000,0000023C804D1E3A), ref: 0000023C804D1654
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.2501204944.0000023C804D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000023C804D0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_23c804d0000_fontdrvhost.jbxd
                                              Similarity
                                              • API ID: AcceptConnectPort
                                              • String ID:
                                              • API String ID: 1658770261-0
                                              • Opcode ID: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                              • Instruction ID: c1c59eb01aeb4887fb57012f97292c2032b82164513246927a1cfa112a4c3f4a
                                              • Opcode Fuzzy Hash: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                              • Instruction Fuzzy Hash: 2A21A571508B089FDB59DF28C4C9A6AB7E1FBA8306F140A2FE84AD7260D734D684CB41

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 95 23c804d1870-23c804d18a0 call 23c804d08a4 * 2 100 23c804d1954-23c804d195b 95->100 101 23c804d18a6-23c804d18a9 95->101 101->100 102 23c804d18af-23c804d18b9 101->102 102->100 103 23c804d18bf-23c804d18c4 102->103 103->100 104 23c804d18ca-23c804d18d7 103->104 104->100 105 23c804d18d9-23c804d18e1 104->105 105->100 106 23c804d18e3-23c804d18ee 105->106 106->100 107 23c804d18f0-23c804d18f7 106->107 107->100 108 23c804d18f9-23c804d18fc 107->108 108->100 109 23c804d18fe-23c804d1906 108->109 109->100 110 23c804d1908-23c804d190b 109->110 110->100 111 23c804d190d-23c804d1916 110->111 111->100 112 23c804d1918-23c804d191c 111->112 112->100 113 23c804d191e-23c804d192e 112->113 113->100 115 23c804d1930-23c804d1947 GetProcessMitigationPolicy 113->115 115->100 116 23c804d1949-23c804d194e 115->116 116->100 117 23c804d1950-23c804d1951 116->117 117->100
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.2501204944.0000023C804D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000023C804D0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_23c804d0000_fontdrvhost.jbxd
                                              Similarity
                                              • API ID: MitigationPolicyProcess
                                              • String ID:
                                              • API String ID: 1088084561-0
                                              • Opcode ID: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                              • Instruction ID: f2d198d1358ad7eb6c29edeeddd7ec624210b9aa9a2b40dfc2e5b0e92a46c745
                                              • Opcode Fuzzy Hash: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                              • Instruction Fuzzy Hash: 00318870140A276EFBA6966884BC7F176D0EBD4322F2402E9CC17E71E2EA6DC749C740
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.2501204944.0000023C804D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000023C804D0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_23c804d0000_fontdrvhost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                              • Instruction ID: 1684949b0e2b346c4f6e13502068689c61c9b2d028cdf62c4328b71d82623ec0
                                              • Opcode Fuzzy Hash: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                              • Instruction Fuzzy Hash: CFB01130E2AA00C2E3880E0AB8023A0F2B2C30B300F02B2322002F3220CA28CC08028F