Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
LJqzegzQl0.exe

Overview

General Information

Sample name:LJqzegzQl0.exe
renamed because original name is a hash value
Original sample name:89ab7b2a427fd404cca623ffe85341fa.exe
Analysis ID:1568323
MD5:89ab7b2a427fd404cca623ffe85341fa
SHA1:329dd53f50faa14c1ffd8763feec1a9ae583bc1c
SHA256:c3427b813ad0c2e6563b844e6fc080a7f18ca62880e7f2119adaad4e278b1285
Tags:exeuser-abuse_ch
Infos:

Detection

RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected RHADAMANTHYS Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops large PE files
Injects a PE file into a foreign processes
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
One or more processes crash
PE file contains an invalid checksum
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic

Classification

  • System is w10x64
  • LJqzegzQl0.exe (PID: 4208 cmdline: "C:\Users\user\Desktop\LJqzegzQl0.exe" MD5: 89AB7B2A427FD404CCA623FFE85341FA)
    • LJqzegzQl0.exe (PID: 1436 cmdline: "C:\Users\user\Desktop\LJqzegzQl0.exe" MD5: 89AB7B2A427FD404CCA623FFE85341FA)
      • svchost.exe (PID: 6092 cmdline: "C:\Windows\System32\svchost.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
        • fontdrvhost.exe (PID: 5168 cmdline: "C:\Windows\System32\fontdrvhost.exe" MD5: BBCB897697B3442657C7D6E3EDDBD25F)
          • WerFault.exe (PID: 3416 cmdline: C:\Windows\system32\WerFault.exe -u -p 5168 -s 140 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
      • WerFault.exe (PID: 6044 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 432 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
RhadamanthysAccording to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search user.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys
{"C2 url": "https://104.37.175.221:7575/1b422f87470a4ca5005/tbr6h2fo.wje9e"}
SourceRuleDescriptionAuthorStrings
00000003.00000003.2315557030.0000000000970000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
    00000004.00000003.2319699004.0000000003190000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
      00000003.00000003.2318584844.00000000031D0000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
        00000003.00000003.2318366162.0000000002FB0000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
          00000003.00000002.2325367611.0000000000C70000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
            Click to see the 5 entries
            SourceRuleDescriptionAuthorStrings
            4.3.svchost.exe.50c0000.6.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
              4.3.svchost.exe.52e0000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                4.3.svchost.exe.50c0000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  3.3.LJqzegzQl0.exe.31d0000.7.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                    3.3.LJqzegzQl0.exe.31d0000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                      Click to see the 2 entries

                      System Summary

                      barindex
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\LJqzegzQl0.exe, ProcessId: 4208, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DiskTuner
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\LJqzegzQl0.exe", ParentImage: C:\Users\user\Desktop\LJqzegzQl0.exe, ParentProcessId: 1436, ParentProcessName: LJqzegzQl0.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 6092, ProcessName: svchost.exe
                      Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\LJqzegzQl0.exe", ParentImage: C:\Users\user\Desktop\LJqzegzQl0.exe, ParentProcessId: 1436, ParentProcessName: LJqzegzQl0.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 6092, ProcessName: svchost.exe
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-04T14:51:44.796117+010028548021Domain Observed Used for C2 Detected104.37.175.2217575192.168.2.649739TCP

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Source: 3.3.LJqzegzQl0.exe.7a0000.8.unpackMalware Configuration Extractor: Rhadamanthys {"C2 url": "https://104.37.175.221:7575/1b422f87470a4ca5005/tbr6h2fo.wje9e"}
                      Source: LJqzegzQl0.exeReversingLabs: Detection: 15%
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Source: LJqzegzQl0.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: Binary string: wkernel32.pdb source: LJqzegzQl0.exe, 00000003.00000003.2317914602.0000000002FB0000.00000004.00000001.00020000.00000000.sdmp, LJqzegzQl0.exe, 00000003.00000003.2318043424.00000000030D0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2324375206.00000000051E0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2324190486.00000000050C0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdb source: LJqzegzQl0.exe, 00000003.00000003.2318584844.00000000031D0000.00000004.00000001.00020000.00000000.sdmp, LJqzegzQl0.exe, 00000003.00000003.2318366162.0000000002FB0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2324826314.00000000050C0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2325296405.00000000052E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: LJqzegzQl0.exe, 00000003.00000003.2316914515.0000000002FB0000.00000004.00000001.00020000.00000000.sdmp, LJqzegzQl0.exe, 00000003.00000003.2317160970.00000000031A0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2321930084.00000000052B0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2320850670.00000000050C0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: LJqzegzQl0.exe, 00000003.00000003.2317661390.0000000003150000.00000004.00000001.00020000.00000000.sdmp, LJqzegzQl0.exe, 00000003.00000003.2317462093.0000000002FB0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2322949608.00000000050C0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2323769143.0000000005260000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdbUGP source: LJqzegzQl0.exe, 00000003.00000003.2316914515.0000000002FB0000.00000004.00000001.00020000.00000000.sdmp, LJqzegzQl0.exe, 00000003.00000003.2317160970.00000000031A0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2321930084.00000000052B0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2320850670.00000000050C0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: LJqzegzQl0.exe, 00000003.00000003.2317661390.0000000003150000.00000004.00000001.00020000.00000000.sdmp, LJqzegzQl0.exe, 00000003.00000003.2317462093.0000000002FB0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2322949608.00000000050C0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2323769143.0000000005260000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernel32.pdbUGP source: LJqzegzQl0.exe, 00000003.00000003.2317914602.0000000002FB0000.00000004.00000001.00020000.00000000.sdmp, LJqzegzQl0.exe, 00000003.00000003.2318043424.00000000030D0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2324375206.00000000051E0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2324190486.00000000050C0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdbUGP source: LJqzegzQl0.exe, 00000003.00000003.2318584844.00000000031D0000.00000004.00000001.00020000.00000000.sdmp, LJqzegzQl0.exe, 00000003.00000003.2318366162.0000000002FB0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2324826314.00000000050C0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2325296405.00000000052E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 4x nop then dec esp8_2_0000020CBBFA0511

                      Networking

                      barindex
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 104.37.175.221:7575 -> 192.168.2.6:49739
                      Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 104.37.175.221 7575Jump to behavior
                      Source: Malware configuration extractorURLs: https://104.37.175.221:7575/1b422f87470a4ca5005/tbr6h2fo.wje9e
                      Source: global trafficTCP traffic: 192.168.2.6:49739 -> 104.37.175.221:7575
                      Source: Joe Sandbox ViewASN Name: MAJESTIC-HOSTING-01US MAJESTIC-HOSTING-01US
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: LJqzegzQl0.exe, DiskTuner.exe.0.drString found in binary or memory: http://%shttp://a.SharedObject.BadPersistencependingSharedObject.UriMismatch
                      Source: LJqzegzQl0.exe, DiskTuner.exe.0.drString found in binary or memory: http://.macromedia.com/support/flashplayer/sys/https://SettingsSubdomainmms.cfgdefaultAuthorLocalSec
                      Source: LJqzegzQl0.exe, DiskTuner.exe.0.drString found in binary or memory: http://www.macromedia.com
                      Source: LJqzegzQl0.exe, DiskTuner.exe.0.drString found in binary or memory: http://www.macromedia.comhttps://www.macromedia.com/support/flashplayer/sys/&amp
                      Source: svchost.exe, 00000004.00000002.2418081422.000000000291C000.00000004.00000010.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2422450863.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, fontdrvhost.exe, 00000008.00000002.2523566609.0000020CBBFA0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://104.37.175.221:7575/1b422f87470a4ca5005/tbr6h2fo.wje9e
                      Source: svchost.exe, 00000004.00000002.2422450863.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000008.00000002.2523566609.0000020CBBFA0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://104.37.175.221:7575/1b422f87470a4ca5005/tbr6h2fo.wje9ekernelbasentdllkernel32GetProcessMitig
                      Source: svchost.exe, 00000004.00000002.2418081422.000000000291C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://104.37.175.221:7575/1b422f87470a4ca5005/tbr6h2fo.wje9ex
                      Source: svchost.exe, 00000004.00000003.2345091387.0000000002FA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-query
                      Source: svchost.exe, 00000004.00000003.2345091387.0000000002FA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachi
                      Source: LJqzegzQl0.exe, DiskTuner.exe.0.drString found in binary or memory: https://www.macromedia.com/bin/flashdownload.cgi
                      Source: LJqzegzQl0.exe, DiskTuner.exe.0.drString found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 0_2_004D9AB0 GlobalAlloc,GlobalLock,GlobalUnlock,WideCharToMultiByte,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,0_2_004D9AB0
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 0_2_004D9AB0 GlobalAlloc,GlobalLock,GlobalUnlock,WideCharToMultiByte,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,0_2_004D9AB0
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_2_004D9AB0 GlobalAlloc,GlobalLock,GlobalUnlock,WideCharToMultiByte,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,3_2_004D9AB0
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 0_2_004D9C20 OpenClipboard,GetClipboardData,GetClipboardData,GetClipboardData,GetClipboardData,CloseClipboard,0_2_004D9C20
                      Source: LJqzegzQl0.exe, 00000003.00000003.2318584844.00000000031D0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_a2639cf5-f
                      Source: LJqzegzQl0.exe, 00000003.00000003.2318584844.00000000031D0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_0e4e9573-e
                      Source: Yara matchFile source: 4.3.svchost.exe.50c0000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.svchost.exe.52e0000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.svchost.exe.50c0000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.LJqzegzQl0.exe.31d0000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.LJqzegzQl0.exe.31d0000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.svchost.exe.50c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.LJqzegzQl0.exe.2fb0000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000003.00000003.2318584844.00000000031D0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.2318366162.0000000002FB0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.2324826314.00000000050C0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.2325296405.00000000052E0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: LJqzegzQl0.exe PID: 1436, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 6092, type: MEMORYSTR

                      System Summary

                      barindex
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeFile dump: DiskTuner.exe.0.dr 979567349Jump to dropped file
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 8_2_0000020CBBFA0AC8 NtAcceptConnectPort,NtAcceptConnectPort,8_2_0000020CBBFA0AC8
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 8_2_0000020CBBFA15C0 NtAcceptConnectPort,8_2_0000020CBBFA15C0
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 8_2_0000020CBBFA1CF4 NtAcceptConnectPort,CloseHandle,8_2_0000020CBBFA1CF4
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 8_2_0000020CBBFA1AA4 NtAcceptConnectPort,NtAcceptConnectPort,8_2_0000020CBBFA1AA4
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 0_2_0040A0200_2_0040A020
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 0_2_0042D3000_2_0042D300
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 0_2_0043C3C00_2_0043C3C0
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 0_2_0042D39B0_2_0042D39B
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 0_2_0042D4F90_2_0042D4F9
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 0_2_0041B4B00_2_0041B4B0
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 0_2_004206700_2_00420670
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 0_2_004166210_2_00416621
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 0_2_0045E8700_2_0045E870
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 0_2_0047DA000_2_0047DA00
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 0_2_0040ACD00_2_0040ACD0
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 0_2_00429E100_2_00429E10
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 0_2_00464EE00_2_00464EE0
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_3_007D81D23_3_007D81D2
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_3_007CC2313_3_007CC231
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_3_007CC4003_3_007CC400
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_2_0040A0203_2_0040A020
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_2_0042D3003_2_0042D300
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_2_0042D39B3_2_0042D39B
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_2_004033A13_2_004033A1
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_2_0042D4F93_2_0042D4F9
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_2_0041B4B03_2_0041B4B0
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_2_004206703_2_00420670
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_2_004166213_2_00416621
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_2_0045E8703_2_0045E870
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_2_0047DA003_2_0047DA00
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_2_0040ACD03_2_0040ACD0
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_2_00429E103_2_00429E10
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_2_00464EE03_2_00464EE0
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 8_2_0000020CBBFA0C708_2_0000020CBBFA0C70
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: String function: 00435140 appears 66 times
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: String function: 007CCD90 appears 33 times
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: String function: 004C9120 appears 58 times
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: String function: 00435350 appears 68 times
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 432
                      Source: LJqzegzQl0.exeBinary or memory string: OriginalFilename vs LJqzegzQl0.exe
                      Source: LJqzegzQl0.exe, 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs LJqzegzQl0.exe
                      Source: LJqzegzQl0.exe, 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs LJqzegzQl0.exe
                      Source: LJqzegzQl0.exe, 00000000.00000002.2355052327.0000000002822000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs LJqzegzQl0.exe
                      Source: LJqzegzQl0.exe, 00000000.00000002.2354856527.0000000000CC9000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs LJqzegzQl0.exe
                      Source: LJqzegzQl0.exe, 00000000.00000000.2124009504.0000000000628000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs LJqzegzQl0.exe
                      Source: LJqzegzQl0.exe, 00000003.00000003.2319599509.00000000007E9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs LJqzegzQl0.exe
                      Source: LJqzegzQl0.exe, 00000003.00000003.2317914602.0000000002FB0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs LJqzegzQl0.exe
                      Source: LJqzegzQl0.exe, 00000003.00000003.2318043424.00000000030D0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs LJqzegzQl0.exe
                      Source: LJqzegzQl0.exe, 00000003.00000003.2317462093.00000000030D3000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs LJqzegzQl0.exe
                      Source: LJqzegzQl0.exe, 00000003.00000000.2303884740.0000000000628000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs LJqzegzQl0.exe
                      Source: LJqzegzQl0.exe, 00000003.00000003.2317160970.0000000003326000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs LJqzegzQl0.exe
                      Source: LJqzegzQl0.exe, 00000003.00000003.2318043424.0000000003120000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs LJqzegzQl0.exe
                      Source: LJqzegzQl0.exe, 00000003.00000003.2316914515.0000000003128000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs LJqzegzQl0.exe
                      Source: LJqzegzQl0.exe, 00000003.00000003.2317914602.0000000003042000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs LJqzegzQl0.exe
                      Source: LJqzegzQl0.exe, 00000003.00000003.2318366162.0000000002FB0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKernelbase.dllj% vs LJqzegzQl0.exe
                      Source: LJqzegzQl0.exe, 00000003.00000003.2318584844.00000000033B1000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKernelbase.dllj% vs LJqzegzQl0.exe
                      Source: LJqzegzQl0.exe, 00000003.00000003.2315855652.00000000007E9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs LJqzegzQl0.exe
                      Source: LJqzegzQl0.exe, 00000003.00000003.2317661390.000000000327D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs LJqzegzQl0.exe
                      Source: LJqzegzQl0.exeBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs LJqzegzQl0.exe
                      Source: LJqzegzQl0.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: LJqzegzQl0.exe, 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmp, LJqzegzQl0.exe, 00000000.00000002.2354856527.0000000000CC9000.00000040.00001000.00020000.00000000.sdmp, LJqzegzQl0.exe, 00000003.00000003.2319599509.00000000007E9000.00000040.00000400.00020000.00000000.sdmp, LJqzegzQl0.exe, 00000003.00000003.2315855652.00000000007E9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: .a_po^ ojYd.o B U.R G v.Q_F& ZNH K.9.sV`OQ qOq_A( N5.j P.X z.k.Yf_HL.P.L`.C Ue_q_B_t.h{_yr\=A f.3_q_Fvb_H_bm W.UP#.by_iY.Yw I.Y_G p.3c g.Zy S v.U.N C_m Z_i.H_j B l_DH_Pd.iz_O.f~ U z_Mv_d7 T Mz.f.594/}_m kS.v.D u.rZu.S G.N_x.V J.Q.G FO^.X<.6_fv.V ny.L,_E.2.m I_l.b$ Mx sZ.K! p.Y.U.V:U.89 R_H F3.d_R A UQ.C_y y Y Jb.Q_S.N.s< l_Ab~[_w9zV?!C9.N_HQ)*_n R.tP Ww_u aU;.V EPk Xr.Q0.y.A!]_b!7 g.R_pF.E_b o.o.q.o_E.T_rdfw.c}_ck.4.Y_w:_P.B(#`_xy_i.3_Y.A_N.q.6.YE_S_T.R H n.R_d_F.V.s_R68).I aL q.H b.W.Q!.r b_w c c$_va.X_v.tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_C_Q.e J q7E V P.LP_Q.kTN_c.F.D gc.hT_s_Q1
                      Source: LJqzegzQl0.exe, LJqzegzQl0.exe, 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmp, LJqzegzQl0.exe, 00000000.00000002.2354856527.0000000000CC9000.00000040.00001000.00020000.00000000.sdmp, LJqzegzQl0.exe, 00000003.00000003.2319599509.00000000007E9000.00000040.00000400.00020000.00000000.sdmp, LJqzegzQl0.exe, 00000003.00000003.2315855652.00000000007E9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: .tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_
                      Source: classification engineClassification label: mal100.troj.evad.winEXE@9/6@0/1
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 0_2_004F9340 CoCreateInstance,0_2_004F9340
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeFile created: C:\Users\user\Videos\DiskTunerJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-4e212ba9-745e-e058fa-ae0e346fff5f}
                      Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5168
                      Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\0ea46f84-3b52-4a23-b8d9-f8aa57d735e5Jump to behavior
                      Source: LJqzegzQl0.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: LJqzegzQl0.exeReversingLabs: Detection: 15%
                      Source: LJqzegzQl0.exeString found in binary or memory: ms-help:
                      Source: LJqzegzQl0.exeString found in binary or memory: B_flashuseCodepageStandAloneWIN 8,0,22,0A=%b&SA=%b&SV=%b&EV=%b&MP3=%b&AE=%b&VE=%b&ACC=%b&PR=%b&SP=%b&SB=%b&DEB=%b&V=%s%s&PT=%s&AVD=%b&LFD=%b&WD=%b%20http://%s/scriptms-help:mk:ms-itss:ms-its:its:vshelp:local:shell:
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeFile read: C:\Users\user\Desktop\LJqzegzQl0.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\LJqzegzQl0.exe "C:\Users\user\Desktop\LJqzegzQl0.exe"
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeProcess created: C:\Users\user\Desktop\LJqzegzQl0.exe "C:\Users\user\Desktop\LJqzegzQl0.exe"
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 432
                      Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Windows\System32\fontdrvhost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 5168 -s 140
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeProcess created: C:\Users\user\Desktop\LJqzegzQl0.exe "C:\Users\user\Desktop\LJqzegzQl0.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeSection loaded: wsock32.dllJump to behavior
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeSection loaded: k7rn7l32.dllJump to behavior
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeSection loaded: ntd3ll.dllJump to behavior
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: powrprof.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: umpdc.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
                      Source: LJqzegzQl0.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                      Source: LJqzegzQl0.exeStatic file information: File size 2981888 > 1048576
                      Source: LJqzegzQl0.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x13c000
                      Source: LJqzegzQl0.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x175000
                      Source: Binary string: wkernel32.pdb source: LJqzegzQl0.exe, 00000003.00000003.2317914602.0000000002FB0000.00000004.00000001.00020000.00000000.sdmp, LJqzegzQl0.exe, 00000003.00000003.2318043424.00000000030D0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2324375206.00000000051E0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2324190486.00000000050C0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdb source: LJqzegzQl0.exe, 00000003.00000003.2318584844.00000000031D0000.00000004.00000001.00020000.00000000.sdmp, LJqzegzQl0.exe, 00000003.00000003.2318366162.0000000002FB0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2324826314.00000000050C0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2325296405.00000000052E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: LJqzegzQl0.exe, 00000003.00000003.2316914515.0000000002FB0000.00000004.00000001.00020000.00000000.sdmp, LJqzegzQl0.exe, 00000003.00000003.2317160970.00000000031A0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2321930084.00000000052B0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2320850670.00000000050C0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: LJqzegzQl0.exe, 00000003.00000003.2317661390.0000000003150000.00000004.00000001.00020000.00000000.sdmp, LJqzegzQl0.exe, 00000003.00000003.2317462093.0000000002FB0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2322949608.00000000050C0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2323769143.0000000005260000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdbUGP source: LJqzegzQl0.exe, 00000003.00000003.2316914515.0000000002FB0000.00000004.00000001.00020000.00000000.sdmp, LJqzegzQl0.exe, 00000003.00000003.2317160970.00000000031A0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2321930084.00000000052B0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2320850670.00000000050C0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: LJqzegzQl0.exe, 00000003.00000003.2317661390.0000000003150000.00000004.00000001.00020000.00000000.sdmp, LJqzegzQl0.exe, 00000003.00000003.2317462093.0000000002FB0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2322949608.00000000050C0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2323769143.0000000005260000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernel32.pdbUGP source: LJqzegzQl0.exe, 00000003.00000003.2317914602.0000000002FB0000.00000004.00000001.00020000.00000000.sdmp, LJqzegzQl0.exe, 00000003.00000003.2318043424.00000000030D0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2324375206.00000000051E0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2324190486.00000000050C0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdbUGP source: LJqzegzQl0.exe, 00000003.00000003.2318584844.00000000031D0000.00000004.00000001.00020000.00000000.sdmp, LJqzegzQl0.exe, 00000003.00000003.2318366162.0000000002FB0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2324826314.00000000050C0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2325296405.00000000052E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 0_2_004D7960 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004D7960
                      Source: LJqzegzQl0.exeStatic PE information: real checksum: 0x241059 should be: 0x2e2a23
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 0_2_004CA770 push eax; ret 0_2_004CA784
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 0_2_004CA770 push eax; ret 0_2_004CA7AC
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_3_007DB86D push ebx; ret 3_3_007DB864
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_3_007DA840 push ebp; retf 3_3_007DA841
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_3_007DE83C pushad ; ret 3_3_007DE841
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_3_007DE80E push eax; iretd 3_3_007DE81D
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_3_007DA0F9 push FFFFFF82h; iretd 3_3_007DA0FB
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_3_007DD8A0 push 0000002Eh; iretd 3_3_007DD8A2
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_3_007D8904 push ecx; ret 3_3_007D8917
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_3_007DB1DD push eax; ret 3_3_007DB1DF
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_3_007DE586 pushad ; retf 3_3_007DE599
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_3_007D9F6A push eax; ret 3_3_007D9F75
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_3_007DB70B push ebx; ret 3_3_007DB864
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_2_004381E0 push ecx; retf 3_2_004382AC
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_2_004381A0 push ecx; retf 3_2_004382AC
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_2_004CA770 push eax; ret 3_2_004CA784
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_2_004CA770 push eax; ret 3_2_004CA7AC
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_2_00434C60 push edi; retf 3_2_00434D5F
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_2_00434CF0 push edi; retf 3_2_00434D5F
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_2_00434C90 push edi; retf 3_2_00434D5F
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_2_00434CB0 push edi; retf 3_2_00434D5F
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_2_00447D60 push ecx; retf 3_2_00447E0D
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_2_00436DB0 push ecx; retf 3_2_00436EEF
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_0295588E push eax; iretd 4_3_0295589D
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_029558BC pushad ; ret 4_3_029558C1
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_029518C0 push ebp; retf 4_3_029518C1
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_029528ED push ebx; ret 4_3_029528E4
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_02956012 push 00000038h; iretd 4_3_0295601D
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_02955606 pushad ; retf 4_3_02955619
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_0295225D push eax; ret 4_3_0295225F
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_0295278B push ebx; ret 4_3_029528E4
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeFile created: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exeJump to dropped file
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DiskTunerJump to behavior
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DiskTunerJump to behavior

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (31).png
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 0_2_004D7960 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004D7960
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeAPI/Special instruction interceptor: Address: 7FFDB442D044
                      Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFDB442D044
                      Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 562B83A
                      Source: LJqzegzQl0.exe, 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmp, LJqzegzQl0.exe, 00000000.00000002.2354856527.0000000000CC9000.00000040.00001000.00020000.00000000.sdmp, LJqzegzQl0.exe, 00000003.00000003.2319599509.00000000007E9000.00000040.00000400.00020000.00000000.sdmp, LJqzegzQl0.exe, 00000003.00000003.2315855652.00000000007E9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: ORIGINALFILENAMECFF EXPLORER.EXE:
                      Source: LJqzegzQl0.exeBinary or memory string: CFF EXPLORER.EXE
                      Source: LJqzegzQl0.exe, 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmp, LJqzegzQl0.exe, 00000000.00000002.2354856527.0000000000CC9000.00000040.00001000.00020000.00000000.sdmp, LJqzegzQl0.exe, 00000003.00000003.2319599509.00000000007E9000.00000040.00000400.00020000.00000000.sdmp, LJqzegzQl0.exe, 00000003.00000003.2315855652.00000000007E9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: INTERNALNAMECFF EXPLORER.EXE
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeDropped PE file which has not been started: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exeJump to dropped file
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeAPI coverage: 0.4 %
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: svchost.exe, 00000004.00000003.2325296405.00000000052E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                      Source: svchost.exe, 00000004.00000002.2422420471.0000000002E6D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2421342787.0000000002E00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: svchost.exe, 00000004.00000002.2422286644.0000000002E24000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
                      Source: svchost.exe, 00000004.00000003.2325296405.00000000052E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_3_007D9098 VirtualAlloc,LdrInitializeThunk,VirtualFree,3_3_007D9098
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 0_2_004D7960 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004D7960
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_3_007D9277 mov eax, dword ptr fs:[00000030h]3_3_007D9277
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_02950283 mov eax, dword ptr fs:[00000030h]4_3_02950283
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 0_2_0052B440 GetProcessHeap,HeapAlloc,0_2_0052B440
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeProcess created: C:\Users\user\Desktop\LJqzegzQl0.exe "C:\Users\user\Desktop\LJqzegzQl0.exe"Jump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 104.37.175.221 7575Jump to behavior
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeMemory written: C:\Users\user\Desktop\LJqzegzQl0.exe base: 7A0000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 3_3_007CCDD5 cpuid 3_3_007CCDD5
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: GetCurrentThreadId,GetKeyboardLayout,GetLocaleInfoA,0_2_004C9670
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: GetCurrentThreadId,GetKeyboardLayout,GetLocaleInfoA,3_2_004C9670
                      Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 0_2_004CE5B0 GetSystemTime,GetTimeZoneInformation,0_2_004CE5B0
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 0_2_004CE5B0 GetSystemTime,GetTimeZoneInformation,0_2_004CE5B0
                      Source: C:\Users\user\Desktop\LJqzegzQl0.exeCode function: 0_2_004CB0E0 GetVersionExA,0_2_004CB0E0
                      Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Source: Yara matchFile source: 00000003.00000003.2315557030.0000000000970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.2319699004.0000000003190000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2325367611.0000000000C70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2422887163.00000000031A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                      Remote Access Functionality

                      barindex
                      Source: Yara matchFile source: 00000003.00000003.2315557030.0000000000970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.2319699004.0000000003190000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2325367611.0000000000C70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2422887163.00000000031A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
                      Windows Management Instrumentation
                      1
                      Registry Run Keys / Startup Folder
                      211
                      Process Injection
                      11
                      Masquerading
                      21
                      Input Capture
                      2
                      System Time Discovery
                      Remote Services21
                      Input Capture
                      1
                      Encrypted Channel
                      Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts2
                      Command and Scripting Interpreter
                      1
                      DLL Side-Loading
                      1
                      Registry Run Keys / Startup Folder
                      1
                      Virtualization/Sandbox Evasion
                      LSASS Memory221
                      Security Software Discovery
                      Remote Desktop Protocol1
                      Archive Collected Data
                      1
                      Non-Standard Port
                      Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts1
                      Native API
                      Logon Script (Windows)1
                      DLL Side-Loading
                      1
                      Disable or Modify Tools
                      Security Account Manager1
                      Virtualization/Sandbox Evasion
                      SMB/Windows Admin Shares3
                      Clipboard Data
                      1
                      Application Layer Protocol
                      Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook211
                      Process Injection
                      NTDS1
                      Process Discovery
                      Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      Deobfuscate/Decode Files or Information
                      LSA Secrets135
                      System Information Discovery
                      SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
                      Obfuscated Files or Information
                      Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                      DLL Side-Loading
                      DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand
                      SourceDetectionScannerLabelLink
                      LJqzegzQl0.exe16%ReversingLabs
                      No Antivirus matches
                      No Antivirus matches
                      No Antivirus matches
                      SourceDetectionScannerLabelLink
                      https://104.37.175.221:7575/1b422f87470a4ca5005/tbr6h2fo.wje9e0%Avira URL Cloudsafe
                      http://.macromedia.com/support/flashplayer/sys/https://SettingsSubdomainmms.cfgdefaultAuthorLocalSec0%Avira URL Cloudsafe
                      https://104.37.175.221:7575/1b422f87470a4ca5005/tbr6h2fo.wje9ekernelbasentdllkernel32GetProcessMitig0%Avira URL Cloudsafe
                      http://%shttp://a.SharedObject.BadPersistencependingSharedObject.UriMismatch0%Avira URL Cloudsafe
                      https://104.37.175.221:7575/1b422f87470a4ca5005/tbr6h2fo.wje9ex0%Avira URL Cloudsafe
                      No contacted domains info
                      NameMaliciousAntivirus DetectionReputation
                      https://104.37.175.221:7575/1b422f87470a4ca5005/tbr6h2fo.wje9etrue
                      • Avira URL Cloud: safe
                      unknown
                      NameSourceMaliciousAntivirus DetectionReputation
                      https://cloudflare-dns.com/dns-querysvchost.exe, 00000004.00000003.2345091387.0000000002FA0000.00000004.00000020.00020000.00000000.sdmpfalse
                        high
                        http://www.macromedia.comLJqzegzQl0.exe, DiskTuner.exe.0.drfalse
                          high
                          https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachisvchost.exe, 00000004.00000003.2345091387.0000000002FA0000.00000004.00000020.00020000.00000000.sdmpfalse
                            high
                            http://%shttp://a.SharedObject.BadPersistencependingSharedObject.UriMismatchLJqzegzQl0.exe, DiskTuner.exe.0.drfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://.macromedia.com/support/flashplayer/sys/https://SettingsSubdomainmms.cfgdefaultAuthorLocalSecLJqzegzQl0.exe, DiskTuner.exe.0.drfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://www.macromedia.comhttps://www.macromedia.com/support/flashplayer/sys/&ampLJqzegzQl0.exe, DiskTuner.exe.0.drfalse
                              high
                              https://104.37.175.221:7575/1b422f87470a4ca5005/tbr6h2fo.wje9ekernelbasentdllkernel32GetProcessMitigsvchost.exe, 00000004.00000002.2422450863.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000008.00000002.2523566609.0000020CBBFA0000.00000040.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://www.macromedia.com/bin/flashdownload.cgiLJqzegzQl0.exe, DiskTuner.exe.0.drfalse
                                high
                                https://www.macromedia.com/support/flashplayer/sys/LJqzegzQl0.exe, DiskTuner.exe.0.drfalse
                                  high
                                  https://104.37.175.221:7575/1b422f87470a4ca5005/tbr6h2fo.wje9exsvchost.exe, 00000004.00000002.2418081422.000000000291C000.00000004.00000010.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs
                                  IPDomainCountryFlagASNASN NameMalicious
                                  104.37.175.221
                                  unknownUnited States
                                  396073MAJESTIC-HOSTING-01UStrue
                                  Joe Sandbox version:41.0.0 Charoite
                                  Analysis ID:1568323
                                  Start date and time:2024-12-04 14:50:29 +01:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 8m 12s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:12
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Sample name:LJqzegzQl0.exe
                                  renamed because original name is a hash value
                                  Original Sample Name:89ab7b2a427fd404cca623ffe85341fa.exe
                                  Detection:MAL
                                  Classification:mal100.troj.evad.winEXE@9/6@0/1
                                  EGA Information:
                                  • Successful, ratio: 50%
                                  HCA Information:Failed
                                  Cookbook Comments:
                                  • Found application associated with file extension: .exe
                                  • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                  • Excluded IPs from analysis (whitelisted): 20.189.173.20
                                  • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                  • Execution Graph export aborted for target LJqzegzQl0.exe, PID 1436 because there are no executed function
                                  • Execution Graph export aborted for target svchost.exe, PID 6092 because there are no executed function
                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                  • VT rate limit hit for: LJqzegzQl0.exe
                                  TimeTypeDescription
                                  08:52:00API Interceptor1x Sleep call for process: WerFault.exe modified
                                  14:51:44AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run DiskTuner C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe
                                  14:51:52AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run DiskTuner C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe
                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  104.37.175.221wg7SDQAffQ.exeGet hashmaliciousRHADAMANTHYSBrowse
                                    No context
                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    MAJESTIC-HOSTING-01USZtnN5sSpDk.exeGet hashmaliciousRHADAMANTHYSBrowse
                                    • 104.37.175.232
                                    wg7SDQAffQ.exeGet hashmaliciousRHADAMANTHYSBrowse
                                    • 104.37.175.221
                                    Readme.lnk.download.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                    • 104.37.175.232
                                    098aPtSbmd.batGet hashmaliciousRHADAMANTHYSBrowse
                                    • 104.37.175.232
                                    loader.ps1.batGet hashmaliciousRHADAMANTHYSBrowse
                                    • 104.37.175.232
                                    readme.exeGet hashmaliciousRHADAMANTHYSBrowse
                                    • 104.37.175.232
                                    Documenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                    • 104.37.175.232
                                    loligang.ppc.elfGet hashmaliciousMiraiBrowse
                                    • 191.96.140.127
                                    file.exeGet hashmaliciousDarkTortilla, RHADAMANTHYSBrowse
                                    • 104.37.175.218
                                    file.exeGet hashmaliciousRHADAMANTHYSBrowse
                                    • 104.37.175.218
                                    No context
                                    No context
                                    Process:C:\Windows\System32\WerFault.exe
                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):65536
                                    Entropy (8bit):0.6600586185917492
                                    Encrypted:false
                                    SSDEEP:96:zeqFmG3e9jqigKJds3Wrk41yHpHS2QXIDcQkc6tcEycw3ZUtzJzQ+HbHgrZ2ZAXR:JrSjHndxR0apYKjqzuiFKZ24lO8JO
                                    MD5:8749F81B7FDF280CB455BC2F09F1483D
                                    SHA1:50816D00C087477F4A5E20B71516F4B3C36B6EAE
                                    SHA-256:8B6F870ADC5F31F54380C4862CA9E37EFF9AA3C60344B8A0A471D5047E071984
                                    SHA-512:446BFEB22FB5121ED22DB1DDB2DFF358DDB0B233B6FAD758E1B96BDF948437CD7772B4157777232D97D99FEED0278C9BEC9724705235E2D7ED20565DBC2F9A2E
                                    Malicious:false
                                    Reputation:low
                                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.7.7.9.3.9.1.3.3.8.2.4.0.5.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.7.7.9.3.9.1.4.0.3.8.6.6.0.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.3.7.5.7.7.f.9.-.0.a.d.3.-.4.1.5.e.-.a.f.4.b.-.a.5.0.e.0.6.c.f.f.1.4.4.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.7.1.e.b.e.7.b.-.c.f.8.4.-.4.c.5.b.-.b.4.b.c.-.8.2.a.7.a.d.8.a.7.0.6.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.4.3.0.-.0.0.0.1.-.0.0.1.5.-.9.3.7.7.-.a.f.a.a.5.3.4.6.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.5.e.f.b.3.f.9.7.3.4.2.b.a.1.9.5.4.2.4.1.3.4.f.2.8.f.9.7.7.d.a.9.e.0.d.6.a.a.9.1.!.f.o.n.t.d.r.v.h.o.
                                    Process:C:\Windows\System32\WerFault.exe
                                    File Type:Mini DuMP crash report, 14 streams, Wed Dec 4 13:51:53 2024, 0x1205a4 type
                                    Category:dropped
                                    Size (bytes):46214
                                    Entropy (8bit):1.308133410127976
                                    Encrypted:false
                                    SSDEEP:96:5t8334Rdn9HywI5mWTS7i7cQQ0TxELTD1yzvMLseY90dWI0DIg8JF:0HGTNWTAOcQQIID1kMpxA8n
                                    MD5:B73EF92377D7EE981468C49C3D3DEF82
                                    SHA1:32050AD2632BDB7166D9A286F0E8A8E383E5C11C
                                    SHA-256:6B8CFA9ADA8D87B4CD1BE6EE7BC436BA9CD0EC4BFAB3638A733657AAF8A6308E
                                    SHA-512:81F4514F032090A9BAEE1F7452279052DE74D1B291923BF541DAF685754C50C6D422C3E5EB5E0D362A62BAF99D1CFB6C5BEA9A67FDB535A94D2304558120B134
                                    Malicious:false
                                    Reputation:low
                                    Preview:MDMP..a..... .......y^Pg........................................2!..........T.......8...........T......................................................................................................................eJ..............Lw......................T.......0...u^Pg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                    Process:C:\Windows\System32\WerFault.exe
                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):8622
                                    Entropy (8bit):3.6919501686763985
                                    Encrypted:false
                                    SSDEEP:192:R6l7wVeJYJo3n6YOUb35fgmfr57v0pDB89bJNRfkDm:R6lXJuY6YNb35fgmfrFvHJbf9
                                    MD5:22A6C17C46C3FAE5C957B3E706F27F0C
                                    SHA1:BA2E04621066448B56AD8CD33F73F249C3CF076B
                                    SHA-256:80514AE2C492CB5C61EAA4F7A17906C086833ABADC15FCAA9BA81B902BCF90D4
                                    SHA-512:A5B361EF4EF64F064C0C58A5D86ABE5E4CC29AE331CD965D625215E2BB093138B528171DAE835A7A085571E3AED25A9512DF368520DB2C016D5E2D1A777E4005
                                    Malicious:false
                                    Reputation:low
                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.1.6.8.<./.P.i.
                                    Process:C:\Windows\System32\WerFault.exe
                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):4853
                                    Entropy (8bit):4.4432299213249244
                                    Encrypted:false
                                    SSDEEP:48:cvIwWl8zsZAJg771I9orWpW8VYcYm8M4Jk5LvM6F3/X1yq8vU5LvMm0aMu/Fd:uIjf4I77a7VUJcjMElWsjMV1utd
                                    MD5:92E9E477B7E8CA3C0BDBA9B5056DA3F5
                                    SHA1:923A7CAA64649FEA0BAB366B9B27041A2127994C
                                    SHA-256:9367A76CA81C4CBED1E18DE615B6B51FFCACE40C580C7ABCBDF0B7C6BD9EE671
                                    SHA-512:18BC0E9558DD2490A2F467B939387CC7F12914E27425F2523102A92A4D41CC71B005ACC1C161A8B4A328525F9BBD68DD44D45F6CE7885F65739DD6952EF68623
                                    Malicious:false
                                    Reputation:low
                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="616614" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                    Process:C:\Users\user\Desktop\LJqzegzQl0.exe
                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):979567349
                                    Entropy (8bit):0.04635171750649042
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:531727252153BC1DF9092898C6F39884
                                    SHA1:FEFF95CE5F6F7D7AE84870A9A6D83521E1FD24D0
                                    SHA-256:1F2B4CCAF33E850E8312FC64771B9C9BA126F6262401EFFD4CF797F3E22B5EAE
                                    SHA-512:EF45A7BDEFFCFFC764E34A5EE33C19C7F15E96BBBB4A38FA261AC68778F1233ED5C3D60D08FDD7D5EA26157E4E7E3ED4F95E9CD83228B3EDB52D6CD5ECF7DC63
                                    Malicious:false
                                    Reputation:low
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................z..............z........#.............................Rich..................PE..L......C..........................................@...........................9.....Y.$..............................................."..F...........................................................................................................text............................... ..`.rdata...|..........................@..@.data....)...P.......P..............@....rsrc....F...."..P...0..............@..@................................................................................................................................................................................................................................................................................................................................................
                                    Process:C:\Windows\System32\WerFault.exe
                                    File Type:MS Windows registry file, NT/2000 or above
                                    Category:dropped
                                    Size (bytes):1835008
                                    Entropy (8bit):4.469545941085081
                                    Encrypted:false
                                    SSDEEP:6144:jzZfpi6ceLPx9skLmb0fYZWSP3aJG8nAgeiJRMMhA2zX4WABluuNqjDH5S:fZHtYZWOKnMM6bFpoj4
                                    MD5:EEDAA000B024E1C51B1C3F8A67B5B759
                                    SHA1:69B56802D35F568A117FD7F269D3CEB97B866A9C
                                    SHA-256:60EC8C5B095E51D9422C276055966F158D5F666D1EE11F7FAF085FE9596DE8E1
                                    SHA-512:B0E854C9DE61D9B0A3A09C0B2436075D60FCD7263D081E21E8ACD39AE6EE27A268DF7A2FE376DE7F741562BD3E05DEA2959EB024E40C16201896F5C9D633382D
                                    Malicious:false
                                    Preview:regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmR..SF.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                    Entropy (8bit):6.969138954038021
                                    TrID:
                                    • Win32 Executable (generic) a (10002005/4) 99.40%
                                    • InstallShield setup (43055/19) 0.43%
                                    • Windows Screen Saver (13104/52) 0.13%
                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                    • DOS Executable Generic (2002/1) 0.02%
                                    File name:LJqzegzQl0.exe
                                    File size:2'981'888 bytes
                                    MD5:89ab7b2a427fd404cca623ffe85341fa
                                    SHA1:329dd53f50faa14c1ffd8763feec1a9ae583bc1c
                                    SHA256:c3427b813ad0c2e6563b844e6fc080a7f18ca62880e7f2119adaad4e278b1285
                                    SHA512:a74fb7bf87ef47e6af1d5deaa18a8ff158a66408f557ae630c1d9bc34de7e9d178be46d2fecf8799e306343e484bd104fc08fbd0c413c0271a94a4e8c646171d
                                    SSDEEP:49152:SVHFXSzmqiDqCbm1gickVsPTwuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuTuuuuK:SVHFXSzmqsegfkVsMuuuuuuuuuuuuuu1
                                    TLSH:C8D5AE41F28181B1DD5276B05273D6B54572AEF8A73A80CF61D63F1B3B722E25A33386
                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................z.......................z...............#...............................................Rich...................
                                    Icon Hash:c5a684988c94a0c5
                                    Entrypoint:0x4dc300
                                    Entrypoint Section:.text
                                    Digitally signed:false
                                    Imagebase:0x400000
                                    Subsystem:windows gui
                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                    DLL Characteristics:NO_SEH
                                    Time Stamp:0x4310D1EE [Sat Aug 27 20:49:50 2005 UTC]
                                    TLS Callbacks:
                                    CLR (.Net) Version:
                                    OS Version Major:4
                                    OS Version Minor:0
                                    File Version Major:4
                                    File Version Minor:0
                                    Subsystem Version Major:4
                                    Subsystem Version Minor:0
                                    Import Hash:6cd1955b3508e1b7bae36e00ef841662
                                    Instruction
                                    sub esp, 44h
                                    push esi
                                    call dword ptr [0053D228h]
                                    mov esi, eax
                                    mov al, byte ptr [esi]
                                    cmp al, 22h
                                    call 00007F25CCF10380h
                                    inc esi
                                    cmp al, 22h
                                    je 00007F25CCFC038Ah
                                    test al, al
                                    jne 00007F25CCFC0376h
                                    cmp al, 22h
                                    jne 00007F25CCFC0398h
                                    inc esi
                                    jmp 00007F25CCFC0395h
                                    cmp al, 20h
                                    jbe 00007F25CCFC0391h
                                    lea esp, dword ptr [esp+00000000h]
                                    mov al, byte ptr [esi+01h]
                                    inc esi
                                    cmp al, 20h
                                    jnbe 00007F25CCFC037Ah
                                    mov al, byte ptr [esi]
                                    test al, al
                                    je 00007F25CCFC0390h
                                    mov edi, edi
                                    cmp al, 20h
                                    jnbe 00007F25CCFC038Ah
                                    mov al, byte ptr [esi+01h]
                                    inc esi
                                    test al, al
                                    jne 00007F25CCFC0376h
                                    lea eax, dword ptr [esp+04h]
                                    push eax
                                    mov dword ptr [esp+34h], 00000000h
                                    call dword ptr [0053D270h]
                                    test byte ptr [esp+30h], 00000001h
                                    movzx eax, word ptr [esp+34h]
                                    jne 00007F25CCFC0387h
                                    mov eax, 0000000Ah
                                    push eax
                                    push esi
                                    push 00000000h
                                    push 00000000h
                                    call dword ptr [0053D224h]
                                    push eax
                                    call 00007F25CCFBFF83h
                                    push eax
                                    call dword ptr [0053D220h]
                                    pop esi
                                    int3
                                    int3
                                    int3
                                    int3
                                    int3
                                    int3
                                    movzx edx, byte ptr [ecx+0Dh]
                                    xor eax, eax
                                    mov ah, byte ptr [ecx+0Fh]
                                    mov al, byte ptr [ecx+0Ch]
                                    movzx ecx, byte ptr [ecx+0Eh]
                                    shl eax, 08h
                                    or eax, edx
                                    shl eax, 08h
                                    or eax, ecx
                                    ret
                                    int3
                                    int3
                                    int3
                                    int3
                                    int3
                                    mov eax, ecx
                                    mov dword ptr [eax], 00000000h
                                    mov dword ptr [eax+04h], 00000000h
                                    ret
                                    push esi
                                    push edi
                                    mov esi, ecx
                                    call dword ptr [0000D518h]
                                    Programming Language:
                                    • [ C ] VS2003 (.NET) build 3077
                                    • [C++] VS2003 (.NET) build 3077
                                    • [RES] VS2003 (.NET) build 3077
                                    • [LNK] VS2003 (.NET) build 3077
                                    NameVirtual AddressVirtual Size Is in Section
                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x152e180x118.rdata
                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x2280000x1746d4.rsrc
                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IAT0x13d0000x598.rdata
                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                    .text0x10000x13bc900x13c000a098c7e84ad5a36a04535e1c3b73e500False0.5445657078223892data6.741499573740984IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    .rdata0x13d0000x17c840x180007985ce6b5d14c95b3d11911cc6832e60False0.5450439453125data6.199908013459288IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .data0x1550000xd29080xe00033ed2020b692083bf67c882b0e6ea252False0.7456926618303571data7.206453493549018IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                    .rsrc0x2280000x1746d40x175000d2f0f2f38f52716667f640343c9452c1False0.4497888478133378data6.806965062875741IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                    RT_CURSOR0x229a4c0x134dataEnglishUnited States0.275974025974026
                                    RT_CURSOR0x229b800xb4dataEnglishUnited States0.6444444444444445
                                    RT_CURSOR0x229c340x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.39935064935064934
                                    RT_CURSOR0x229d680xb4Targa image data - RLE 32 x 65536 x 1 +16 "\001"EnglishUnited States0.8944444444444445
                                    RT_CURSOR0x229e1c0x134dataEnglishUnited States0.12012987012987013
                                    RT_ICON0x229f500x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.3225609756097561
                                    RT_ICON0x22a5b80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.43951612903225806
                                    RT_ICON0x22a8a00x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States0.4016393442622951
                                    RT_ICON0x22aa880x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.4831081081081081
                                    RT_ICON0x22abb00x35e0PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9907192575406032
                                    RT_ICON0x22e1900xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.4584221748400853
                                    RT_ICON0x22f0380x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.47382671480144406
                                    RT_ICON0x22f8e00x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States0.45564516129032256
                                    RT_ICON0x22ffa80x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.3504335260115607
                                    RT_ICON0x2305100x668Device independent bitmap graphic, 48 x 96 x 4, image size 0EnglishUnited States0.1774390243902439
                                    RT_ICON0x230b780x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.26344086021505375
                                    RT_ICON0x230e600x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.46621621621621623
                                    RT_ICON0x230f880xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.5335820895522388
                                    RT_ICON0x231e300x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.5478339350180506
                                    RT_ICON0x2326d80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.41401734104046245
                                    RT_ICON0x232c400x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.34865145228215766
                                    RT_ICON0x2351e80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.36538461538461536
                                    RT_ICON0x2362900x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.6462765957446809
                                    RT_ICON0x2366f80x668Device independent bitmap graphic, 48 x 96 x 4, image size 0EnglishUnited States0.27987804878048783
                                    RT_ICON0x236d600x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.40860215053763443
                                    RT_ICON0x2370480x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 0EnglishUnited States0.47540983606557374
                                    RT_ICON0x2372300x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.5506756756756757
                                    RT_ICON0x2373580xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.4650852878464819
                                    RT_ICON0x2382000x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.677797833935018
                                    RT_ICON0x238aa80x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0EnglishUnited States0.7534562211981567
                                    RT_ICON0x2391700x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.8034682080924855
                                    RT_ICON0x2396d80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.32676348547717843
                                    RT_ICON0x23bc800x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.4547373358348968
                                    RT_ICON0x23cd280x988Device independent bitmap graphic, 24 x 48 x 32, image size 0EnglishUnited States0.5823770491803278
                                    RT_ICON0x23d6b00x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.600177304964539
                                    RT_ICON0x23db180x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.07868508221933042
                                    RT_ICON0x24e3400x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.15114568005045195
                                    RT_ICON0x2577e80x67e8Device independent bitmap graphic, 80 x 160 x 32, image size 26560EnglishUnited States0.1543233082706767
                                    RT_ICON0x25dfd00x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.175184842883549
                                    RT_ICON0x2634580x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.15948275862068967
                                    RT_ICON0x2676800x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.24107883817427386
                                    RT_ICON0x269c280x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.2678236397748593
                                    RT_ICON0x26acd00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.37459016393442623
                                    RT_ICON0x26b6580x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.42819148936170215
                                    RT_ICON0x26bac00x668Device independent bitmap graphic, 48 x 96 x 4, image size 11520.3225609756097561
                                    RT_ICON0x26c1280x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 5120.43951612903225806
                                    RT_ICON0x26c4100x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 2880.4016393442622951
                                    RT_ICON0x26c5f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 1280.4831081081081081
                                    RT_ICON0x26c7200x35e0PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9907192575406032
                                    RT_ICON0x26fd000xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors0.4584221748400853
                                    RT_ICON0x270ba80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors0.47382671480144406
                                    RT_ICON0x2714500x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors0.45564516129032256
                                    RT_ICON0x271b180x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors0.3504335260115607
                                    RT_ICON0x2720800x10828Device independent bitmap graphic, 128 x 256 x 32, image size 675840.07868508221933042
                                    RT_ICON0x2828a80x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 380160.15114568005045195
                                    RT_ICON0x28bd500x67e8Device independent bitmap graphic, 80 x 160 x 32, image size 265600.1543233082706767
                                    RT_ICON0x2925380x5488Device independent bitmap graphic, 72 x 144 x 32, image size 216000.175184842883549
                                    RT_ICON0x2979c00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 168960.15948275862068967
                                    RT_ICON0x29bbe80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.24107883817427386
                                    RT_ICON0x29e1900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.2678236397748593
                                    RT_ICON0x29f2380x988Device independent bitmap graphic, 24 x 48 x 32, image size 24000.37459016393442623
                                    RT_ICON0x29fbc00x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.42819148936170215
                                    RT_MENU0x2a00280x280dataChineseTaiwan0.55
                                    RT_MENU0x2a02a80x350dataGermanGermany0.46226415094339623
                                    RT_MENU0x2a05f80x2f2dataEnglishUnited States0.46419098143236076
                                    RT_MENU0x2a08ec0x34cdataFrenchFrance0.45260663507109006
                                    RT_MENU0x2a0c380x356dataItalianItaly0.4601873536299766
                                    RT_MENU0x2a0f900x2c0dataJapaneseJapan0.5539772727272727
                                    RT_MENU0x2a12500x2c4dataKoreanNorth Korea0.5706214689265536
                                    RT_MENU0x2a12500x2c4dataKoreanSouth Korea0.5706214689265536
                                    RT_MENU0x2a15140x286dataChineseChina0.5479876160990712
                                    RT_MENU0x2a179c0x336data0.46228710462287104
                                    RT_MENU0x2a1ad40x116dataChineseTaiwan0.7086330935251799
                                    RT_MENU0x2a1bec0x20adataGermanGermany0.5268199233716475
                                    RT_MENU0x2a1df80x1d2dataEnglishUnited States0.5343347639484979
                                    RT_MENU0x2a1fcc0x220dataFrenchFrance0.5055147058823529
                                    RT_MENU0x2a21ec0x1fedataItalianItaly0.515686274509804
                                    RT_MENU0x2a23ec0x146dataJapaneseJapan0.7239263803680982
                                    RT_MENU0x2a25340x144dataKoreanNorth Korea0.7253086419753086
                                    RT_MENU0x2a25340x144dataKoreanSouth Korea0.7253086419753086
                                    RT_MENU0x2a26780x12edataChineseChina0.7019867549668874
                                    RT_MENU0x2a27a80x1f4data0.536
                                    RT_MENU0x2a299c0x6adataChineseTaiwan0.7452830188679245
                                    RT_MENU0x2a2a080x9cdataGermanGermany0.7115384615384616
                                    RT_MENU0x2a2aa40x70dataEnglishUnited States0.75
                                    RT_MENU0x2a2b140x90dataFrenchFrance0.6805555555555556
                                    RT_MENU0x2a2ba40x88dataItalianItaly0.7205882352941176
                                    RT_MENU0x2a2c2c0x78dataJapaneseJapan0.75
                                    RT_MENU0x2a2ca40x78dataKoreanNorth Korea0.7833333333333333
                                    RT_MENU0x2a2ca40x78dataKoreanSouth Korea0.7833333333333333
                                    RT_MENU0x2a2d1c0x6adataChineseChina0.7452830188679245
                                    RT_MENU0x2a2d880x8cdata0.6857142857142857
                                    RT_MENU0x2a2e140x22dataChineseTaiwan1.1764705882352942
                                    RT_MENU0x2a2e380x4adataGermanGermany0.8378378378378378
                                    RT_MENU0x2a2e840x34dataEnglishUnited States1.0
                                    RT_MENU0x2a2eb80x3edataFrenchFrance0.9193548387096774
                                    RT_MENU0x2a2ef80x42dataItalianItaly0.9545454545454546
                                    RT_MENU0x2a2f3c0x28dataJapaneseJapan1.125
                                    RT_MENU0x2a2f640x24dataKoreanNorth Korea1.1944444444444444
                                    RT_MENU0x2a2f640x24dataKoreanSouth Korea1.1944444444444444
                                    RT_MENU0x2a2f880x22dataChineseChina1.1764705882352942
                                    RT_MENU0x2a2fac0x3cdata1.0166666666666666
                                    RT_DIALOG0x2a2fe80x1a6dataChineseTaiwan0.5284360189573459
                                    RT_DIALOG0x2a31900x1a6dataGermanGermany0.523696682464455
                                    RT_DIALOG0x2a33380x1a6dataEnglishUnited States0.523696682464455
                                    RT_DIALOG0x2a34e00x1a6dataFrenchFrance0.523696682464455
                                    RT_DIALOG0x2a36880x1a6dataItalianItaly0.523696682464455
                                    RT_DIALOG0x2a38300x19edataJapaneseJapan0.538647342995169
                                    RT_DIALOG0x2a39d00x1a6dataKoreanNorth Korea0.5284360189573459
                                    RT_DIALOG0x2a39d00x1a6dataKoreanSouth Korea0.5284360189573459
                                    RT_DIALOG0x2a3b780x1a6dataChineseChina0.5260663507109005
                                    RT_DIALOG0x2a3d200x1aedata0.5302325581395348
                                    RT_DIALOG0x2a3ed00x140dataChineseTaiwan0.70625
                                    RT_DIALOG0x2a40100x1d8dataGermanGermany0.5614406779661016
                                    RT_DIALOG0x2a41e80x1cadataEnglishUnited States0.5633187772925764
                                    RT_DIALOG0x2a43b40x1bcdataFrenchFrance0.5968468468468469
                                    RT_DIALOG0x2a45700x18cdataItalianItaly0.6035353535353535
                                    RT_DIALOG0x2a46fc0x162dataJapaneseJapan0.7457627118644068
                                    RT_DIALOG0x2a48600x144dataKoreanNorth Korea0.7376543209876543
                                    RT_DIALOG0x2a48600x144dataKoreanSouth Korea0.7376543209876543
                                    RT_DIALOG0x2a49a40x138dataChineseChina0.6987179487179487
                                    RT_DIALOG0x2a4adc0x1cedata0.5757575757575758
                                    RT_DIALOG0x2a4cac0x2cadataChineseTaiwan0.5714285714285714
                                    RT_DIALOG0x2a4f780x4cedataGermanGermany0.4056910569105691
                                    RT_DIALOG0x2a54480x448dataEnglishUnited States0.39507299270072993
                                    RT_DIALOG0x2a58900x4f8dataFrenchFrance0.3977987421383648
                                    RT_DIALOG0x2a5d880x49cdataItalianItaly0.38813559322033897
                                    RT_DIALOG0x2a62240x34edataJapaneseJapan0.5721040189125296
                                    RT_DIALOG0x2a65740x32edataKoreanNorth Korea0.5675675675675675
                                    RT_DIALOG0x2a65740x32edataKoreanSouth Korea0.5675675675675675
                                    RT_DIALOG0x2a68a40x2c2dataChineseChina0.5722379603399433
                                    RT_DIALOG0x2a6b680x48edata0.3936535162950257
                                    RT_STRING0x2a6ff80xeedataChineseTaiwan0.5378151260504201
                                    RT_STRING0x2a70e80x10adataGermanGermany0.5225563909774437
                                    RT_STRING0x2a71f40x104dataEnglishUnited States0.5076923076923077
                                    RT_STRING0x2a72f80x116dataFrenchFrance0.5215827338129496
                                    RT_STRING0x2a74100x10cdataItalianItaly0.5111940298507462
                                    RT_STRING0x2a751c0xfcdataJapaneseJapan0.5674603174603174
                                    RT_STRING0x2a76180xf0dataKoreanNorth Korea0.5625
                                    RT_STRING0x2a76180xf0dataKoreanSouth Korea0.5625
                                    RT_STRING0x2a77080xeedataChineseChina0.542016806722689
                                    RT_STRING0x2a77f80x116data0.5179856115107914
                                    RT_STRING0x2a79100xdeMatlab v4 mat-file (little endian) Gr-N\011g, numeric, rows 0, columns 0ChineseTaiwan0.6891891891891891
                                    RT_STRING0x2a79f00x204Matlab v4 mat-file (little endian) a, numeric, rows 0, columns 0GermanGermany0.4573643410852713
                                    RT_STRING0x2a7bf40x1aaMatlab v4 mat-file (little endian) , numeric, rows 0, columns 0EnglishUnited States0.4624413145539906
                                    RT_STRING0x2a7da00x20aMatlab v4 mat-file (little endian) n, numeric, rows 0, columns 0FrenchFrance0.4521072796934866
                                    RT_STRING0x2a7fac0x1acMatlab v4 mat-file (little endian) n, numeric, rows 0, columns 0ItalianItaly0.4532710280373832
                                    RT_STRING0x2a81580x116Matlab v4 mat-file (little endian) \3740\3230\3740\205Qn0\2710\2570\3520\3270\3100L0\237S\340Vg0 , numeric, rows 0, columns 0JapaneseJapan0.6438848920863309
                                    RT_STRING0x2a82700x100Matlab v4 mat-file (little endian) , numeric, rows 0, columns 0KoreanNorth Korea0.796875
                                    RT_STRING0x2a82700x100Matlab v4 mat-file (little endian) , numeric, rows 0, columns 0KoreanSouth Korea0.796875
                                    RT_STRING0x2a83700xe0Matlab v4 mat-file (little endian) Gr-N\204v\320g*N\032\201,g\374[\364\201 , numeric, rows 0, columns 0ChineseChina0.6696428571428571
                                    RT_STRING0x2a84500x1a8Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 00.5070754716981132
                                    RT_STRING0x2a85f80x56Matlab v4 mat-file (little endian) \326S\201\211, numeric, rows 0, columns 0ChineseTaiwan0.5348837209302325
                                    RT_STRING0x2a86500x110Matlab v4 mat-file (little endian) \344, numeric, rows 0, columns 0GermanGermany0.41544117647058826
                                    RT_STRING0x2a87600xcaMatlab v4 mat-file (little endian) e, numeric, rows 0, columns 0EnglishUnited States0.45544554455445546
                                    RT_STRING0x2a882c0x106Matlab v4 mat-file (little endian) h, numeric, rows 0, columns 0FrenchFrance0.44274809160305345
                                    RT_STRING0x2a89340xfaMatlab v4 mat-file (little endian) e, numeric, rows 0, columns 0ItalianItaly0.384
                                    RT_STRING0x2a8a300x8eMatlab v4 mat-file (little endian) \2420\3030\3270\3550\3740\3110Y0\2130\3250\2410\2440\3530\2220x\220\236bW0~0Y0 , numeric, rows 0, columns 0JapaneseJapan0.5
                                    RT_STRING0x2a8ac00x7cdataKoreanNorth Korea0.6290322580645161
                                    RT_STRING0x2a8ac00x7cdataKoreanSouth Korea0.6290322580645161
                                    RT_STRING0x2a8b3c0x5cMatlab v4 mat-file (little endian) \351b\201\211, numeric, rows 0, columns 0ChineseChina0.4891304347826087
                                    RT_STRING0x2a8b980x138Matlab v4 mat-file (little endian) e, numeric, rows 0, columns 00.4166666666666667
                                    RT_STRING0x2a8cd00x52dataChineseTaiwan0.8536585365853658
                                    RT_STRING0x2a8d240xaadataGermanGermany0.6
                                    RT_STRING0x2a8dd00x98dataEnglishUnited States0.6052631578947368
                                    RT_STRING0x2a8e680xd6dataFrenchFrance0.5373831775700935
                                    RT_STRING0x2a8f400xaadataItalianItaly0.5764705882352941
                                    RT_STRING0x2a8fec0x70dataJapaneseJapan0.7857142857142857
                                    RT_STRING0x2a905c0x58dataKoreanNorth Korea0.8977272727272727
                                    RT_STRING0x2a905c0x58dataKoreanSouth Korea0.8977272727272727
                                    RT_STRING0x2a90b40x52dataChineseChina0.8048780487804879
                                    RT_STRING0x2a91080xc8data0.54
                                    RT_ACCELERATOR0x2a91d00x80dataEnglishUnited States0.6875
                                    RT_GROUP_CURSOR0x2a92500x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0294117647058822
                                    RT_GROUP_CURSOR0x2a92740x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0
                                    RT_GROUP_CURSOR0x2a92980x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                    RT_GROUP_ICON0x2a92ac0x126data0.5544217687074829
                                    RT_GROUP_ICON0x2a93d40x102dataEnglishUnited States0.6046511627906976
                                    RT_GROUP_ICON0x2a94d80xaedataEnglishUnited States0.6206896551724138
                                    RT_GROUP_ICON0x2a95880x84dataEnglishUnited States0.6363636363636364
                                    RT_VERSION0x2a960c0x3c4dataEnglishUnited States0.4221991701244813
                                    RT_DLGINCLUDE0x2a99d00x6dc36PC bitmap, Windows 3.x format, 56615 x 2 x 45, image size 449723, cbSize 449590, bits offset 540.6995462532529638
                                    RT_ANIICON0x3176080xe52ePC bitmap, Windows 3.x format, 7462 x 2 x 45, image size 58788, cbSize 58670, bits offset 540.3828532469746037
                                    RT_ANIICON0x325b380xadb5PC bitmap, Windows 3.x format, 6091 x 2 x 54, image size 44877, cbSize 44469, bits offset 540.3292181069958848
                                    RT_ANIICON0x3308f00xc408PC bitmap, Windows 3.x format, 6487 x 2 x 36, image size 50833, cbSize 50184, bits offset 540.3397895743663319
                                    RT_ANIICON0x33ccf80x3251cPC bitmap, Windows 3.x format, 26260 x 2 x 36, image size 206180, cbSize 206108, bits offset 540.4970597938944631
                                    RT_ANIICON0x36f2140x2d4bfPC bitmap, Windows 3.x format, 23999 x 2 x 52, image size 185728, cbSize 185535, bits offset 540.4973832430538712
                                    DLLImport
                                    WSOCK32.dllsetsockopt, gethostbyname, htonl, ioctlsocket, htons, WSAStartup, ntohl, WSACleanup
                                    WININET.dllHttpQueryInfoA
                                    CRYPT32.dllCertFreeCertificateContext, CertVerifySubjectCertificateContext, CertFindCertificateInStore, CertCreateCertificateContext, CryptGetMessageCertificates, CryptVerifyMessageSignature, CertCloseStore
                                    VERSION.dllGetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA
                                    WINMM.dllwaveInStop, waveInAddBuffer, waveInStart, waveInGetNumDevs, waveOutGetNumDevs, waveInClose, waveOutGetDevCapsA, waveOutPrepareHeader, waveOutWrite, waveOutReset, waveOutUnprepareHeader, waveInReset, waveInUnprepareHeader, waveInPrepareHeader, waveInOpen, waveInGetDevCapsA, timeGetTime, waveOutClose, waveOutOpen, timeKillEvent, timeSetEvent, timeGetDevCaps, timeBeginPeriod, timeEndPeriod
                                    KERNEL32.dllGetSystemInfo, GetUserDefaultLangID, ExitThread, GlobalFree, GetFileAttributesA, GetFileAttributesW, LockResource, LoadResource, FindResourceExA, FindResourceExW, GlobalAlloc, CreateThread, GetTimeZoneInformation, GetSystemTime, SystemTimeToFileTime, DeleteFileA, DeleteFileW, MoveFileA, VirtualQuery, RemoveDirectoryA, RemoveDirectoryW, CreateDirectoryA, CreateDirectoryW, CreateFileA, CreateFileW, ReadFile, WriteFile, GetTempFileNameA, GetTempPathA, GetTempFileNameW, GetTempPathW, SetFilePointer, GetFileSize, GetFileAttributesExA, GetFileAttributesExW, FindFirstFileA, FindFirstFileW, FindNextFileA, FindNextFileW, FindClose, GetSystemDirectoryA, GetModuleFileNameA, MoveFileExA, CreateMutexA, ReleaseMutex, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, WaitForSingleObject, WideCharToMultiByte, GlobalUnlock, GlobalLock, IsDBCSLeadByteEx, lstrlenA, SetEndOfFile, CopyFileA, CopyFileW, GetModuleFileNameW, GetCommandLineW, ExitProcess, GetModuleHandleA, GetCommandLineA, GetProcessTimes, GetCurrentProcess, CreateEventA, SetEvent, TlsAlloc, SetThreadPriority, InterlockedIncrement, InterlockedDecrement, ResetEvent, WaitForMultipleObjects, VirtualFree, VirtualAlloc, GetThreadPriority, GetCurrentThread, GetSystemDefaultLangID, FreeLibrary, GetLastError, GetStartupInfoA, CreateProcessA, CloseHandle, LCMapStringW, LCMapStringA, GetTickCount, GetCurrentThreadId, GetLocaleInfoA, SetErrorMode, LoadLibraryA, GetProcAddress, QueryPerformanceCounter, QueryPerformanceFrequency, IsDBCSLeadByte, GetACP, GetCPInfo, MultiByteToWideChar, GetVersionExA, InterlockedExchange, InterlockedCompareExchange, Sleep, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, HeapAlloc, GetProcessHeap, MoveFileW, HeapFree
                                    USER32.dllGetSubMenu, LoadMenuA, SetTimer, KillTimer, GetClientRect, ScreenToClient, GetCursorPos, SetCursor, LoadCursorA, EndPaint, BeginPaint, GetMenu, DestroyWindow, GetFocus, WindowFromPoint, GetCapture, ReleaseCapture, SetCapture, TrackPopupMenu, ClientToScreen, DeleteMenu, GetMenuItemID, IsWindow, DefWindowProcA, GetWindowLongA, CreateWindowExA, RegisterClipboardFormatA, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, SetClipboardData, EmptyClipboard, InsertMenuA, InsertMenuW, RemoveMenu, GetWindow, UnregisterClassA, LoadStringW, MoveWindow, SetMenu, UpdateWindow, ShowWindow, SetDlgItemTextA, SetDlgItemTextW, EnableWindow, GetDlgItemTextA, GetWindowTextLengthA, DestroyMenu, GetWindowTextLengthW, PostQuitMessage, GetMenuStringA, GetMenuStringW, RegisterClassA, DispatchMessageA, TranslateMessage, TranslateAcceleratorA, GetMessageA, LoadAcceleratorsA, PostThreadMessageA, GetQueueStatus, PeekMessageA, MsgWaitForMultipleObjects, RegisterWindowMessageA, SystemParametersInfoA, DialogBoxIndirectParamW, DialogBoxIndirectParamA, PostMessageA, EndDialog, SetWindowLongA, GetParent, GetWindowRect, GetDesktopWindow, SetWindowPos, LoadIconA, GetDlgItem, SendMessageA, SetWindowTextA, SetFocus, GetMenuItemCount, GetMenuItemInfoA, GetSystemMetrics, InsertMenuItemA, DdeInitializeA, DdeCreateStringHandleA, DdeConnect, DdeClientTransaction, DdeDisconnect, DdeFreeStringHandle, DdeUninitialize, SendInput, GetKeyboardLayout, GetDC, ReleaseDC, GetDoubleClickTime, LoadStringA, EnableMenuItem, CheckMenuItem, InvalidateRect, WaitForInputIdle, MapVirtualKeyA, FillRect, GetKeyState, DialogBoxParamW, DialogBoxParamA, GetDlgItemTextW, MessageBoxA
                                    GDI32.dllGetTextMetricsA, GetClipRgn, SetTextColor, ExtTextOutW, ExtTextOutA, CreateRectRgn, GetTextAlign, GetBkMode, GetTextColor, EnumFontFamiliesA, SetTextCharacterExtra, BeginPath, EndPage, DPtoLP, FillPath, ExtCreatePen, StrokePath, EndDoc, StartDocA, LPtoDP, CreateSolidBrush, GetClipBox, GetSystemPaletteEntries, CreatePalette, GetTextExtentPoint32A, CreatePen, GetBkColor, SetBkColor, GetCurrentObject, GetTextExtentPoint32W, EndPath, SetPolyFillMode, MoveToEx, LineTo, PolyBezierTo, SelectClipPath, SaveDC, RestoreDC, GdiFlush, DeleteObject, SelectObject, StretchDIBits, SetDIBitsToDevice, CreateCompatibleBitmap, GetObjectA, CreateCompatibleDC, DeleteDC, CreateDIBSection, GetDeviceCaps, BitBlt, RealizePalette, SelectPalette, GetStockObject, CreateFontIndirectA, SetBkMode, SetTextAlign, IntersectClipRect, SelectClipRgn, StartPage
                                    comdlg32.dllGetOpenFileNameA, PrintDlgA, GetOpenFileNameW, GetSaveFileNameW, CommDlgExtendedError, GetSaveFileNameA
                                    ADVAPI32.dllRegCloseKey, RegQueryValueExA, RegOpenKeyExA, RegQueryValueExW, RegOpenKeyExW, RegSetValueExA, RegCreateKeyA, RegSetValueA
                                    SHELL32.dllDragQueryFileA, DragAcceptFiles, SHBrowseForFolderA, SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHAppBarMessage, DragQueryFileW
                                    ole32.dllCoTaskMemAlloc, CoFreeUnusedLibraries, CoInitialize, CoUninitialize, CoCreateInstance, CoTaskMemFree
                                    Language of compilation systemCountry where language is spokenMap
                                    EnglishUnited States
                                    ChineseTaiwan
                                    GermanGermany
                                    FrenchFrance
                                    ItalianItaly
                                    JapaneseJapan
                                    KoreanNorth Korea
                                    KoreanSouth Korea
                                    ChineseChina
                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                    2024-12-04T14:51:44.796117+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1104.37.175.2217575192.168.2.649739TCP
                                    TimestampSource PortDest PortSource IPDest IP
                                    Dec 4, 2024 14:51:43.381773949 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:43.501950979 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:43.502038956 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:43.502393007 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:43.622066975 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:44.661050081 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:44.676261902 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:44.796117067 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.039449930 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.049261093 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.169188976 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.420698881 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.420723915 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.420829058 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.421017885 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.421070099 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.421083927 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.421097994 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.421114922 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.421130896 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.421758890 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.421771049 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.421782970 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.421811104 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.429147005 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.429208994 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.429233074 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.435189962 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.435247898 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.540770054 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.540802002 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.540914059 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.625010014 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.625157118 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.625245094 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.628930092 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.629059076 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.629131079 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.637109041 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.639645100 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.639750004 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.639811039 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.647515059 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.647634029 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.647713900 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.655409098 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.655544043 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.655616999 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.663343906 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.663460970 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.664191008 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.671000957 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.671119928 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.671135902 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.678880930 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.678934097 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.679024935 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.686338902 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.686460972 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.686588049 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.693480968 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.693645000 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.693761110 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.700634003 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.700730085 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.700809002 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.706916094 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.708933115 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.816746950 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.817019939 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.817159891 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.819322109 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.820240021 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.820306063 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.820369959 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.825350046 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.825479031 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.825537920 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.830579042 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.830645084 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.830647945 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.835601091 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.835705996 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.835763931 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.840399981 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.840514898 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.840575933 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.845331907 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.845437050 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.845499992 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.850155115 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.850250959 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.850275993 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.855006933 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.855150938 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.855218887 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.859867096 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.859968901 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.860028982 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.864751101 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.864938021 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.865004063 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.869616032 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.869800091 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.869874954 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.874735117 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.874835014 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.874911070 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.879293919 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.879415989 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.879493952 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.884166956 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.884298086 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.884361982 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.889054060 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.889230967 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.889306068 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.893913984 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.894018888 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.894082069 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.898813009 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.898912907 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.898976088 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.903800011 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.903860092 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.903908014 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.908524036 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.908605099 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.908648968 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.913369894 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.913450956 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.913506031 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.918222904 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.918278933 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.918369055 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.923410892 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.923466921 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:45.923516989 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.927961111 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:45.928005934 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.016237020 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.016300917 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.016366959 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.018002987 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.018254995 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.018318892 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.021653891 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.021822929 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.021894932 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.025274992 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.025410891 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.025461912 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.029052019 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.029130936 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.029185057 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.032609940 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.032743931 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.032797098 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.036283016 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.036446095 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.036492109 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.039920092 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.040019989 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.040072918 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.043303013 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.043425083 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.043462992 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.046729088 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.046837091 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.046890974 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.050076008 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.050219059 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.050276995 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.053287983 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.053430080 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.053555012 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.056632042 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.056725979 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.057046890 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.059830904 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.059942961 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.060220003 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.063083887 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.063222885 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.063445091 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.066274881 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.066396952 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.066611052 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.069540024 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.069662094 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.069930077 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.072931051 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.073028088 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.073072910 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.075993061 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.076080084 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.076114893 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.079168081 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.079320908 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.079356909 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.082360983 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.082504988 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.082547903 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.085644007 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.085783005 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.085819960 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.088788986 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.088958979 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.089104891 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.092140913 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.092232943 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.092289925 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.095253944 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.095382929 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.095421076 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.098637104 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.098722935 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.098798037 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.101922989 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.102150917 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.102190018 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.104948044 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.105073929 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.105115891 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.108273983 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.108334064 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.108375072 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.111596107 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.111727953 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.111774921 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.114660025 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.114749908 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.114792109 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.117999077 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.118067980 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.118627071 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.121083975 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.121192932 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.121242046 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.124313116 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.124427080 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.124465942 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.127501965 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.127626896 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.127660036 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.130733013 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.177826881 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.183643103 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.216281891 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.216491938 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.216541052 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.217415094 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.217526913 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.217564106 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.219660044 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.220712900 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.220799923 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.220799923 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.222816944 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.222865105 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.223002911 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.225630045 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.225682020 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.225831985 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.227478981 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.227535009 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.227593899 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.229734898 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.229846001 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.229856014 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.231941938 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.231991053 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.232064009 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.234373093 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.234412909 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.234611988 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.236896038 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.236946106 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.237118959 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.238740921 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.238789082 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.238835096 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.240590096 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.240632057 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.240778923 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.242731094 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.242780924 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.242836952 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.244899988 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.244946003 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.244976997 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.246972084 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.247018099 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.247092009 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.249010086 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.249061108 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.249126911 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.251161098 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.251204967 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.251323938 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.253196001 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.253230095 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.253336906 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.255091906 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.255127907 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.255186081 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.256913900 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.256978035 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.257093906 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.257137060 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.257195950 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.259068012 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.259105921 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.259258986 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.261153936 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.261224031 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.261251926 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.263102055 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.263134956 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.263238907 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.265139103 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.265173912 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.265281916 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.267134905 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.267173052 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.267241955 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.269258976 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.269294977 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.269454956 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.271157026 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.271190882 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.271290064 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.273091078 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.273130894 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.273175955 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.273216009 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.273279905 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.275194883 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.275233984 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.275342941 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.277175903 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.277216911 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.277331114 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.278436899 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.278461933 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.279273987 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.279319048 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.279536009 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.281305075 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.281347990 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.281497002 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.283227921 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.283272982 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.283409119 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.283709049 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.285393000 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.285439968 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.285576105 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.287291050 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.287329912 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.287348986 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.289256096 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.289295912 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.289468050 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.291253090 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.291306019 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.291354895 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.293248892 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.293292046 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.293368101 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.295238018 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.295290947 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.295407057 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.297293901 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.297331095 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.297405005 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.299309969 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.299357891 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.299468994 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.301326990 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.301363945 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.301403046 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.303277016 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.303319931 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.303379059 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.305248022 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.305294037 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.305361986 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.307274103 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.307322979 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.307385921 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.309293032 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.309325933 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.309426069 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.311306953 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.311346054 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.311412096 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.313290119 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.313324928 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.313574076 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.315319061 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.315356970 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.315422058 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.317327976 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.317368031 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.317480087 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.319335938 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.319385052 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.319448948 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.321345091 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.321383953 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.321497917 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.323271036 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.323307991 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.408241034 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.408283949 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.408327103 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.408962011 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.409095049 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.409132957 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.410533905 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.410741091 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.410784960 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.412185907 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.412303925 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.412342072 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.413693905 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.413836002 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.413872957 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.415240049 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.415370941 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.415410995 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.416847944 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.416995049 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.417028904 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.418277979 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.418442011 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.418479919 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.419750929 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.419920921 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.419959068 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.421231985 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.421396971 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.421433926 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.422736883 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.422854900 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.422890902 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.424165964 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.424290895 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.424344063 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.425575972 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.425764084 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.426037073 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.427015066 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.427187920 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.427223921 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.428556919 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.428652048 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.428688049 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.429831982 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.429927111 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.429960966 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.431557894 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.431807995 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.431845903 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.432600021 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.432749987 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.432789087 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.433912992 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.434057951 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.434102058 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.435307980 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.435441017 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.435480118 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.436683893 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.436830044 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.436885118 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.437944889 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.438110113 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.438154936 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.439270973 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.439413071 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.439465046 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.440655947 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.440768003 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.440813065 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.441896915 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.442049026 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.442082882 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.443188906 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.443345070 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.443403006 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.444534063 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.444715977 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.444751024 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.445770979 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.445923090 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.445966959 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.447243929 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.447364092 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.447397947 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.448517084 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.448689938 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.448745012 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.449845076 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.449985027 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.450026989 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.450972080 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.451075077 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.451117039 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.452188015 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.452305079 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.452349901 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.453423023 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.453564882 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.453607082 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.454711914 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.454832077 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.454871893 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.455925941 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.456070900 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.456110954 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.457227945 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.457387924 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.457433939 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.458492994 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.458632946 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.458686113 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.459774971 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.459986925 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.460031033 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.461150885 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.461361885 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.461405039 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.462344885 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.462552071 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.462595940 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.463603973 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.463722944 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.463803053 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.464956045 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.465054035 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.465090990 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.466201067 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.466347933 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.466398001 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.467386007 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.467538118 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.467581034 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.468677998 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.468835115 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.468875885 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.469996929 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.470191002 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.470232964 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.471237898 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.471366882 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.471407890 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.472476006 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.472651005 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.472692966 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.473849058 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.473992109 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.474036932 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.475008965 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.475227118 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.475272894 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.476341009 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.476515055 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.476562977 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.477577925 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.477715969 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.477756023 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.478790045 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.568538904 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.600513935 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.600605965 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.600660086 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.600996017 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.601269960 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.601308107 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.602226019 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.602442026 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.602473974 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.603210926 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.603282928 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.603322983 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.603929043 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.604104996 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.604140997 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.604983091 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.605134010 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.605178118 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.606044054 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.606168032 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.606208086 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.607016087 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.607156992 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.607196093 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.608064890 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.608242989 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.608280897 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.609118938 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.609297037 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.609334946 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.610173941 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.610343933 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.610378981 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.611110926 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.611237049 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.611287117 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.612154007 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.612272024 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.612313986 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.613140106 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.613267899 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.613307953 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.614257097 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.614449024 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.614487886 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.615192890 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.615335941 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.615391970 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.616198063 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.616416931 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.616466045 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.617212057 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.617358923 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.617425919 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.618325949 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.618407965 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.618444920 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.619246006 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.619467974 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.619528055 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.620237112 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.620378971 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.620419979 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.622288942 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.622448921 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.622462988 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.622488022 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.622940063 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.622980118 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.623450041 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.623590946 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.623625040 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.624330044 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.624464989 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.624500036 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.625385046 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.625557899 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.625592947 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.626380920 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.626523018 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.626560926 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.627402067 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.627543926 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.627580881 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.628422976 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.628586054 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.628624916 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.629463911 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.629585028 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.629626036 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.630476952 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.630722046 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.630757093 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.631479979 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.631643057 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.631680965 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.632522106 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.632658958 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.632694960 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.633524895 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.633650064 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.633686066 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.634527922 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.634669065 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.634707928 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.635555029 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.635680914 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.635718107 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.636595964 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.636704922 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.636739969 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.637597084 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.637749910 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.637785912 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.638603926 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.638745070 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.638803005 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.639625072 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.639782906 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.639823914 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.640683889 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.640844107 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.640882969 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.641694069 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.641870975 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.641901016 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.642702103 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.642839909 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.642874002 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.643716097 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.643867970 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.643903971 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.644735098 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.644901991 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.644933939 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.645764112 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.645915985 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.645945072 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.646981001 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.647080898 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.647119045 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.647852898 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.647977114 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.648013115 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.648802996 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.648973942 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.649013042 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.649847031 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.650197029 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.650230885 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.650876999 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.651000977 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.651038885 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.651890039 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.652044058 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.652075052 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.652904034 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.653028011 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.653062105 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.653871059 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.666706085 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.666742086 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.792743921 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.792803049 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.792882919 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.793128967 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.793142080 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.793163061 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.793996096 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.794039965 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.794118881 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.795119047 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.795175076 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.795535088 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.796084881 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.796123028 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.796210051 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.797311068 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.797363043 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.797430992 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.798305035 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.798346996 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.798403978 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.799140930 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.799177885 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.799272060 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.800107956 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.800144911 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.800220966 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.801079035 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.801120043 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.801266909 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.802170038 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.802206993 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.802268028 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.803240061 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.803301096 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.803323984 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.804168940 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.804208040 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.804280043 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.805263996 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.805301905 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.805339098 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.806200027 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.806236982 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.806335926 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.807210922 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.807252884 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.807338953 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.808211088 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.808250904 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.808339119 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.809252977 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.809293985 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.809370041 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.810255051 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.810297012 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.810375929 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.811392069 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.811436892 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.811496973 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.812392950 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.812433004 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.812508106 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.813354969 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.813395977 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.813582897 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.814379930 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.814415932 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.814466953 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.815373898 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.815414906 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.815538883 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.816392899 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.816432953 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.816498041 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.817430019 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.817471027 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.817550898 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.818437099 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.818487883 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.818650961 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.819463968 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.819510937 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.819569111 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.820498943 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.820545912 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.820658922 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.821585894 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.821628094 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.821793079 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.822515011 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.822556019 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.822632074 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.823545933 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.823584080 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.823693037 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.824596882 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.824636936 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.824671030 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.825544119 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.825583935 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.825689077 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.826591015 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.826648951 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.826715946 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.827586889 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.827626944 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.827744007 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.828615904 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.828660965 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.828739882 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.829684019 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.829725027 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.829740047 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.830688000 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.830729008 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.830765963 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.831641912 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.831681013 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.831907034 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.832694054 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.832762957 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.832827091 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.833703041 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.833744049 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.833823919 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.834741116 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.834781885 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.834834099 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.835772991 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.835813046 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.835894108 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.836855888 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.836894989 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.837136984 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.837892056 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.837934971 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.838001966 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.838803053 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.838841915 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.838937044 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.839834929 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.839874983 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.839951038 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.840850115 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.840887070 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.840980053 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.841885090 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.841927052 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.841985941 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.842953920 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.842991114 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.843036890 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.843921900 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.843960047 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.844063997 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.844923973 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.844966888 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.845051050 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.845940113 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.845978022 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.984247923 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.984406948 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.984453917 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.984687090 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.984976053 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.985023022 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.985168934 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.985977888 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.986020088 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.986112118 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.986944914 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.986985922 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.987087011 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.988044024 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.988082886 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.988215923 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.988970041 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.989011049 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.989110947 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.990024090 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.990070105 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.990195990 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.991056919 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.991117001 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.991162062 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.992094040 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.992130041 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.992199898 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.993100882 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.993135929 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.993243933 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.994102955 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.994139910 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.994277000 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.995131969 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.995176077 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.995250940 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.996129036 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.996184111 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.996309996 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.997220039 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.997256994 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.997406006 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.998308897 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.998351097 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.998572111 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.999582052 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:46.999620914 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:46.999753952 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.000593901 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.000631094 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.000746965 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.001576900 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.001619101 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.001713037 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.002567053 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.002609015 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.002808094 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.003581047 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.003618002 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.003715038 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.004420996 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.004462004 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.004514933 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.005363941 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.005408049 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.005497932 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.006336927 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.006375074 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.006529093 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.007453918 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.007492065 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.007632017 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.008357048 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.008394003 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.008475065 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.009396076 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.009438038 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.009510994 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.010426044 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.010466099 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.010545015 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.011466980 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.011512041 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.011578083 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.012447119 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.012482882 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.012654066 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.013478041 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.013520002 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.013641119 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.014564037 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.014621973 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.014676094 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.015542984 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.015579939 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.015702009 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.016536951 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.016580105 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.016928911 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.017590046 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.017630100 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.017695904 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.018646955 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.018682957 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.018815041 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.019623041 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.019664049 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.019748926 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.021008968 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.021044970 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.021250963 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.022313118 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.022357941 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.022433996 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.023596048 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.023628950 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.023740053 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.024707079 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.024821997 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.024852037 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.025768042 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.025806904 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.025929928 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.026763916 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.026808977 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.027084112 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.027844906 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.027882099 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.027947903 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.029027939 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.029067993 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.029128075 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.029939890 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.029978037 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.030047894 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.030900955 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.030941010 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.031035900 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.032043934 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.032104969 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.032155037 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.032840967 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.032885075 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.032921076 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.033607960 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.033653021 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.033694983 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.034328938 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.034368038 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.034430027 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.035234928 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.035283089 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.035403013 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.036091089 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.036130905 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.036192894 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.036968946 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.037009001 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.037132025 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.176579952 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.176793098 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.176826954 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.177015066 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.177037001 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.177059889 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.177952051 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.178070068 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.179641962 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.190217018 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.190280914 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.190294981 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.190582037 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.190593004 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.191176891 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.191186905 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.191199064 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.191200972 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.191240072 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.191240072 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.191829920 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.191840887 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.191852093 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.191992044 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.192651033 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.192663908 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.192675114 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.192725897 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.192725897 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.193487883 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.193500042 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.193511009 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.193521976 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.193547010 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.193609953 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.194297075 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.194340944 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.194351912 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.194386959 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.195178986 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.195189953 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.195200920 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.195225954 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.195384979 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.195995092 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.196022987 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.196033955 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.196453094 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.196861982 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.196873903 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.196883917 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.196894884 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.196902037 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.196918964 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.197689056 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.197700977 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.197710991 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.197757006 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.198507071 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.198518991 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.198529005 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.198550940 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.199100971 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.199117899 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.199178934 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.199605942 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.199616909 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.199647903 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.200093031 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.200104952 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.200191975 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.200740099 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.200790882 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.201045036 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.201605082 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.201781988 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.201806068 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.202969074 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.203120947 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.203572035 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.203599930 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.203655958 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.203669071 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.204446077 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.204602957 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.204662085 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.205538988 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.205671072 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.205694914 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.206523895 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.206646919 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.206646919 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.207561016 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.207765102 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.207930088 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.209106922 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.209124088 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.209255934 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.209594011 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.209639072 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.209831953 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.210695982 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.210822105 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.211225033 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.211604118 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.211739063 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.211745977 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.212635994 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.212774038 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.212858915 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.213679075 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.213720083 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.213810921 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.214689970 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.214796066 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.214865923 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.215764999 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.215811968 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.215900898 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.216758013 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.216856956 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.216923952 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.217773914 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.217840910 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.217864990 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.218745947 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.218888998 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.218911886 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.219759941 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.219880104 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.219927073 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.220777988 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.220916986 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.220918894 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.221811056 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.221883059 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.221934080 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.222835064 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.222959995 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.223501921 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.223830938 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.223958015 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.223978996 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.224931955 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.225105047 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.225126982 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.225929022 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.226027966 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.226051092 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.226910114 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.227031946 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.227055073 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.227993011 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.228094101 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.228553057 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.228949070 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.229032040 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.229084015 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.230025053 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.230822086 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.390497923 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.390526056 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.390635967 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.390651941 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.390825987 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.391531944 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.391695023 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.391724110 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.392457962 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.392633915 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.392668962 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.392966032 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.393548965 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.393765926 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.393996000 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.394670010 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.394815922 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.394920111 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.395706892 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.395855904 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.396909952 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.397034883 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.397063971 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.397352934 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.397891998 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.398034096 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.398113966 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.399211884 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.399276972 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.399363995 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.400042057 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.400146008 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.400288105 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.400880098 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.401005030 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.401716948 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.401810884 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.401837111 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.402587891 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.402616978 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.402738094 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.403501034 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.403598070 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.403626919 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.403707027 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.404436111 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.404525995 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.404623985 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.405328989 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.405446053 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.405581951 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.406244040 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.406379938 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.406964064 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.406994104 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.407099009 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.407870054 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.407942057 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.408149958 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.408262968 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.409040928 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.409287930 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.409600019 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.410016060 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.410173893 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.410629988 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.411031961 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.411154032 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.411422968 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.412108898 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.412259102 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.413115025 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.413263083 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.413288116 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.414120913 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.414197922 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.414230108 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.414652109 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.415194035 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.415369987 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.416098118 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.416243076 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.416275978 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.416594982 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.417217970 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.417311907 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.417586088 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.418143988 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.418283939 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.418768883 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.419936895 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.419950962 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.420218945 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.420238018 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.420416117 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.421300888 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.421436071 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.421736002 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.421736002 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.422235012 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.422357082 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.422552109 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.423274040 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.423418999 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.423501015 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.424320936 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.424418926 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.425474882 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.425637007 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.425669909 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.426265001 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.426656008 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.426748991 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.426867962 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.427717924 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.427881002 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.428787947 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.428926945 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.428956985 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.429155111 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.429981947 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.430140972 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.430569887 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.430953979 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.431088924 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.431370974 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.431931973 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.432080984 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.432239056 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.432807922 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.433036089 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.433644056 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.433680058 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.433753967 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.434544086 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.434581995 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.434634924 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.435477018 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.435503960 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.435596943 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.436515093 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.436614037 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.436630011 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.436681986 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.437557936 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.437912941 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.438085079 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.438571930 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.438730001 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.438779116 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.439594030 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.439743042 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.439917088 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.442416906 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.442491055 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.442502022 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.442514896 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.442555904 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.442612886 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.442823887 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.568445921 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.581516981 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.581645012 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.581758976 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.581818104 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.582016945 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.582062006 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.582843065 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.583004951 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.583122015 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.583884954 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.583992958 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.584585905 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.584774971 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.584995031 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.585813046 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.585860014 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.585949898 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.586260080 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.586832047 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.586997986 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.587088108 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.587894917 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.588056087 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.588721037 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.588921070 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.589027882 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.589282036 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.589880943 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.590044022 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.590153933 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.590912104 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.591041088 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.591356993 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.591922045 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.592097998 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.592469931 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.592936993 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.593054056 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.593151093 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.593991995 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.594182968 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.595015049 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.595038891 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.595180988 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.595277071 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.596060991 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.596183062 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.596415043 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.597043037 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.597204924 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.597950935 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.598035097 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.598253965 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.598834038 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.599086046 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.599231005 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.599486113 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.600094080 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.600234985 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.600395918 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.601114035 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.601255894 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.602135897 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.602284908 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.602303982 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.603100061 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.603158951 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.603347063 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.603590012 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.604155064 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.604361057 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.604451895 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.605199099 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.605412006 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.605501890 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.606224060 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.606359959 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.606630087 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.607352972 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.607474089 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.608258963 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.608392000 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.608408928 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.609277010 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.609455109 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.609473944 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.610306025 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.610460043 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.610481024 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.611330032 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.611352921 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.611498117 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.612448931 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.612468958 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.612565994 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.613377094 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.613399029 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.613549948 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.614377975 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.614398956 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.614634991 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.615447044 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.615454912 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.615576982 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.615698099 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.616421938 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.616540909 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.616689920 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.617475986 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.617599964 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.617686987 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.618603945 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.618671894 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.618896008 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.619477034 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.619606018 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.619760990 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.620608091 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.621570110 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.621583939 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.621608973 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.621845961 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.622093916 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.622558117 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.622710943 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.623081923 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.623538971 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.623719931 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.624051094 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.624572992 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.624757051 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.625243902 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.625583887 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.625732899 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.625888109 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.626636028 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.626766920 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.626842976 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.627631903 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.627784014 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.628648043 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.628652096 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.628774881 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.629803896 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.629874945 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.629895926 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.630004883 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.630712986 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.630830050 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.631077051 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.631700039 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.631843090 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.631911039 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.632716894 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.632877111 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.633008003 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.633747101 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.633888960 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.634105921 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.634706020 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.677844048 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.773119926 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.773220062 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.773406029 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.773561954 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.773818970 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.773931026 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.773940086 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.774810076 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.774876118 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.774913073 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.775773048 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.775903940 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.775960922 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.776807070 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.776961088 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.776988029 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.777827978 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.777875900 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.778006077 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.778846025 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.778970003 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.779618025 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.779867887 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.779992104 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.780010939 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.780833006 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.780985117 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.781037092 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.781964064 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.782038927 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.782058954 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.783051968 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.783232927 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.783926010 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.783960104 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.784157038 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.784265041 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.784945011 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.785038948 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.785068989 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.785959959 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.786092997 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.786225080 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.787014961 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.787107944 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.787894964 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.788017035 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.788120985 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.788141966 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.789005041 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.789146900 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.789194107 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.790038109 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.790178061 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.790368080 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.791047096 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.791105032 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.791172981 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.792184114 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.792311907 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.792893887 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.793092966 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.793226957 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.793252945 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.794131994 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.794336081 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.794430017 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.795094967 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.795152903 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.795260906 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.796443939 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.796550989 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.796574116 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.797349930 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.797478914 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.797498941 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.798182964 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.798311949 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.798374891 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.799393892 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.799496889 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.799511909 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.800363064 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.800496101 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.800518036 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.801251888 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.801438093 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.801470995 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.802403927 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.802489996 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.802604914 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.803288937 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.803405046 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.803436041 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.804313898 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.804374933 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.804442883 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.805345058 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.805453062 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.805504084 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.806462049 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.806569099 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.806591034 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.807403088 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.807558060 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.807698965 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.808362961 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.808418036 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.808660984 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.809432983 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.809629917 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.810240984 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.810556889 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.810622931 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.810678959 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.811594009 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.811708927 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.811790943 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.812537909 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.812648058 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.812649012 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.813628912 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.813798904 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.813915968 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.814618111 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.814748049 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.814883947 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.815655947 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.815756083 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.815805912 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.816641092 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.816768885 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.816817999 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.817610979 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.817662001 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.817853928 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.818833113 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.818938017 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.819026947 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.819823027 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.819928885 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.819948912 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.820954084 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.820993900 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.821053982 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.822412968 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.822782040 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.822805882 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.823442936 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.823715925 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.823738098 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.824623108 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.824836016 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.824975014 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.825826883 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.826005936 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.826024055 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.826977015 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.827188969 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.828026056 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.967372894 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.967467070 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.967916012 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.968105078 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.968137980 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.968492985 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.968899012 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.969018936 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.969759941 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.969880104 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.970055103 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.970109940 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.970952988 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.971148014 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.971884012 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.972007036 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.972021103 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.972095013 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.972909927 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.973040104 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.973107100 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.974025011 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.974133015 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.974180937 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.974965096 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.975087881 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.975138903 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.976133108 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.976363897 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.976412058 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.977087975 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.977412939 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.977490902 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.978605986 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.978663921 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.978708029 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.979284048 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.979427099 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.979468107 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.980125904 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.980370045 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.980411053 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.981087923 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.981220007 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.981261015 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.982244015 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.982316017 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.982357025 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.983114958 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.983230114 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.983277082 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.984124899 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.984256029 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.984313965 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.985157967 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.985306025 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.985348940 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.986206055 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.986301899 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.986342907 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.987190008 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.987334967 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.987376928 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.988204956 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.988338947 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.988383055 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.989276886 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.989398003 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.989455938 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.990246058 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.990369081 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.990627050 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.991251945 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.991494894 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.991538048 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.992377043 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.992563963 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.992605925 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.993343115 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.993570089 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.993649006 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.994353056 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.994474888 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.994518995 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.995358944 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.995522022 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.995565891 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.996392965 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.996507883 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.996547937 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.997443914 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.997596979 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.997637987 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.998390913 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.998547077 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.998588085 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:47.999423027 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.999596119 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:47.999636889 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.000466108 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.000608921 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.000647068 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.001570940 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.001710892 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.001751900 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.002490997 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.002620935 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.002660990 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.003488064 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.003674984 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.003720999 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.004566908 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.004648924 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.004688025 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.005651951 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.005851984 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.006022930 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.006858110 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.007035971 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.007086039 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.007985115 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.008193016 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.008243084 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.008949041 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.009052992 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.009100914 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.009932995 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.009978056 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.010025978 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.010886908 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.011034012 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.011080980 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.012027979 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.012115002 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.012187004 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.012948990 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.013107061 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.013153076 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.013828993 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.013967991 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.014009953 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.014787912 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.014904022 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.014944077 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.015773058 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.015959024 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.016004086 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.016860008 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.017227888 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.017275095 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.017968893 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.018138885 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.018181086 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.019222975 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.019378901 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.019426107 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.020044088 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.020239115 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.020284891 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.020951986 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.068541050 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.106940985 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.106940985 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.159231901 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.159384012 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.159477949 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.159499884 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.159898043 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.159953117 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.160705090 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.160923004 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.161390066 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.161638021 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.161889076 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.161937952 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.162786961 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.163000107 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.163044930 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.163816929 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.164139986 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.164901018 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.165005922 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.165127039 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.165175915 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.166088104 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.166659117 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.166829109 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.167170048 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.167377949 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.167423010 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.168243885 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.169183016 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.169198036 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.169236898 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.169369936 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.169425011 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.169897079 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.170008898 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.170051098 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.170695066 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.170881987 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.170932055 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.171701908 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.171890020 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.171956062 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.172760010 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.173742056 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.173754930 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.173804998 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.174047947 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.174093008 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.174760103 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.175807953 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.175821066 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.175865889 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.176017046 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.176063061 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.176846981 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.176860094 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.176903963 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.177886009 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.178019047 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.178070068 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.178872108 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.178884983 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.178935051 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.179850101 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.180548906 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.180608034 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.180905104 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.181696892 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.181747913 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.181886911 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.181900024 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.181936026 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.182899952 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.183537006 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.183583975 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.183866978 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.184029102 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.184078932 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.184957027 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.185347080 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.185400009 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.186034918 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.186703920 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.186745882 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.187025070 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.187174082 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.187402964 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.188136101 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.188148975 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.188196898 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.189127922 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.189141989 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.189179897 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.190433025 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.190638065 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.190715075 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.191540003 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.191718102 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.191756010 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.192534924 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.193101883 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.193152905 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.193519115 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.193769932 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.193824053 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.194494963 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.194721937 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.194793940 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.195386887 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.195522070 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.195559025 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.196141958 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.196319103 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.196351051 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.197278976 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.197290897 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.197330952 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.198163033 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.198741913 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.198786020 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.199328899 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.199342012 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.199388981 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.200778961 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.200792074 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.200830936 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.201406956 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.201802969 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.201848030 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.202267885 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.203304052 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.203325033 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.203375101 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.203521967 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.203562021 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.204303980 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.205369949 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.205384970 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.205420971 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.205595016 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.206341028 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.206386089 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.206897974 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.206984043 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.207401991 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.207415104 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.207452059 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.208455086 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.208585978 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.208622932 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.209399939 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.209713936 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.209762096 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.210504055 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.211582899 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.211599112 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.211627007 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.211792946 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.211879015 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.212491989 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.380942106 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.474677086 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.474699020 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.474710941 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.474723101 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.474734068 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.474745989 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.474756002 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.474766970 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.474777937 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.474783897 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.474788904 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.474801064 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.474812984 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.474822998 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.474823952 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.474836111 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.474845886 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.474848986 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.474860907 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.474873066 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.474885941 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.474886894 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.474898100 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.474906921 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.474910021 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.474921942 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.474925041 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.474934101 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.474944115 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.474950075 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.474956036 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.474960089 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.474961996 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.474967957 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.474978924 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.474989891 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475001097 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475012064 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475017071 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475023031 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475033998 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475049019 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475054026 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475064993 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475068092 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475078106 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475089073 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475099087 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475110054 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475111008 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475127935 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475137949 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475138903 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475151062 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475157976 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475162029 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475172997 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475183010 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475191116 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475195885 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475207090 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475214005 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475219011 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475230932 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475243092 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475244999 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475254059 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475260973 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475267887 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475281000 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475285053 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475296021 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475303888 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475326061 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475331068 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475337029 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475347996 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475358963 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475369930 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475373030 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475380898 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475389004 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475392103 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475403070 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475413084 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475414038 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475424051 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475433111 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475435972 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475446939 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475457907 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475464106 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475470066 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475481987 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475490093 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475492001 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475503922 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475505114 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475514889 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475526094 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475533009 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475537062 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475548983 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475553036 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475558996 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475564957 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475570917 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475581884 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475594044 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475599051 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475605011 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475617886 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475622892 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475627899 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475640059 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475641012 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475651026 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475661993 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475666046 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475673914 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475686073 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475689888 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475696087 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475708008 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475712061 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475718021 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475729942 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475733042 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475740910 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475752115 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475756884 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475764036 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475771904 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475775003 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475785971 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475795984 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475796938 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475807905 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475814104 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475817919 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475830078 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475850105 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475856066 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475867033 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475868940 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475878954 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475891113 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475898027 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475902081 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475917101 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475924015 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.475944042 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.475986958 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.491400003 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.506472111 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.544390917 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.544500113 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.544559956 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.544692993 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.544853926 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.544897079 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.545486927 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.545871019 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.546041012 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.546088934 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.546897888 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.547235966 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.547288895 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.547956944 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.547969103 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.548019886 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.549010038 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.549021959 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.549073935 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.549952984 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.550061941 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.550971985 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.550986052 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.551063061 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.551279068 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.552064896 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.552077055 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.552123070 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.553010941 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.553824902 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.553878069 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.554148912 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.554188967 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.554503918 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.555073977 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.555085897 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.555123091 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.556058884 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.556107998 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.556277037 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.557066917 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.557297945 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.557342052 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.558175087 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.558330059 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.558379889 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.559215069 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.559596062 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.559652090 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.560159922 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.560549974 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.560600042 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.561201096 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.561249971 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.561453104 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.562190056 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.562242985 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.562583923 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.563376904 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.563484907 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.563533068 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.564311028 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.564414024 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.564501047 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.565212011 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.565404892 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.565481901 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.566278934 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.566318035 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.566433907 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.567290068 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.567445993 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.567511082 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.568325043 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.568507910 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.568598986 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.569535017 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.569580078 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.569711924 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.570369959 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.570414066 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.570538044 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.571433067 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.571532965 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.571583033 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.572402954 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.573072910 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.573126078 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.573715925 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.573751926 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.573920965 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.574439049 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.574476957 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.574610949 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.575452089 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.575490952 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.575664043 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.576697111 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.576829910 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.576873064 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.577502966 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.577668905 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.577708960 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.578537941 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.578572989 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.578705072 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.579741001 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.579782963 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.579787970 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.580543995 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.581337929 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.581393003 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.581638098 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.581825972 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.581871986 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.582601070 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.582658052 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.582777023 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.583631039 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.583676100 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.583818913 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.584641933 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.584691048 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.584954023 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.585721970 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.585804939 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.585828066 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.586642981 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.586905956 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.586950064 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.587682962 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.587862015 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.587908030 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.588681936 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.588728905 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.588839054 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.589755058 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.589797974 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.589914083 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.590754032 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.590934992 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.590975046 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.591758966 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.591900110 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.591938019 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.592751026 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.592787027 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.592905045 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.593842983 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.593928099 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.593977928 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.594822884 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.594934940 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.595030069 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.596295118 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.596458912 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.596510887 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.596868992 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.597107887 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.597157955 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.736479998 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.736632109 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.736757994 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.736874104 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.737243891 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.737284899 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.737658978 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.737826109 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.738331079 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.738373041 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.738799095 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.739278078 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.739290953 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.739331961 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.739331961 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.739931107 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.740819931 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.740833998 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.740865946 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.741035938 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.741477966 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.741516113 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.741729975 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.741885900 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.742193937 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.742546082 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.742646933 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.743012905 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.743666887 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.743705034 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.743794918 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.744160891 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.744199991 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.744648933 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.744935036 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.745471954 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.745511055 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.745656013 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.746279955 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.746323109 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.747173071 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.747189045 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.747230053 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.747427940 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.747463942 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.747980118 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.747992992 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.748027086 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.748780012 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.749212027 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.749252081 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.749568939 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.749746084 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.750370979 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.750411987 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.750577927 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.750660896 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.751262903 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.751276016 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.751317978 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.752046108 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.752294064 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.752329111 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.752875090 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.753216982 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.753272057 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.753649950 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.754007101 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.754462957 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.754506111 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.754707098 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.755280018 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.755321980 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.755450964 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.755485058 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.756098986 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.757014036 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.757025957 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.757049084 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.757355928 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.758075953 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.758111954 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.758464098 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.758647919 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.758672953 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.758686066 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.758719921 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.759352922 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.759547949 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.759583950 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.760216951 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.760231018 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.760272980 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.760977983 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.761714935 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.761882067 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.761893988 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.761918068 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.761946917 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.762746096 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.763521910 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.763534069 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.763564110 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.763716936 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.764338017 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.764358044 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.764379978 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.764406919 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.765069008 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.765783072 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.765821934 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.765988111 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.766302109 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.766341925 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.766845942 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.767102957 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.767136097 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.767615080 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.768084049 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.768373966 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.768402100 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.768430948 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.768454075 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.769195080 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.769485950 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.769524097 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.769994020 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.770328999 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.770366907 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.770837069 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.770848989 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.770886898 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.771598101 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.771904945 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.772427082 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.772468090 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.773053885 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.773282051 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.773296118 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.773315907 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.773334980 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.774072886 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.774255037 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.774287939 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.774919987 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.775752068 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.775765896 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.775789022 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.776019096 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.776545048 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.776559114 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.776583910 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.776608944 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.777332067 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.777510881 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.777549982 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.778161049 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.778974056 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.779021978 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.779083014 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.929097891 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.929342985 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.929369926 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.929394007 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.929660082 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.929708958 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.930268049 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.930366993 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.930402994 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.930787086 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.930937052 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.931111097 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.931575060 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.931590080 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.931651115 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.932190895 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.932343960 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.932377100 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.932883978 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.933566093 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.933578968 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.933602095 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.933770895 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.933851957 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.934248924 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.934401989 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.934602022 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.934947968 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.935398102 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.935436964 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.935698986 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.935712099 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.935748100 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.936450005 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.936461926 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.936499119 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.937191010 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.937205076 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.937237978 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.937948942 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.938129902 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.938168049 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.938819885 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.938978910 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.939014912 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.940237999 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.940905094 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.940952063 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.940973997 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.941296101 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.941332102 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.941625118 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.941637039 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.941674948 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.942255020 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.942642927 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.942699909 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.942945004 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.942959070 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.943007946 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.943697929 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.944027901 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.944081068 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.944540977 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.944823980 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.944869041 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.945518017 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.946301937 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.946348906 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.946592093 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.946829081 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.946865082 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.947443008 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.947727919 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.947772980 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.948393106 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.948406935 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.948632002 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.949218035 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.949682951 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.949817896 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.950072050 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.950459003 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.950617075 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.950644016 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.950813055 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.950855970 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.951375961 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.951853991 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.951901913 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.952049971 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.952061892 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.952095032 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.952795029 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.952953100 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.952994108 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.953509092 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.953521013 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.953556061 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.954317093 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.954634905 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.955435038 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.955488920 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.955795050 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.956129074 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.956144094 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.956171036 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.956196070 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.956768036 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.956984997 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.957653046 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.957703114 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.958053112 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.958384037 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.958432913 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.958832026 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.959256887 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.959264994 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.959269047 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.959304094 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.960135937 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.960148096 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.960186958 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.960830927 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.961472988 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.961538076 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.961707115 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.961719036 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.961771965 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.962481976 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.962778091 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.963355064 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.963367939 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.963403940 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.963438988 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.964190006 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.964201927 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.964238882 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.964989901 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.965662956 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.965708017 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.965857983 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.965869904 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.965900898 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.966592073 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.967381954 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.967394114 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.967432022 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.967675924 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.968193054 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.968239069 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.968610048 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.968655109 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.969127893 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.969141006 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.969178915 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.969825029 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.969994068 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:48.970035076 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:48.970683098 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.018467903 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.119973898 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.120111942 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.120167017 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.120467901 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.120821953 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.120865107 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.120963097 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.121316910 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.121404886 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.121773005 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.121932030 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.122000933 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.122575045 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.122793913 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.123387098 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.123444080 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.123541117 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.124226093 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.124278069 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.124447107 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.124505997 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.125185966 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.125317097 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.125353098 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.125842094 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.126053095 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.126285076 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.126662970 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.126902103 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.126940966 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.127430916 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.127624035 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.127659082 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.128268003 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.128544092 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.128592968 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.129096031 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.129342079 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.129383087 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.129920959 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.130140066 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.130184889 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.130700111 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.130888939 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.130959034 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.131596088 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.131922007 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.132335901 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.132381916 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.132551908 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.133157969 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.133200884 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.133310080 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.133981943 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.133990049 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.134151936 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.134192944 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.134794950 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.134973049 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.135010958 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.135598898 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.135807037 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.135936975 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.136616945 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.136782885 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.136816978 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.137280941 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.137586117 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.137636900 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.138125896 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.138367891 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.138653994 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.139014959 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.139111996 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.139873028 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.139913082 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.140050888 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.140667915 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.140705109 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.140870094 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.140906096 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.141397953 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.141653061 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.141690969 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.142159939 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.142330885 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.142364979 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.143153906 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.143345118 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.143385887 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.143915892 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.144089937 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.144124031 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.144640923 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.144779921 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.144814014 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.145687103 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.145842075 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.146260023 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.146301031 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.146550894 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.146644115 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.147097111 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.147257090 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.147290945 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.147893906 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.148083925 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.148117065 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.148695946 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.148881912 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.149508953 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.149549961 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.149687052 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.150352001 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.150387049 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.150530100 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.150563955 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.151180983 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.151355028 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.151983023 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.152019978 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.152264118 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.152815104 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.152873039 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.153026104 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.153062105 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.153604031 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.153829098 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.153861046 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.154448986 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.154604912 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.154642105 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.155267954 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.155450106 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.156265020 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.156285048 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.156306028 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.156328917 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.156867981 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.157072067 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.157114029 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.157713890 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.157891035 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.157927990 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.158516884 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.158701897 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.159322023 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.159363031 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.159473896 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.159512997 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.160109043 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.160360098 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.160922050 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.160979986 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.161191940 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.161802053 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.161832094 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.161983013 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.162022114 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.162659883 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.312058926 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.312222004 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.312345982 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.312428951 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.312633038 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.312685013 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.313210011 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.313363075 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.313417912 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.314050913 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.314109087 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.314208031 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.314915895 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.315052986 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.315105915 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.315695047 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.315838099 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.315892935 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.316462040 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.316526890 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.316657066 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.317291021 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.317342997 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.317435980 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.318105936 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.318154097 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.318285942 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.318974972 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.319147110 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.319201946 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.319731951 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.319869041 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.319911957 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.320545912 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.320590973 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.320755005 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.321376085 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.321425915 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.321501017 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.322195053 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.322273970 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.322331905 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.323009014 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.323153973 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.323208094 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.323846102 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.323988914 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.324063063 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.324656010 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.324709892 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.324770927 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.325450897 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.325498104 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.325773954 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.326278925 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.326325893 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.326411009 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.327119112 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.327308893 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.327358007 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.327976942 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.328247070 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.328299999 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.328849077 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.328902006 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.329061985 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.329588890 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.329633951 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.329715014 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.330364943 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.330410004 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.330495119 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.331258059 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.331434011 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.331484079 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.332000017 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.332134962 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.332179070 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.332870960 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.332921028 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.332993031 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.333659887 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.333709002 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.333796024 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.334506035 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.334582090 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.334640980 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.335288048 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.335342884 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.335417986 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.336103916 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.336163998 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.336237907 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.336893082 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.336949110 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.337039948 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.337747097 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.337970972 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.338022947 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.338572979 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.338655949 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.338783026 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.339365959 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.339416027 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.339509010 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.340199947 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.340248108 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.340328932 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.341025114 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.341201067 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.341252089 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.341823101 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.341975927 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.342024088 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.342665911 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.342811108 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.342854977 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.343480110 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.343530893 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.343616009 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.344377041 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.344424009 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.344507933 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.345101118 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.345169067 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.345205069 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.346056938 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.346225977 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.346287012 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.347007990 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.347178936 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.347233057 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.347640991 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.347687006 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.347965956 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.348359108 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.348404884 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.348490953 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.349281073 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.349328041 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.349354982 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.350075960 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.350179911 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.350228071 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.350868940 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.351044893 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.351093054 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.351656914 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.351701975 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.351771116 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.352443933 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.352495909 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.352570057 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.353271008 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.353322983 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.353456974 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.354082108 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.354125023 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.354286909 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.354851961 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.358700037 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.514659882 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.514683008 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.514743090 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.514902115 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.515120983 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.515481949 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.515717983 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.515983105 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.516030073 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.516616106 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.516721964 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.516902924 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.517357111 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.517463923 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.517543077 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.518156052 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.518318892 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.518362999 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.518992901 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.519125938 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.519175053 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.519814014 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.519968987 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.520018101 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.520637035 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.520800114 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.520840883 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.521461010 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.521697998 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.521883965 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.522247076 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.522404909 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.522455931 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.523073912 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.523279905 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.523333073 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.523966074 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.524065971 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.524152040 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.524730921 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.524884939 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.524996996 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.525561094 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.525684118 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.525731087 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.526321888 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.526473999 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.526655912 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.527283907 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.527507067 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.527554035 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.527975082 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.528285027 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.528326988 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.528826952 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.529000998 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.529066086 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.529791117 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.529920101 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.529969931 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.530798912 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.530905962 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.530947924 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.531408072 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.531562090 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.531622887 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.532146931 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.532533884 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.532578945 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.532982111 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.533061981 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.533108950 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.533772945 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.533905029 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.534111023 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.534790039 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.534887075 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.534925938 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.535634995 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.535836935 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.535876989 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.536528111 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.536719084 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.536767006 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.537586927 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.537684917 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.537811995 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.538367987 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.538496971 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.538561106 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.539366007 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.539546967 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.539602995 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.540438890 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.540668011 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.540713072 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.541379929 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.541482925 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.541526079 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.542299986 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.542385101 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.542434931 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.543186903 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.543390036 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.543435097 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.543814898 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.543884993 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.543926001 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.544691086 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.544733047 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.544827938 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.545399904 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.545501947 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.545550108 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.546119928 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.546199083 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.546257019 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.546849012 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.547050953 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.547235012 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.547585011 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.547703981 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.547754049 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.548260927 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.548397064 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.548480034 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.548964024 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.549088001 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.549124956 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.549658060 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.549753904 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.549803019 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.550355911 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.550451994 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.550498009 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.551173925 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.551284075 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.551337004 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.551898956 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.551980019 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.552033901 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.552575111 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.552658081 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.552953959 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.553296089 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.553425074 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.553474903 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.554183006 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.554306984 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.554467916 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.554981947 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.555120945 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.555166960 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.555746078 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.555887938 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.556024075 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.556562901 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.556696892 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.556742907 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.557357073 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.706553936 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.706617117 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.706805944 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.706859112 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.707158089 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.707211018 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.707693100 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.707849979 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.707916021 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.708537102 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.708601952 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.708659887 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.709374905 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.709427118 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.709462881 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.710160017 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.710211039 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.710340977 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.711242914 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.711383104 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.711430073 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.711980104 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.712057114 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.712101936 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.712603092 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.712652922 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.712734938 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.713427067 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.713552952 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.713603973 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.714210987 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.714369059 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.714413881 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.715055943 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.715100050 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.715229034 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.715883970 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.715958118 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.716012955 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.716676950 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.716801882 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.716835022 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.717483997 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.717595100 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.717632055 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.718329906 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.718406916 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.718470097 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.719103098 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.719156027 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.719275951 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.719980955 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.720035076 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.720097065 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.720846891 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.720909119 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.720973015 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.721623898 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.721684933 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.721729994 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.722404003 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.722516060 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.726962090 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.727057934 CET497397575192.168.2.6104.37.175.221
                                    Dec 4, 2024 14:51:49.847501993 CET757549739104.37.175.221192.168.2.6
                                    Dec 4, 2024 14:51:49.847521067 CET757549739104.37.175.221192.168.2.6

                                    Click to jump to process

                                    Click to jump to process

                                    Click to dive into process behavior distribution

                                    Click to jump to process

                                    Target ID:0
                                    Start time:08:51:20
                                    Start date:04/12/2024
                                    Path:C:\Users\user\Desktop\LJqzegzQl0.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Users\user\Desktop\LJqzegzQl0.exe"
                                    Imagebase:0x400000
                                    File size:2'981'888 bytes
                                    MD5 hash:89AB7B2A427FD404CCA623FFE85341FA
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:low
                                    Has exited:true

                                    Target ID:3
                                    Start time:08:51:38
                                    Start date:04/12/2024
                                    Path:C:\Users\user\Desktop\LJqzegzQl0.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Users\user\Desktop\LJqzegzQl0.exe"
                                    Imagebase:0x400000
                                    File size:2'981'888 bytes
                                    MD5 hash:89AB7B2A427FD404CCA623FFE85341FA
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000003.00000003.2315557030.0000000000970000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000003.00000003.2318584844.00000000031D0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000003.00000003.2318366162.0000000002FB0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000003.00000002.2325367611.0000000000C70000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                    Reputation:low
                                    Has exited:true

                                    Target ID:4
                                    Start time:08:51:40
                                    Start date:04/12/2024
                                    Path:C:\Windows\SysWOW64\svchost.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Windows\System32\svchost.exe"
                                    Imagebase:0x380000
                                    File size:46'504 bytes
                                    MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.2319699004.0000000003190000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000004.00000003.2324826314.00000000050C0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000004.00000003.2325296405.00000000052E0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000002.2422887163.00000000031A0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                    Reputation:high
                                    Has exited:true

                                    Target ID:7
                                    Start time:08:51:40
                                    Start date:04/12/2024
                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 432
                                    Imagebase:0xda0000
                                    File size:483'680 bytes
                                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    Target ID:8
                                    Start time:08:51:49
                                    Start date:04/12/2024
                                    Path:C:\Windows\System32\fontdrvhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Windows\System32\fontdrvhost.exe"
                                    Imagebase:0x7ff7d9200000
                                    File size:827'408 bytes
                                    MD5 hash:BBCB897697B3442657C7D6E3EDDBD25F
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:moderate
                                    Has exited:true

                                    Target ID:10
                                    Start time:08:51:53
                                    Start date:04/12/2024
                                    Path:C:\Windows\System32\WerFault.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\WerFault.exe -u -p 5168 -s 140
                                    Imagebase:0x7ff641940000
                                    File size:570'736 bytes
                                    MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    Reset < >

                                      Execution Graph

                                      Execution Coverage:0%
                                      Dynamic/Decrypted Code Coverage:0%
                                      Signature Coverage:7.8%
                                      Total number of Nodes:51
                                      Total number of Limit Nodes:0
                                      execution_graph 33911 42b640 45 API calls 33917 40de70 26 API calls 33832 424870 OpenClipboard GetClipboardData GetClipboardData GetClipboardData CloseClipboard 33920 417273 28 API calls 33921 420670 16 API calls 33924 4c9670 GetCurrentThreadId GetKeyboardLayout GetLocaleInfoA 33834 4dc870 EnterCriticalSection LeaveCriticalSection 33930 4275fe 16 API calls 33837 4d8000 EndDoc 33931 40d210 46 API calls 33841 4fc810 InitializeCriticalSection 33936 408220 14 API calls 33843 401031 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 33844 41d430 56 API calls 33945 4012c0 16 API calls 33948 40fad0 26 API calls 33847 4118d0 7 API calls 33849 4144de 34 API calls 33952 4086e0 19 API calls 33850 41d8e0 35 API calls 33851 4210e0 InterlockedCompareExchange Sleep InterlockedCompareExchange InterlockedExchange 33954 41bee8 19 API calls 33961 411a80 27 API calls 33962 40c290 QueryPerformanceCounter QueryPerformanceCounter 33862 427090 GetACP GetCPInfo 33864 401ca0 278 API calls 33965 40eaa0 28 API calls 33869 41b4b0 48 API calls 33968 41eab0 28 API calls 33974 4f9340 CoCreateInstance 33875 40d560 29 API calls 33977 417f61 29 API calls 33876 401170 12 API calls 33983 50af60 CoTaskMemAlloc 33821 4dc300 GetCommandLineA 33822 42c310 33821->33822 33881 40fd10 39 API calls 33818 44a710 33819 44a712 ExitProcess 33818->33819 33887 40d530 25 API calls 33995 41ef32 26 API calls 33888 40cdc0 17 API calls 34000 4ddfc0 64 API calls 34001 4263cc 18 API calls 33891 40d1d0 24 API calls 33893 41e5d0 GetSystemTime GetTimeZoneInformation 34002 42abd0 30 API calls 33897 41cde0 36 API calls 33900 412180 25 API calls 34009 4dd780 46 API calls 33903 428191 26 API calls

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 0 44a710-44a719 2 44a729 0->2 3 44a71b-44a727 0->3 4 44a73a-44a748 ExitProcess 2->4 3->4
                                      APIs
                                      • ExitProcess.KERNEL32(00000000), ref: 0044A748
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: ExitProcess
                                      • String ID:
                                      • API String ID: 621844428-399585960
                                      • Opcode ID: 293620465462d170643fb551289f4f82b8ddd7fd95f4a21ffe41ffa866c1d984
                                      • Instruction ID: 4153d7d145e48ef0bfada68ad49838f97c765877aadb4e058581a2a78d09dbec
                                      • Opcode Fuzzy Hash: 293620465462d170643fb551289f4f82b8ddd7fd95f4a21ffe41ffa866c1d984
                                      • Instruction Fuzzy Hash: E7E04F75E4A25CCEEB30CA56EC017B8B775EB94316F0040EBD54D96241C6344D958F56

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 5 44a6e0-44a6fa 6 44a6fc-44a706 5->6 7 44a708 5->7 8 44a712-44a719 6->8 7->8 9 44a729 8->9 10 44a71b-44a727 8->10 11 44a73a-44a748 ExitProcess 9->11 10->11
                                      APIs
                                      • ExitProcess.KERNEL32(00000000), ref: 0044A748
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: ExitProcess
                                      • String ID:
                                      • API String ID: 621844428-0
                                      • Opcode ID: 301b0aacc8fca0e78445999e19763b72f532b71fd961c991c7f3581a4234fff3
                                      • Instruction ID: 1ceb8dd2f8bb3b7ec6cf47d3eabd97270618131fd29c238ba72ea5f4f3f95bef
                                      • Opcode Fuzzy Hash: 301b0aacc8fca0e78445999e19763b72f532b71fd961c991c7f3581a4234fff3
                                      • Instruction Fuzzy Hash: 79F01C7494622DCEEF308F61C8457ACB7B0BB04315F1082EAC46D67780C3348E829F86

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 12 4dc300-4dc310 GetCommandLineA call 42c310
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CommandLine
                                      • String ID:
                                      • API String ID: 3253501508-0
                                      • Opcode ID: 04003b1c6e78a75645abe312a21659dec6fb72e0dd25253600e7555adc4d96f0
                                      • Instruction ID: 324ae4de550c7ee1837b525cc46cc1c53208b04041f71095fcaff5b360da8b69
                                      • Opcode Fuzzy Hash: 04003b1c6e78a75645abe312a21659dec6fb72e0dd25253600e7555adc4d96f0
                                      • Instruction Fuzzy Hash: 51B012788003A00E83717B3834455CE7FF50C1D2E43844A58FCC1A3315D61488975AFA

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 14 4d7960-4d796e 15 4d7977-4d797a 14->15 16 4d7970-4d7976 14->16 17 4d797c-4d7984 15->17 18 4d7985-4d7995 LoadLibraryA 15->18 19 4d7ad8-4d7aeb 18->19 20 4d799b-4d7aac GetProcAddress * 19 18->20 20->19 22 4d7aae-4d7ab5 20->22 23 4d7ab7-4d7ab9 22->23 24 4d7ad2 22->24 23->24 25 4d7abb-4d7ad1 23->25 24->19
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: WSAAsyncGetHostByName$WSAAsyncSelect$WSACancelAsyncRequest$WSACleanup$WSAGetLastError$WSAStartup$WSOCK32.DLL$accept$bind$closesocket$connect$htonl$htons$inet_addr$listen$recv$recvfrom$send$sendto$socket
                                      • API String ID: 0-3677570488
                                      • Opcode ID: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                      • Instruction ID: 8c9ac86f1f98df4bb1f2f2f05f7a43d8bd4a8589446ea9a4d4fdb8b68f6288ad
                                      • Opcode Fuzzy Hash: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                      • Instruction Fuzzy Hash: 5031DE71D523646AD7206BB9EC19DEF3EACFBB6704B510517F000972A0EAF88458AF94

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 689 4d9ab0-4d9ab7 690 4d9abd-4d9ac0 689->690 691 4d9c1c-4d9c1d 689->691 690->691 692 4d9ac6-4d9ad4 690->692 693 4d9ada-4d9aeb call 4b8000 692->693 694 4d9ba3-4d9ba5 692->694 699 4d9c19-4d9c1b 693->699 700 4d9af1-4d9b14 call 421380 GlobalAlloc 693->700 696 4d9ba8-4d9bad 694->696 696->696 698 4d9baf-4d9bc2 GlobalAlloc 696->698 698->699 701 4d9bc4-4d9bcb GlobalLock 698->701 699->691 706 4d9b2e-4d9b3f call 52b380 700->706 707 4d9b16-4d9b28 GlobalLock call 4b81c0 GlobalUnlock 700->707 703 4d9bd0-4d9bd8 701->703 703->703 705 4d9bda-4d9bdb GlobalUnlock 703->705 708 4d9be1-4d9be3 705->708 718 4d9b41-4d9b6b WideCharToMultiByte GlobalAlloc 706->718 719 4d9b90-4d9ba1 call 439d00 706->719 707->706 711 4d9be9-4d9bf3 OpenClipboard 708->711 712 4d9be5-4d9be7 708->712 711->699 713 4d9bf5-4d9c03 EmptyClipboard 711->713 712->699 712->711 716 4d9c0a-4d9c0c 713->716 717 4d9c05-4d9c08 SetClipboardData 713->717 720 4d9c0e-4d9c11 SetClipboardData 716->720 721 4d9c13 CloseClipboard 716->721 717->716 723 4d9b6d-4d9b70 GlobalLock 718->723 724 4d9b87-4d9b8d call 439d00 718->724 719->708 720->721 721->699 727 4d9b76-4d9b7e 723->727 724->719 727->727 728 4d9b80-4d9b81 GlobalUnlock 727->728 728->724
                                      APIs
                                      • GlobalAlloc.KERNEL32(00002002,00000002), ref: 004D9B06
                                      • GlobalLock.KERNEL32(00000000), ref: 004D9B17
                                      • GlobalUnlock.KERNEL32(00000000), ref: 004D9B28
                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,00000000,00000000), ref: 004D9B51
                                      • GlobalAlloc.KERNEL32(00002002,00000001), ref: 004D9B61
                                      • GlobalLock.KERNEL32(00000000), ref: 004D9B70
                                      • GlobalUnlock.KERNEL32(00000000), ref: 004D9B81
                                      • GlobalAlloc.KERNEL32(00002002,00000003,?,?,?,00000000,0040D599,00000000,00000000), ref: 004D9BB8
                                      • GlobalLock.KERNEL32(00000000), ref: 004D9BC5
                                      • GlobalUnlock.KERNEL32(00000000), ref: 004D9BDB
                                      • OpenClipboard.USER32(00000000), ref: 004D9BEB
                                      • EmptyClipboard.USER32 ref: 004D9BF5
                                      • SetClipboardData.USER32(0000000D,00000000), ref: 004D9C08
                                      • SetClipboardData.USER32(00000001,00000000), ref: 004D9C11
                                      • CloseClipboard.USER32 ref: 004D9C13
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: Global$Clipboard$AllocLockUnlock$Data$ByteCharCloseEmptyMultiOpenWide
                                      • String ID:
                                      • API String ID: 3392129136-0
                                      • Opcode ID: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                      • Instruction ID: e40826f6a6b6de4095afa5ba746f594757548e465f4129e7c784a6b23cc7d310
                                      • Opcode Fuzzy Hash: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                      • Instruction Fuzzy Hash: 7A41F371104302ABE3111B61BC99B277BFCAFA1B04F09041BF986D7341DA69EC09D7BA

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 778 416621-416631 779 416637-41663c 778->779 780 416b2e-416b35 778->780 779->780 781 416642-416651 call 49ad90 779->781 784 416653 781->784 785 416655-41665b 781->785 784->785 786 41666d-41667a call 4848b0 785->786 787 41665d-41666b call 4848b0 785->787 792 41667e-416682 786->792 787->792 793 416684-416688 792->793 794 4166bc-4166c1 792->794 793->794 797 41668a-416692 793->797 795 4166c3 794->795 796 4166c5-4166c9 794->796 795->796 798 41686a-41687b call 40cef0 796->798 799 4166cf-4166e7 call 463050 call 411870 796->799 797->794 800 416694-41669d 797->800 810 4168a5-4168ae 798->810 811 41687d-416881 798->811 799->798 818 4166ed-4167be call 4c9000 call 40ceb0 call 4900f0 call 4c9000 call 40ceb0 call 4900f0 call 4c9000 call 40ceb0 call 4900f0 call 4c9000 call 40ceb0 call 4900f0 799->818 800->794 802 41669f-4166ac 800->802 805 4166ba 802->805 806 4166ae-4166b2 802->806 805->794 806->805 809 4166b4-4166b8 806->809 809->794 809->805 813 4168b0-4168b5 810->813 814 4168c5-4168c9 810->814 811->810 812 416883-41688b 811->812 812->810 816 41688d-416895 812->816 813->814 817 4168b7-4168c0 call 40f880 813->817 819 416b0f-416b2b call 439d00 814->819 820 4168cf-4168d9 814->820 816->810 821 416897-4168a0 call 40f880 816->821 817->814 916 4167c0-4167d5 call 4c9000 818->916 917 4167d7-4167e7 call 4c9000 818->917 819->780 825 4168f9-41690e call 415860 820->825 826 4168db-4168f3 call 463050 call 411870 820->826 821->810 835 416af2-416b0e call 439d00 825->835 836 416914-416928 825->836 826->825 826->835 840 416940-416950 836->840 841 41692a-41693b call 4900f0 836->841 846 416952-416963 call 4900f0 840->846 847 416968-416978 840->847 855 416ab6-416ac8 call 4c9030 841->855 846->855 851 416990-4169a0 847->851 852 41697a-41698b call 4900f0 847->852 858 4169a2-4169b3 call 4900f0 851->858 859 4169b8-4169c8 851->859 852->855 875 416ad7-416aec call 415860 855->875 876 416aca-416ad2 call 4900f0 855->876 858->855 862 4169e0-4169f0 859->862 863 4169ca-4169db call 4900f0 859->863 869 4169f2-416a03 call 4900f0 862->869 870 416a08-416a18 862->870 863->855 869->855 870->855 877 416a1e-416a3b call 4900f0 call 48c060 870->877 875->835 875->836 876->875 890 416a3d-416a6d call 463070 call 490dd0 call 48c060 877->890 891 416a6f-416a79 call 4023b0 877->891 890->855 890->891 891->855 900 416a7b-416a86 call 411870 891->900 900->855 909 416a88-416a9e call 48c020 call 495630 900->909 909->855 921 416aa0-416ab3 call 4900f0 call 439d00 909->921 925 4167ec-416812 call 40ceb0 call 4900f0 916->925 917->925 921->855 933 416814-416827 call 495630 925->933 934 41683f-416852 call 495630 925->934 933->934 940 416829-41683c call 4900f0 call 439d00 933->940 934->798 939 416854-416867 call 4900f0 call 439d00 934->939 939->798 940->934
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: COMM$TALB$TCON$TIT2$TPE1$TRCK$TYER$album$artist$comment$genre$songname$track$year
                                      • API String ID: 0-590896439
                                      • Opcode ID: 58e90cd763c27353f5f737474b6cde04d51412e2af52a5f89d8bdd9097ff8991
                                      • Instruction ID: 644f6fcce6cd6c0cf36f8c2a49984ad5006fbd26ddfeab9ab515d91a446fbcca
                                      • Opcode Fuzzy Hash: 58e90cd763c27353f5f737474b6cde04d51412e2af52a5f89d8bdd9097ff8991
                                      • Instruction Fuzzy Hash: 36D1F471204240ABDB14EA55C892BBB77E9AF84304F05482EF64587382EF7DDC49C7AA
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: _level$gfff$gfff$landscape$paperHeight$portrait$printAsBitmap$xMax$xMin$yMax$yMin
                                      • API String ID: 0-188115620
                                      • Opcode ID: dea08f720592daa481637ef8359b17615b2d3d0a0cce9d10a90a14ebba861c01
                                      • Instruction ID: 70ff334641663e0afb433915ac50cfd4971647fdd0d0ab24e810831b83e0dab3
                                      • Opcode Fuzzy Hash: dea08f720592daa481637ef8359b17615b2d3d0a0cce9d10a90a14ebba861c01
                                      • Instruction Fuzzy Hash: 7C6290706047019FC714DF29D491AABB7E1FF88344F14896EF58A8B791DB38E884CB99
                                      APIs
                                      • OpenClipboard.USER32(00000000), ref: 004D9C27
                                      • GetClipboardData.USER32(00000001), ref: 004D9C3A
                                      • GetClipboardData.USER32(0000000D), ref: 004D9C42
                                      • GetClipboardData.USER32(00000000), ref: 004D9C4B
                                      • CloseClipboard.USER32 ref: 004D9C56
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: Clipboard$Data$CloseOpen
                                      • String ID:
                                      • API String ID: 464010812-0
                                      • Opcode ID: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                      • Instruction ID: 2f18cbc0f6c8a3dbd26954e8439ab7c802a903eab365c315afdcc22c9d276e9e
                                      • Opcode Fuzzy Hash: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                      • Instruction Fuzzy Hash: 41E09AB230022517EB9026BA6C4CF97A2EC9F54F90F050123F604C6340E6A6CC0457B1
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: $K$gfff$gfff$gfff
                                      • API String ID: 0-1048959944
                                      • Opcode ID: d12f4ee0db7e837eeaddada9b02ab57d1ed414e4daef55ec7281e1621cc72c7d
                                      • Instruction ID: 9d2a5138eda07fb78ed16dc27847904d5eff4784a57d1f73a6c8b6feaa4118fd
                                      • Opcode Fuzzy Hash: d12f4ee0db7e837eeaddada9b02ab57d1ed414e4daef55ec7281e1621cc72c7d
                                      • Instruction Fuzzy Hash: 91426DB06083558FC728CF19D590A6BBBE5BFC8304F44895EF88A8B352D738D945CB96
                                      APIs
                                      • GetCurrentThreadId.KERNEL32 ref: 004C9674
                                      • GetKeyboardLayout.USER32(00000000), ref: 004C967B
                                      • GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,?,?,004D9D12,?,000000FF), ref: 004C9693
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CurrentInfoKeyboardLayoutLocaleThread
                                      • String ID:
                                      • API String ID: 4094687451-0
                                      • Opcode ID: 1ddd6823bd2bc3ee9e8a39c3bbd18c243f80e9d84aa9d73e1ce1e55aef709746
                                      • Instruction ID: c18c3e67b2d418a81a9ed34cd04b46ff7c576915d0efad72319c368f8fc6f991
                                      • Opcode Fuzzy Hash: 1ddd6823bd2bc3ee9e8a39c3bbd18c243f80e9d84aa9d73e1ce1e55aef709746
                                      • Instruction Fuzzy Hash: A9E0E57A6003107BD601EB68BC09FAB77F8AB54B01F408419FA44C2280E338D90897FB
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: $
                                      • API String ID: 0-227171996
                                      • Opcode ID: 395a1bfc07a86bc1b17be198384b933d6e74c24733d271f90db895820ae6568e
                                      • Instruction ID: e3b698b264220c6a4a7ff30e5bd10faba35ce6b07e42392d760f651db3adf898
                                      • Opcode Fuzzy Hash: 395a1bfc07a86bc1b17be198384b933d6e74c24733d271f90db895820ae6568e
                                      • Instruction Fuzzy Hash: E46249716183419FC364CF29C980A6BB7E5FFC8304F148A2EE59997391D738E905CB9A
                                      APIs
                                      • GetSystemTime.KERNEL32(?,?,004CE646,?,0041E572), ref: 004CE5B7
                                      • GetTimeZoneInformation.KERNEL32(00563D90,?,?,004CE646,?,0041E572), ref: 004CE607
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: Time$InformationSystemZone
                                      • String ID:
                                      • API String ID: 702727434-0
                                      • Opcode ID: f738a3c553d765e04b5bec4b324b6c4fee79bb83ad17f4052d4625c48ac5b856
                                      • Instruction ID: 027c201d87c87fe04e998a3dacbc9da3b97e28b55a26ca5f2fa1b84a2cf7f3f2
                                      • Opcode Fuzzy Hash: f738a3c553d765e04b5bec4b324b6c4fee79bb83ad17f4052d4625c48ac5b856
                                      • Instruction Fuzzy Hash: E9011D78608201DBC310BF09E85556BB7F9FB78B10FC0850AE48583321E3F68D88DB29
                                      APIs
                                      • GetProcessHeap.KERNEL32(00000000,?,00528C3A,-00000003), ref: 0052B447
                                      • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004012F9), ref: 0052B44E
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: Heap$AllocProcess
                                      • String ID:
                                      • API String ID: 1617791916-0
                                      • Opcode ID: 59176d969d8d5ab64b55edfac97e4b95670c40f205a4eeb4c3389c15a55de6de
                                      • Instruction ID: 2d67d1c8230b34df0e9697497b7d0e8b3de7afbebdcce056a4f33b586f436b97
                                      • Opcode Fuzzy Hash: 59176d969d8d5ab64b55edfac97e4b95670c40f205a4eeb4c3389c15a55de6de
                                      • Instruction Fuzzy Hash: 61B092B9604200ABDE009BA0AE0CB1BB678AB54702F000400B619C1160C630C804EB31
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: R
                                      • API String ID: 0-1968290334
                                      • Opcode ID: 8546aa269060c6db0e10336a880f1cd0ec7275522bd7a3a93064d1100faa0acd
                                      • Instruction ID: ce0d7d11e4424d034f190161494b7aac1bec0c29b2276794a3ebc18ef3406d1c
                                      • Opcode Fuzzy Hash: 8546aa269060c6db0e10336a880f1cd0ec7275522bd7a3a93064d1100faa0acd
                                      • Instruction Fuzzy Hash: 84C1D1B2E041689AFB208A14DC84BFBB775FF95310F1480FAD84DA7641D6791EC28F66
                                      APIs
                                      • CoCreateInstance.OLE32(00549E88,00000000,00000001,0054A654,?,?,?,004FB325,?,?,00000000,7734E820), ref: 004F9365
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CreateInstance
                                      • String ID:
                                      • API String ID: 542301482-0
                                      • Opcode ID: 32cc378c3d08419dc9c729465278953167982d40ee5e1f975ead0e7be58d7922
                                      • Instruction ID: d33697237a28c181885f9fc6147cb760b8f27fbda8fa23562785bbd0682874fe
                                      • Opcode Fuzzy Hash: 32cc378c3d08419dc9c729465278953167982d40ee5e1f975ead0e7be58d7922
                                      • Instruction Fuzzy Hash: E8F0823270111167D7288A2EEC45BE7B7D9AFD8710B05412ABD04D7280D7A0EC418594
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: Version
                                      • String ID:
                                      • API String ID: 1889659487-0
                                      • Opcode ID: ee60f9e95fcef11a94c07e1fc1ede8b3207cc5aa390eaa880cb51700aab72f76
                                      • Instruction ID: 055774edfa36a1cc0f2afeca4167b9a8919af704cd7fbd49c209ae17ea6089f8
                                      • Opcode Fuzzy Hash: ee60f9e95fcef11a94c07e1fc1ede8b3207cc5aa390eaa880cb51700aab72f76
                                      • Instruction Fuzzy Hash: D3E0C22C0042804EE7608F38A90AB593BB1AB65244F8804DCD4E443213D3B9021FE766
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: dc5a42f13e7841349ae14dd0d814db7469e84fc1a093c776fc8443455eaf0811
                                      • Instruction ID: 01d32cbd04fd490b405bbb3076ca95c53af9ac6c7c72bf4527c2ddcebbd18577
                                      • Opcode Fuzzy Hash: dc5a42f13e7841349ae14dd0d814db7469e84fc1a093c776fc8443455eaf0811
                                      • Instruction Fuzzy Hash: D58269703083119FD714DF29E580B6BB7E5BB98708F84895EE8898B341D738EC56CB5A
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a904873dfafe76d50723d2220b700b55706c147e6e180d2363eb77a360958730
                                      • Instruction ID: 96a45275b5f9c73a41d1d8337e9608839c2e373e62523567d3dab65913c056f8
                                      • Opcode Fuzzy Hash: a904873dfafe76d50723d2220b700b55706c147e6e180d2363eb77a360958730
                                      • Instruction Fuzzy Hash: 1212AF71608B019BC714DF69C890AABB3F5BF88304F444A2EF585C3741E778E949CB9A
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 04095868b29765f6348be8197726760830473c8083571c9ba6bc4c95f4dee8ec
                                      • Instruction ID: 498cbeb692f4c70c8915f573c8722a097fb1111c7146c1bbe368278cd5f5e3e7
                                      • Opcode Fuzzy Hash: 04095868b29765f6348be8197726760830473c8083571c9ba6bc4c95f4dee8ec
                                      • Instruction Fuzzy Hash: 5F02CE71A04B049FD310CF29E84679AB7F5FFD8304F04892EF4CA96691D7B8E4699B09
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 927d87f6a08cd34fb77d99441a45c3a4ce47cf1e0f25776f7bb3331dde36990d
                                      • Instruction ID: 1e7c3244e7452ae8d69b03c5c8d6f6dafe267a2916603bd4dd3bb4cac85038a4
                                      • Opcode Fuzzy Hash: 927d87f6a08cd34fb77d99441a45c3a4ce47cf1e0f25776f7bb3331dde36990d
                                      • Instruction Fuzzy Hash: FCC15171A087A28FC304CF5884C0406FFE2BED535072DC7AAD8985B3A6D378A899D7D5
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 328fd253c3d3266b9f1183c168a7c073fa13225f90af89d8ccac7b3aac2585fb
                                      • Instruction ID: bfa59705cebf717bb77a31e3df0fdea1df1b133d84f49527330e693498930ead
                                      • Opcode Fuzzy Hash: 328fd253c3d3266b9f1183c168a7c073fa13225f90af89d8ccac7b3aac2585fb
                                      • Instruction Fuzzy Hash: 0091A4B2D001285FF728CA18DD56AEBBB79EB84314F0541BBE40DA6684D7785FC1CE42
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6a5c0a1541d3030db029717021fe89afd2a5752fc6c068978f495cf4b702206e
                                      • Instruction ID: daade82ce8e1d1b2ee71ce6920598c29f2be78123f22ed51f0027d5a07208b60
                                      • Opcode Fuzzy Hash: 6a5c0a1541d3030db029717021fe89afd2a5752fc6c068978f495cf4b702206e
                                      • Instruction Fuzzy Hash: F471E8B2D001285FF768CA18DD56AEBBB78EB45314F0541FBE80DA6680D6385FC5CE52
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 68be6958af1c6a53e962f91bcc0efa0a9d1af6a4e755137e866c4c74eff88070
                                      • Instruction ID: 95a1ac05ea7bf9e85cb9af7e548825cad19751d86e8640f90a726477929908b6
                                      • Opcode Fuzzy Hash: 68be6958af1c6a53e962f91bcc0efa0a9d1af6a4e755137e866c4c74eff88070
                                      • Instruction Fuzzy Hash: 6351B5B2D011285FF768CA18DE56AEBBB78EF94314F0541BBE40DA6680D6385FC4CD42
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 75b50ff1b9ba4dd892b9e41ada2c345e4812fadd8f996589414a3cb6cb0e819a
                                      • Instruction ID: 53d2608e8c54cd10bb4b85a771cf95748db63415cbca46aee886de67e8a57e6b
                                      • Opcode Fuzzy Hash: 75b50ff1b9ba4dd892b9e41ada2c345e4812fadd8f996589414a3cb6cb0e819a
                                      • Instruction Fuzzy Hash: E0218EB1B054214FDB2C9B0E942113AB7E3EFDE30234A82BEE8579B3A9D9741D11D694

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 26 4f4a60-4f4a93 EnterCriticalSection 27 4f4a95-4f4a9d 26->27 28 4f4aa3-4f4aab 26->28 27->28 29 4f4aad-4f4ab5 28->29 30 4f4abb-4f4ac3 28->30 29->30 31 4f4ac5-4f4acd 30->31 32 4f4ad3-4f4adb 30->32 31->32 33 4f4aed-4f4af5 32->33 34 4f4add-4f4ae7 32->34 35 4f4afb-4f4b07 LeaveCriticalSection 33->35 36 4f4bf2-4f4bfe LeaveCriticalSection 33->36 34->33 39 4f4b09-4f4b19 35->39 40 4f4b21-4f4b27 35->40 37 4f4c18-4f4c1e 36->37 38 4f4c00-4f4c10 36->38 43 4f4c38-4f4c3e 37->43 44 4f4c20-4f4c30 37->44 38->37 39->40 41 4f4b29-4f4b39 40->41 42 4f4b41-4f4b47 40->42 41->42 45 4f4bbb-4f4bc1 42->45 46 4f4b49-4f4b69 42->46 47 4f4cb2-4f4cb8 43->47 48 4f4c40-4f4c60 43->48 44->43 49 4f4f2f-4f4f35 45->49 50 4f4bc7-4f4bf1 45->50 51 4f4b6b 46->51 52 4f4b71-4f4bb8 call 462e80 call 4a5380 call 439d00 46->52 53 4f4cdc-4f4d05 EnterCriticalSection LeaveCriticalSection 47->53 54 4f4cba-4f4cd4 47->54 55 4f4c68-4f4caf call 462e80 call 4a5380 call 439d00 48->55 56 4f4c62 48->56 51->52 52->45 58 4f4f2e 53->58 59 4f4d0b-4f4d1c EnterCriticalSection LeaveCriticalSection 53->59 54->53 55->47 56->55 58->49 63 4f4d24-4f4d42 EnterCriticalSection 59->63 66 4f4df8-4f4e1d EnterCriticalSection call 4f3bc0 LeaveCriticalSection 63->66 67 4f4d48-4f4d50 63->67 76 4f4e1f-4f4e2b 66->76 77 4f4e3b-4f4e46 call 4f3340 66->77 67->66 72 4f4d56-4f4d6e EnterCriticalSection LeaveCriticalSection 67->72 74 4f4d74-4f4df1 EnterCriticalSection LeaveCriticalSection EnterCriticalSection LeaveCriticalSection 72->74 75 4f4df3 72->75 74->66 74->75 75->66 80 4f4e2d 76->80 81 4f4e32-4f4e34 76->81 89 4f4e97-4f4e9c LeaveCriticalSection 77->89 90 4f4e48-4f4e4d 77->90 80->81 81->77 86 4f4e36-4f4e39 81->86 86->77 86->89 91 4f4ea2-4f4ebd EnterCriticalSection 89->91 92 4f4e4f-4f4e51 90->92 93 4f4e69-4f4e73 call 4f3d00 90->93 95 4f4ebf-4f4ec1 91->95 96 4f4ed8-4f4ee5 LeaveCriticalSection 91->96 92->93 97 4f4e53-4f4e55 92->97 98 4f4e78-4f4e8f LeaveCriticalSection 93->98 99 4f4eca-4f4ed2 95->99 100 4f4ec3-4f4ec8 95->100 101 4f4f0c-4f4f12 96->101 102 4f4ee7-4f4efb EnterCriticalSection 96->102 97->93 103 4f4e57-4f4e67 call 4ff020 call 439d00 97->103 98->63 104 4f4e95 98->104 99->96 100->96 101->58 108 4f4f14-4f4f29 101->108 105 4f4efd 102->105 106 4f4f01-4f4f06 LeaveCriticalSection 102->106 103->98 104->91 105->106 106->101 108->58
                                      APIs
                                      • EnterCriticalSection.KERNEL32 ref: 004F4A89
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F4AFB
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F4BF2
                                      • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F4CEA
                                      • LeaveCriticalSection.KERNEL32(?,?), ref: 004F4CFD
                                      • EnterCriticalSection.KERNEL32(?), ref: 004F4D17
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F4D1A
                                      • EnterCriticalSection.KERNEL32(?), ref: 004F4D36
                                      • EnterCriticalSection.KERNEL32(?), ref: 004F4D5D
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F4D66
                                      • EnterCriticalSection.KERNEL32(?), ref: 004F4D81
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F4D87
                                      • EnterCriticalSection.KERNEL32(?), ref: 004F4DB6
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F4DC0
                                      • EnterCriticalSection.KERNEL32(?), ref: 004F4E05
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F4E11
                                      • LeaveCriticalSection.KERNEL32(?,00000000), ref: 004F4E7D
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F4E9C
                                      • EnterCriticalSection.KERNEL32(?), ref: 004F4EB3
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F4ED9
                                      • EnterCriticalSection.KERNEL32(?), ref: 004F4EF4
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F4F06
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$Leave$Enter
                                      • String ID: NetStream.Play.Start$NetStream.Play.Stop$NetStream.Play.StreamNotFound$NetStream.Seek.InvalidTime$NetStream.Seek.Notify$error$status
                                      • API String ID: 2978645861-761530088
                                      • Opcode ID: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                      • Instruction ID: 162dc2aece2cb8deeda7270d3cf99ca9d96a23cce06d37320eaaf024755f17c1
                                      • Opcode Fuzzy Hash: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                      • Instruction Fuzzy Hash: C7E190352047459FD320DB34C845BABBBE1BF89714F04895DE9AA57382CB74F80ACB65

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 590 4d5d20-4d5d40 call 435350 593 4d6069-4d6073 590->593 594 4d5d46-4d5d56 call 435400 590->594 597 4d5d58-4d5d6f DestroyWindow 594->597 598 4d5d72-4d5d82 call 435400 594->598 601 4d5dab-4d5dbb call 435400 598->601 602 4d5d84-4d5da8 call 4d5380 call 4db4e0 598->602 608 4d5dbd-4d5dec call 4d5380 call 4a7ac0 601->608 609 4d5def-4d5dff call 435400 601->609 616 4d5fdc-4d5fec call 435400 609->616 617 4d5e05-4d5e12 609->617 628 4d5fee-4d602f call 4d5380 GetMenu call 4dad30 616->628 629 4d6032-4d6042 call 435400 616->629 620 4d5e14-4d5e16 617->620 621 4d5e41-4d5e55 GetModuleFileNameA 617->621 625 4d5e1c-4d5e1e 620->625 626 4d5e18-4d5e1a 620->626 622 4d605c-4d6066 621->622 623 4d5e5b-4d5e5c 621->623 623->622 627 4d5e62-4d5e69 623->627 631 4d5e24-4d5e26 625->631 632 4d5e20-4d5e22 625->632 626->625 630 4d5e38-4d5e3f 626->630 633 4d5e6b-4d5e6e 627->633 634 4d5e80-4d5e82 627->634 629->593 647 4d6044-4d6056 call 4d5380 629->647 630->620 630->621 637 4d5e2c-4d5e2e 631->637 638 4d5e28-4d5e2a 631->638 632->630 632->631 633->634 639 4d5e70-4d5e71 633->639 634->622 641 4d5e88-4d5e92 634->641 637->630 643 4d5e30-4d5e32 637->643 638->630 638->637 639->627 644 4d5e73-4d5e7d 639->644 646 4d5e95-4d5e9a 641->646 643->622 643->630 646->646 649 4d5e9c-4d5ec2 call 52b380 * 2 646->649 647->622 656 4d5fbf-4d5fd9 call 439d00 * 2 649->656 657 4d5ec8-4d5eca 649->657 657->656 658 4d5ed0-4d5eda 657->658 660 4d5ee0-4d5ee8 658->660 660->660 663 4d5eea-4d5eed 660->663 665 4d5ef0-4d5ef6 663->665 665->665 666 4d5ef8-4d5f20 665->666 667 4d5f22-4d5f2a 666->667 667->667 668 4d5f2c-4d5f30 667->668 669 4d5f33-4d5f39 668->669 669->669 670 4d5f3b-4d5f4d 669->670 671 4d5f50-4d5f55 670->671 671->671 672 4d5f57-4d5f5d 671->672 673 4d5f60-4d5f66 672->673 673->673 674 4d5f68-4d5fb9 CreateProcessA 673->674 674->656
                                      APIs
                                      • DestroyWindow.USER32(?,?,?,?,?), ref: 004D5D5F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: DestroyWindow
                                      • String ID: D$FSCommand:$\fscommand$allowscale$exec$fullscreen$quit$showmenu$trapallkeys
                                      • API String ID: 3375834691-1928458085
                                      • Opcode ID: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                      • Instruction ID: 7647b0b3e504c4bbb0374484e0d8b702cf2a7569de5a553b4a60fd35f403e9ef
                                      • Opcode Fuzzy Hash: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                      • Instruction Fuzzy Hash: 27914C35504B015BCB24EF28EC617FBB791AFA6309F44451FE8888B341DB2A990BC7D9

                                      Control-flow Graph

                                      APIs
                                      • GetWindowLongA.USER32(?,000000F0), ref: 004DB511
                                      • GetWindowRect.USER32(?,?), ref: 004DB531
                                      • GetClientRect.USER32(?,?), ref: 004DB541
                                      • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB55D
                                      • GetMenu.USER32(?), ref: 004DB581
                                      • SetMenu.USER32(?,00000000), ref: 004DB596
                                      • GetDesktopWindow.USER32 ref: 004DB5B0
                                      • GetWindowRect.USER32(00000000,?), ref: 004DB5BC
                                      • SetWindowPos.USER32(?,00000000,?,?,?,?,00000000,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB5E1
                                      • GetWindowLongA.USER32(?,000000F0), ref: 004DB604
                                      • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB62A
                                      • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB66D
                                      • GetWindowRect.USER32(?,?), ref: 004DB6A5
                                      • GetClientRect.USER32(?,?), ref: 004DB6B7
                                      • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB702
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: Window$Rect$Long$ClientMenuMove$Desktop
                                      • String ID:
                                      • API String ID: 3087884050-0
                                      • Opcode ID: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                      • Instruction ID: afb7dc4107877f96dc9ff69242aee4b267e14dc018c2a581ac30f1de2d6509eb
                                      • Opcode Fuzzy Hash: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                      • Instruction Fuzzy Hash: 1C61F7756047009FE714CF79D888FA7B7E9EB98314F108A1EE5AA83344DE74B8088B65

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 730 4cfe40-4cfe62 731 4cfe68-4cfe6d call 497d20 730->731 732 4cffe0-4cfffd RegOpenKeyExA 730->732 739 4cfe6f call 4cb0e0 731->739 734 4cffff-4d002b RegQueryValueExA 732->734 735 4d0049-4d0059 732->735 737 4d002d-4d0039 call 435020 734->737 738 4d003e-4d0042 734->738 737->738 741 4d0043 RegCloseKey 738->741 742 4cfe74-4cfe76 739->742 741->735 743 4cfe7c-4cfe99 RegOpenKeyExW 742->743 744 4cff3f-4cff5c RegOpenKeyExA 742->744 743->735 745 4cfe9f-4cfecb RegQueryValueExW 743->745 744->735 746 4cff62-4cff8e RegQueryValueExA 744->746 745->738 747 4cfed1-4cfee3 call 4b8350 745->747 748 4cffd9-4cffde 746->748 749 4cff90-4cff93 746->749 747->738 757 4cfee9-4cfeec 747->757 748->741 751 4cffc8-4cffd4 call 435020 749->751 752 4cff95-4cffa9 call 4b8440 749->752 751->748 752->748 758 4cffab-4cffc6 call 435020 call 439d00 752->758 759 4cfeee-4cff04 call 435020 call 439d00 757->759 760 4cff09-4cff1e call 4d9d70 call 439d00 757->760 758->741 759->738 760->738 773 4cff24-4cff3a call 435020 call 439d00 760->773 773->738
                                      APIs
                                      • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFE8F
                                      • RegQueryValueExW.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFEC1
                                      • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFF52
                                      • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFF84
                                      • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFFF3
                                      • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004D0021
                                      • RegCloseKey.ADVAPI32(00000000), ref: 004D0043
                                        • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: OpenQueryValue$CloseVersion
                                      • String ID: AppData$AppData$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                      • API String ID: 3944000476-502054578
                                      • Opcode ID: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                      • Instruction ID: f72081d33d1e3e5e856db847e9c33e0e25e3821136d69a0383b26c3c547fa845
                                      • Opcode Fuzzy Hash: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                      • Instruction Fuzzy Hash: 0151B2715087017BC725DB50EC95FAB73E8AF88754F00891EF98553381EAB9D80AC7AA

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 949 4f5fc0-4f5fd7 950 4f5fdd-4f5ff0 call 4f5cb0 949->950 951 4f6093-4f6095 949->951 960 4f605d-4f6065 950->960 961 4f5ff2-4f6058 call 4fe010 950->961 952 4f60f7-4f60f9 951->952 953 4f6097-4f609f 951->953 955 4f60ff-4f6101 952->955 956 4f61a1 952->956 957 4f60b2-4f60ba 953->957 958 4f60a1-4f60a6 953->958 962 4f6107-4f6148 EnterCriticalSection LeaveCriticalSection EnterCriticalSection LeaveCriticalSection call 4f2bf0 955->962 963 4f62e5-4f62ec 955->963 956->963 965 4f61a7-4f61a9 956->965 957->952 966 4f60bc-4f60be 957->966 958->957 964 4f60a8-4f60b0 958->964 960->951 968 4f6067-4f607c EnterCriticalSection 960->968 961->960 979 4f614a 962->979 980 4f6167-4f6174 call 4f2bf0 962->980 964->957 964->966 965->963 970 4f61af-4f61c2 call 4f24f0 965->970 971 4f60d3 966->971 972 4f60c0-4f60c5 966->972 973 4f607e 968->973 974 4f6085-4f608d LeaveCriticalSection 968->974 985 4f624e-4f625b call 4f24f0 970->985 986 4f61c8-4f61ce 970->986 978 4f60d9-4f60f2 call 4e5ec0 971->978 972->971 977 4f60c7-4f60d1 972->977 973->974 974->951 977->971 977->978 978->952 984 4f6150-4f6165 call 4f3d00 call 4f2bf0 979->984 980->963 995 4f617a 980->995 984->980 985->963 1001 4f6261 985->1001 987 4f61d0-4f61df EnterCriticalSection 986->987 992 4f61e6-4f61ef 987->992 993 4f61e1 987->993 998 4f6201-4f620a 992->998 999 4f61f1-4f61ff 992->999 993->992 1000 4f6180-4f6195 call 4f3d00 call 4f2bf0 995->1000 1003 4f6211-4f622b LeaveCriticalSection EnterCriticalSection 998->1003 999->1003 1021 4f6197-4f619e 1000->1021 1005 4f6267-4f6276 EnterCriticalSection 1001->1005 1007 4f622d-4f6233 1003->1007 1008 4f6240-4f624c LeaveCriticalSection 1003->1008 1010 4f627d-4f6286 1005->1010 1011 4f6278 1005->1011 1014 4f623a-4f623d 1007->1014 1015 4f6235-4f6238 1007->1015 1008->985 1008->987 1012 4f6298-4f62a1 1010->1012 1013 4f6288-4f6296 1010->1013 1011->1010 1017 4f62a8-4f62c2 LeaveCriticalSection EnterCriticalSection 1012->1017 1013->1017 1014->1008 1015->1008 1019 4f62d7-4f62e3 LeaveCriticalSection 1017->1019 1020 4f62c4-4f62ca 1017->1020 1019->963 1019->1005 1022 4f62cc-4f62cf 1020->1022 1023 4f62d1-4f62d4 1020->1023 1022->1019 1023->1019
                                      APIs
                                      • EnterCriticalSection.KERNEL32(?,?,00000000,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F606E
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F608D
                                      • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6111
                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F611B
                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F612B
                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6135
                                        • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                        • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                        • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                        • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                        • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                        • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                      • EnterCriticalSection.KERNEL32(?,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F61D1
                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6212
                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F621C
                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6244
                                      • EnterCriticalSection.KERNEL32(?,00000001,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6268
                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62A9
                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62B3
                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62DB
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$EnterLeave
                                      • String ID:
                                      • API String ID: 3168844106-0
                                      • Opcode ID: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                      • Instruction ID: 143f1fb28292c6c8f5848ec82d72cb0c1768edffe3cb57bca7300ec5568bca4f
                                      • Opcode Fuzzy Hash: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                      • Instruction Fuzzy Hash: 2AA1113020430E8BC725DF349854BBBBBB9AF94304F15056EFA5687382DB79E809CB65
                                      APIs
                                      • StartDocA.GDI32(?,00000000), ref: 004D7F29
                                      • GetDeviceCaps.GDI32(?,00000008), ref: 004D7F47
                                      • GetDeviceCaps.GDI32(?,0000000A), ref: 004D7F55
                                      • LPtoDP.GDI32(00000000,00000002), ref: 004D7F83
                                      • GetDeviceCaps.GDI32(00000000,0000006E), ref: 004D7FA0
                                      • GetDeviceCaps.GDI32(00000000,0000006F), ref: 004D7FAE
                                      • GetDeviceCaps.GDI32(00000000,00000058), ref: 004D7FBC
                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004D7FD2
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CapsDevice$Start
                                      • String ID: portrait
                                      • API String ID: 1738886688-2504013051
                                      • Opcode ID: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                      • Instruction ID: 78bfa520cedcb1c13f518f393ea8421dc938ea51f70754ce75912898c89e0c82
                                      • Opcode Fuzzy Hash: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                      • Instruction Fuzzy Hash: 7641DFB0604B109FC324DF2AD980A1AFBF5BF98710F108A1EE58A877A1D771E845CF91
                                      APIs
                                      • EnterCriticalSection.KERNEL32(?,00000000,?,00000000,00000000,?,004AC0BD,?,?), ref: 004F705A
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F7081
                                      • EnterCriticalSection.KERNEL32(?), ref: 004F709A
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F70A3
                                      • timeGetTime.WINMM(00000000,00000000,00000000,00000000,?), ref: 004F7390
                                      • LeaveCriticalSection.KERNEL32(?,?), ref: 004F73D5
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$Leave$Enter$Timetime
                                      • String ID:
                                      • API String ID: 4022644143-0
                                      • Opcode ID: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                      • Instruction ID: 3d57daaa4b40982c2e4bbac1192c2a7fdd3e5fb289d79a2cbb097eeb1d58369f
                                      • Opcode Fuzzy Hash: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                      • Instruction Fuzzy Hash: 60A12B303083495BC7259F398890BBBBBE59F85700F04456EFA9AC7392DB6CE905D768
                                      APIs
                                      • EnterCriticalSection.KERNEL32(?,?,?,00000000,004F7352,?), ref: 004F2A19
                                      • timeGetTime.WINMM ref: 004F2A25
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F2A39
                                      • timeGetTime.WINMM(?), ref: 004F2A46
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F2AD7
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$LeaveTimetime$Enter
                                      • String ID: NetStream.Buffer.Empty$NetStream.Buffer.Full$status
                                      • API String ID: 2943255653-4242577526
                                      • Opcode ID: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                      • Instruction ID: adfbc573f46a5ae42de3eb127535f59d6c3a8125dfae6686c248f3bcdabba04f
                                      • Opcode Fuzzy Hash: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                      • Instruction Fuzzy Hash: 33217471740705ABD7308F14DD86B6BB7A4FB50B21F24462BF267966D0C7B4B8408754
                                      APIs
                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B64,00000002), ref: 004F3ED0
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F3EDE
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F3F20
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$Leave$Enter
                                      • String ID:
                                      • API String ID: 2978645861-0
                                      • Opcode ID: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                      • Instruction ID: 85195bc957575009e4a7604c5a43e45099f91f30af12cfc7e5b33174ac27f883
                                      • Opcode Fuzzy Hash: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                      • Instruction Fuzzy Hash: BF81C0316047494FC724DF39989057BB7F1AF853117148A2FE6A787B81DB38E805CB68
                                      APIs
                                      • EnterCriticalSection.KERNEL32(?), ref: 00401181
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004011B1
                                      • timeGetTime.WINMM ref: 004011C5
                                      • timeGetTime.WINMM ref: 004011D5
                                      • EnterCriticalSection.KERNEL32(?), ref: 004011E3
                                      • LeaveCriticalSection.KERNEL32(?), ref: 0040122A
                                      • timeGetTime.WINMM ref: 0040123E
                                      • EnterCriticalSection.KERNEL32(?), ref: 00401261
                                      • LeaveCriticalSection.KERNEL32(?), ref: 0040129E
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$EnterLeaveTimetime
                                      • String ID:
                                      • API String ID: 3486229058-0
                                      • Opcode ID: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                      • Instruction ID: b4a63a4f06c8fcffd2d454e61e85ed039b73bf68413dd997414ba6e559c29426
                                      • Opcode Fuzzy Hash: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                      • Instruction Fuzzy Hash: 6641D6357003148FCB309F60E80466BB7F4AF6575470486AEE896BB3E1DB38EC459AA5
                                      APIs
                                      • InterlockedExchange.KERNEL32(00000020,00000000), ref: 00411B68
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: ExchangeInterlocked
                                      • String ID: GET$_bytesLoaded$_bytesTotal$_customHeaders$contentType$loaded
                                      • API String ID: 367298776-2876428247
                                      • Opcode ID: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                      • Instruction ID: 337a073203a489cf9af6a636d5e82807fd5ac3b12a53b57697a6972a4ae57270
                                      • Opcode Fuzzy Hash: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                      • Instruction Fuzzy Hash: F6D126706047056BC714EF65D842AABB7E5BF88304F404A2EFA4687392EB38F945C799
                                      APIs
                                      • EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,004F5BA3,00000000), ref: 004F34EA
                                      • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3537
                                      • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3545
                                      • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3556
                                      • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F355F
                                      • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3594
                                      • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F359D
                                      • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36AD
                                      • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36BB
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$Enter$Leave
                                      • String ID:
                                      • API String ID: 2801635615-0
                                      • Opcode ID: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                      • Instruction ID: 93c01fc31a9ee7373f9c1d93048bf40271cec5808ab28bfcb2eca2428eaae834
                                      • Opcode Fuzzy Hash: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                      • Instruction Fuzzy Hash: 1F51BE3020474A9BD7249F319558BBBBBF8AF84742F04485EE5DEC3361DB28EA08C724
                                      APIs
                                      • EnterCriticalSection.KERNEL32(?,?,?,?), ref: 004F3709
                                      • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F374C
                                      • LeaveCriticalSection.KERNEL32(?,?), ref: 004F375C
                                      • EnterCriticalSection.KERNEL32(?), ref: 004F376D
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F377A
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F37A9
                                      • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F37C5
                                      • LeaveCriticalSection.KERNEL32(?,?), ref: 004F37D5
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F37EC
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$Leave$Enter
                                      • String ID:
                                      • API String ID: 2978645861-0
                                      • Opcode ID: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                      • Instruction ID: 1822ab8b2bc00c4b335a7296647f06df4fe24da2c1cedc303b1505dbbb5a7089
                                      • Opcode Fuzzy Hash: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                      • Instruction Fuzzy Hash: 2831D1B11087894BC610AF35A9807EBFBF8BF89714F04499DE5E953251C734AA1DC726
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: gethostbynamehtonlhtonsinet_addr
                                      • String ID: localhost
                                      • API String ID: 4009071410-2663516195
                                      • Opcode ID: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                      • Instruction ID: cf482c115b2fa46a5b5609c5aae3d134ea41c2cdeafd480f3feffcf81808ee73
                                      • Opcode Fuzzy Hash: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                      • Instruction Fuzzy Hash: 9131ED30208311ABDB20DF249C85BBBB7E5FF95710F004A1EF9559B381E7719948C7A6
                                      APIs
                                      • timeGetTime.WINMM(00000000), ref: 004145E1
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: Timetime
                                      • String ID: gfff$gfff$gfff$gfff
                                      • API String ID: 17336451-2178600047
                                      • Opcode ID: a6eb4a1a4bf024f16c397edd5e841aed2049ab2de515439dd25e44f6491a1c28
                                      • Instruction ID: e32ce3efbecf0e845fb5c017bd6949167df468d5a0ad1b28c98723774e94ba96
                                      • Opcode Fuzzy Hash: a6eb4a1a4bf024f16c397edd5e841aed2049ab2de515439dd25e44f6491a1c28
                                      • Instruction Fuzzy Hash: 79C17E313046059BD718DF15C494BEA77A6BFC8704F18856EE8498F382CB79ED42CB9A
                                      APIs
                                      • timeKillEvent.WINMM(?), ref: 004D8B13
                                      • Sleep.KERNEL32(00000001,?,0041D4A9), ref: 004D8B2D
                                      • waveOutReset.WINMM(?,?,0041D4A9), ref: 004D8B34
                                      • waveOutUnprepareHeader.WINMM(?,-000013C4,00000020,?,?,0041D4A9), ref: 004D8B5A
                                      • Sleep.KERNEL32(00000001,?,?,0041D4A9), ref: 004D8B63
                                      • waveOutClose.WINMM(?,?,0041D4A9), ref: 004D8B86
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: wave$Sleep$CloseEventHeaderKillResetUnpreparetime
                                      • String ID:
                                      • API String ID: 3030913982-0
                                      • Opcode ID: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                      • Instruction ID: 723e303dfaa0e6e3e16fcc3d7d301ea8209cd941138754b25ec6b12d62c8e06b
                                      • Opcode Fuzzy Hash: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                      • Instruction Fuzzy Hash: 0401ADB5A00214ABC3149F14EC88AAEB7F8FB98B11F00091BF41497301CB79A9598BF5
                                      APIs
                                      • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000,?,?,?,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF94E
                                      • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,-00000001,00000000,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF99D
                                      • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000), ref: 004CF9BF
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CreateFile
                                      • String ID: \\?\
                                      • API String ID: 823142352-4282027825
                                      • Opcode ID: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                      • Instruction ID: d900b4c61e2357813c95f9d4093febd61d3ae0210469f6574eac6d9984f09979
                                      • Opcode Fuzzy Hash: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                      • Instruction Fuzzy Hash: A141C2B5904300BBEB50EB21DC86F1B77A9EB89348F24092EF54597381D63DDC48C7A6
                                      APIs
                                      • EnterCriticalSection.KERNEL32(?,00000000,?,?,004DDFDB,000000FF,00000001,004DE7BA), ref: 004DD6FC
                                      • EnterCriticalSection.KERNEL32(?), ref: 004DD71E
                                        • Part of subcall function 004FA760: EnterCriticalSection.KERNEL32(?,?,00000000,7734E820,?,004DD732), ref: 004FA76A
                                        • Part of subcall function 004FA760: LeaveCriticalSection.KERNEL32(?), ref: 004FA77A
                                        • Part of subcall function 004DC9A0: EnterCriticalSection.KERNEL32 ref: 004DCA0C
                                        • Part of subcall function 004DC9A0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?), ref: 004DCA1D
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004DD741
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004DD744
                                      • EnterCriticalSection.KERNEL32(?), ref: 004DD74C
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004DD771
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004DD774
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$Leave$Enter
                                      • String ID:
                                      • API String ID: 2978645861-0
                                      • Opcode ID: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                      • Instruction ID: 32add75de912499d63db8df7e296ef1919b4cd71e3024a8d459c2c8f380e6b48
                                      • Opcode Fuzzy Hash: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                      • Instruction Fuzzy Hash: 59012975302A155FD324EB2ADC90B6BE3F9AF91354F00842FE546C3750CB64FC058AA9
                                      APIs
                                      • CreateWindowExA.USER32(00000000,STATIC,Dummy,80000000,00000000,00000000,00000005,00000005,00000000,00000000,00000000,00000000), ref: 004D866B
                                      • SetWindowLongA.USER32(00000000,000000EB,00000000), ref: 004D8683
                                      • SetWindowLongA.USER32(?,000000FC,004D8520), ref: 004D8690
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: Window$Long$Create
                                      • String ID: Dummy$STATIC
                                      • API String ID: 1733017098-132613206
                                      • Opcode ID: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                      • Instruction ID: 60c9263fdfddd51d1a46959990d996e43c4a0f9c9599785539e6d357df671051
                                      • Opcode Fuzzy Hash: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                      • Instruction Fuzzy Hash: 35F0303138471076E630A66ABC06F57B6EC9B59F31F21071AB319F76E0DAE0F8004A2C
                                      APIs
                                      • EnterCriticalSection.KERNEL32(?,00000010,?,00000000,00000000,004EF87C,?,?,004AC02B,?,?), ref: 004F5A80
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F5A8A
                                      • EnterCriticalSection.KERNEL32(?), ref: 004F5B2E
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F5B3D
                                      • EnterCriticalSection.KERNEL32(?,00000002), ref: 004F5B78
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F5B8A
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$EnterLeave
                                      • String ID:
                                      • API String ID: 3168844106-0
                                      • Opcode ID: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                      • Instruction ID: 42192e3c7faa4449eaa7148df56c5331408008ed83f87a65c0d534a8c29348b8
                                      • Opcode Fuzzy Hash: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                      • Instruction Fuzzy Hash: EE41B634300B0D5BD7259F319894BBB77A9AF80704F08415EEB6A8B392DB18FC15D768
                                      APIs
                                      • timeGetTime.WINMM(?,?,?,?,?,?), ref: 004F274C
                                      • EnterCriticalSection.KERNEL32(?,00000000,?,?,?), ref: 004F277D
                                      • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 004F2787
                                      • timeGetTime.WINMM(?,?), ref: 004F2792
                                      • timeGetTime.WINMM(?,?,?,?,?), ref: 004F27C6
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: Timetime$CriticalSection$EnterLeave
                                      • String ID:
                                      • API String ID: 1404962471-0
                                      • Opcode ID: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                      • Instruction ID: 9d8894fa7cd5c1a3a8d1574b016894ebc4e8e1121a62fd2c9071eafdbb47ea2c
                                      • Opcode Fuzzy Hash: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                      • Instruction Fuzzy Hash: B531BC35208B049BC314DF25E9956ABB7F1FFC9720F148A2DE4EA83390DB34A419CB56
                                      APIs
                                      • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 00529421
                                      • Sleep.KERNEL32(00000000,?,08000041,?,?,00529592,?,?), ref: 00529431
                                      • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 0052943A
                                      • InterlockedExchange.KERNEL32(00000378,00000000), ref: 0052944F
                                      • __aulldiv.LIBCMT ref: 0052947B
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: ExchangeInterlocked$Compare$Sleep__aulldiv
                                      • String ID:
                                      • API String ID: 1430435781-0
                                      • Opcode ID: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                      • Instruction ID: c7c6432b147b16162d76303af8a74e071e756cb34c164aed74e4a8b1f06fd785
                                      • Opcode Fuzzy Hash: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                      • Instruction Fuzzy Hash: 9C215AB15007409FD7219F2A9844A67FEFCFFA1705F10851FA45A873A1D7B4A904CB64
                                      APIs
                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                      • EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$EnterLeave
                                      • String ID:
                                      • API String ID: 3168844106-0
                                      • Opcode ID: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                      • Instruction ID: 3111dceef54b192a201187cebb12310cd19e01e5115420dd7c98ed3fae01612e
                                      • Opcode Fuzzy Hash: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                      • Instruction Fuzzy Hash: 2921A73520174A4BD710AF66E888BFFB7B8EB60305F00852FEB4643251C779A84ADB64
                                      APIs
                                      • CreateSolidBrush.GDI32(?), ref: 004D802E
                                      • SelectObject.GDI32(?,00000000), ref: 004D8044
                                      • FillRect.USER32(?,?,00000000), ref: 004D8067
                                      • SelectObject.GDI32(?,00000000), ref: 004D8075
                                      • DeleteObject.GDI32(00000000), ref: 004D8078
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: Object$Select$BrushCreateDeleteFillRectSolid
                                      • String ID:
                                      • API String ID: 3777265051-0
                                      • Opcode ID: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                      • Instruction ID: d8a686452ba02d7e488f009474b8275e6b936404318e954abf19810798465268
                                      • Opcode Fuzzy Hash: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                      • Instruction Fuzzy Hash: 76019A752042046FC304DB69ED88C6B7BF8EACD614B000A5DFA8983312E635E806DB71
                                      APIs
                                      • EnterCriticalSection.KERNEL32(?,?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E468C
                                      • LeaveCriticalSection.KERNEL32(?,0041D485), ref: 004E46A2
                                      • DeleteCriticalSection.KERNEL32(?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D0
                                      • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D9
                                      • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46E6
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$Delete$EnterLeave
                                      • String ID:
                                      • API String ID: 3104255891-0
                                      • Opcode ID: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                      • Instruction ID: c031ed0988ac34fb64eb35ca7992c3622ed3d26c78e5592643255ae209dbdd49
                                      • Opcode Fuzzy Hash: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                      • Instruction Fuzzy Hash: D101D4B750060C5BC2106B35EC81BAF73A8AFC4214F05051EF54F93241DA68B8088BA1
                                      APIs
                                      • GetFileAttributesExA.KERNEL32(?,00000000,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?), ref: 004CFE0F
                                        • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                      • GetFileAttributesExW.KERNEL32(00000000,00000000,?,?,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852), ref: 004CFDAF
                                      • GetFileAttributesExA.KERNEL32(00000000,00000000,?,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?,00000000), ref: 004CFDED
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: AttributesFile$Version
                                      • String ID: \\?\
                                      • API String ID: 3849939888-4282027825
                                      • Opcode ID: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                      • Instruction ID: f991edffad243b4bd670aca913d189ed867c40d808b57564552852d0b3f79ee3
                                      • Opcode Fuzzy Hash: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                      • Instruction Fuzzy Hash: 6431277A90031067D710AA65AC42FEB73995F85704F54042FF90687352EB6D9C0EC2EA
                                      APIs
                                      • EnterCriticalSection.KERNEL32(?,00000000,00000000), ref: 004FA67B
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004FA749
                                        • Part of subcall function 004F9B30: EnterCriticalSection.KERNEL32(?,00000000,?,004FA7A6,?,?,7734FFB0), ref: 004F9B35
                                        • Part of subcall function 004F9B30: LeaveCriticalSection.KERNEL32(?), ref: 004F9B84
                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000100,00000000,00000000,?), ref: 004FA715
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$EnterLeave$ByteCharMultiWide
                                      • String ID: FriendlyName
                                      • API String ID: 904232820-3623505368
                                      • Opcode ID: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                      • Instruction ID: 4f25218f4a75fa1caa45750efdb6ff353ea89136e06b91a5ad3ed6f7a0914714
                                      • Opcode Fuzzy Hash: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                      • Instruction Fuzzy Hash: 9A212A75244301AFD220EB54DC49F5BB7F8BF88714F008A1DFA899B290D774F8098BA6
                                      APIs
                                      • CreateCompatibleDC.GDI32(00000000), ref: 004CADB4
                                      • CreateDIBSection.GDI32(00000000,?,00000000,?,00000000,00000000), ref: 004CADC8
                                      • GetObjectA.GDI32(00000000,00000018,?), ref: 004CADD8
                                      • DeleteDC.GDI32(00000000), ref: 004CADFF
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: Create$CompatibleDeleteObjectSection
                                      • String ID:
                                      • API String ID: 3137390749-0
                                      • Opcode ID: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                      • Instruction ID: ec125f8efd539a004f5243cd975522e641b23088832de904e1665531ca55df12
                                      • Opcode Fuzzy Hash: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                      • Instruction Fuzzy Hash: 2981AFB56043458FC324CF29D484A67FBF1BF98314F148A6ED58A87712D334E989CBA6
                                      APIs
                                      • QueryPerformanceCounter.KERNEL32 ref: 0052AFF0
                                      • QueryPerformanceCounter.KERNEL32(?), ref: 0052B016
                                        • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C25F
                                        • Part of subcall function 0040C250: Sleep.KERNEL32(00000000,?,?,0052B390,?,004012F9,00000008), ref: 0040C272
                                        • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C279
                                      • InterlockedExchange.KERNEL32(?,00000000), ref: 0052B050
                                      • QueryPerformanceCounter.KERNEL32(?), ref: 0052B05B
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CounterExchangeInterlockedPerformanceQuery$Compare$Sleep
                                      • String ID:
                                      • API String ID: 188302963-0
                                      • Opcode ID: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                      • Instruction ID: 331ae7ec3883c6fb41667714d1c2397b805b788a0704fbfdebc2abdcd4384ec1
                                      • Opcode Fuzzy Hash: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                      • Instruction Fuzzy Hash: 19212A75604712ABC318DF65D884A9AF7E8BF89300F040A1DE85993780D734F918CBA2
                                      APIs
                                        • Part of subcall function 004E4850: waveInGetNumDevs.WINMM(defaultmicrophone,00000000,?,00000000,?,?,?,?,004E8459,?,?,?,?,?,?,?), ref: 004E489B
                                        • Part of subcall function 004E4C80: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C7E,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E4C8A
                                        • Part of subcall function 004E4C80: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E4CD7
                                        • Part of subcall function 004E3860: EnterCriticalSection.KERNEL32(?,00000000,?,004E5C91,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E3868
                                        • Part of subcall function 004E3860: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E388F
                                        • Part of subcall function 004E5B40: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C9B,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?), ref: 004E5B4C
                                        • Part of subcall function 004E5B40: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5B71
                                      • EnterCriticalSection.KERNEL32(00000004,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E5CA2
                                      • LeaveCriticalSection.KERNEL32(00000004,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5CB2
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$EnterLeave$Devswave
                                      • String ID: echosuppression$gain
                                      • API String ID: 967401230-1829011300
                                      • Opcode ID: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                      • Instruction ID: eec625d20ecc8ac728587d7ca18c0fda910ff7f544bd80cb39fcd025b5d808b6
                                      • Opcode Fuzzy Hash: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                      • Instruction Fuzzy Hash: 4C118E35700B449BC711EB67C9A1A2BB3B9BF8871AB15049EE5464B741CB24FC02CBA4
                                      APIs
                                        • Part of subcall function 0050B060: CreateEventA.KERNEL32(00000000,?,00000000,00000000,00000000,00509F02,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E), ref: 0050B06E
                                      • InitializeCriticalSection.KERNEL32(0000007C,00000001,00000001,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E,00549D98,?,?), ref: 00509F34
                                      • InitializeCriticalSection.KERNEL32(00000094,?,?,?,?,?,?,?,?,7734FFB0), ref: 00509F3D
                                      • InitializeCriticalSection.KERNEL32 ref: 00509F6E
                                      • SetEvent.KERNEL32 ref: 00509F74
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalInitializeSection$Event$Create
                                      • String ID:
                                      • API String ID: 662013055-0
                                      • Opcode ID: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                      • Instruction ID: a00b6d7b902e657a52a59b9571d5736a80dfe09fbfe7896e9036a1fe9281f1e6
                                      • Opcode Fuzzy Hash: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                      • Instruction Fuzzy Hash: 9B21C4B1540B049FE320DF6AD884A9BFBE8FF94704F00490EE1AA83661D7B1B405CB61
                                      APIs
                                      • GetSystemDirectoryA.KERNEL32(?,00000105), ref: 004D2AB9
                                      • CreateCompatibleDC.GDI32(00000000), ref: 004D2B3D
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CompatibleCreateDirectorySystem
                                      • String ID: Macromed\Flash\
                                      • API String ID: 2606042488-1438515271
                                      • Opcode ID: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                      • Instruction ID: 299e9cb63676f09c6c690dce7675c16131e739682a5e940449f79e26451de6f9
                                      • Opcode Fuzzy Hash: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                      • Instruction Fuzzy Hash: 8F118A711047016FC704EF21EC52AAF77E4BF98704F40491EF19943281DB78A908CFAA
                                      APIs
                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B22,00000001,000000FF), ref: 004F2BFE
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F2C88
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F2CCE
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F2CF1
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$Leave$Enter
                                      • String ID:
                                      • API String ID: 2978645861-0
                                      • Opcode ID: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                      • Instruction ID: d821757bbb06b5f881817bb4be3b83133dcd2ebdcf47b2e92145d0cebd45ebc1
                                      • Opcode Fuzzy Hash: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                      • Instruction Fuzzy Hash: D631D2762042854FD3248F29D898A3BBBF5EFD9351F19856EE696C7381C779D808C720
                                      APIs
                                      • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,004F7247,?), ref: 004F64C1
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F64E6
                                      • EnterCriticalSection.KERNEL32(?), ref: 004F64EC
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F6515
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$EnterLeave
                                      • String ID:
                                      • API String ID: 3168844106-0
                                      • Opcode ID: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                      • Instruction ID: c39e4b2d7a975ea5970b06f88a1f0ae82272a8bb6f48ad921d14b69448efe04b
                                      • Opcode Fuzzy Hash: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                      • Instruction Fuzzy Hash: FC0188352003485BC714EF24D880A77F3A9AF46258B19559DE5C657342CA39EC06CBA4
                                      APIs
                                      • EnterCriticalSection.KERNEL32(?), ref: 0040139D
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004013B3
                                      • EnterCriticalSection.KERNEL32(00000005), ref: 004013CA
                                      • LeaveCriticalSection.KERNEL32(00000005), ref: 004013D8
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2353833353.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.2353816231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2353927966.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354005146.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354352806.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354412490.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354466486.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354488159.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354505240.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354522351.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354542787.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354570860.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354587693.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354607635.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354638795.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2354659857.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$EnterLeave
                                      • String ID:
                                      • API String ID: 3168844106-0
                                      • Opcode ID: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                      • Instruction ID: 1dc668918495c93d19b35d2f921703afc781594381be1afc9f76799b5a6aac2f
                                      • Opcode Fuzzy Hash: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                      • Instruction Fuzzy Hash: 280112B620070AAFC310CF69D884946FBF8FFA8314B10C55AE95983711C771F956CBA0
                                      APIs
                                      • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 007D90C1
                                      • VirtualFree.KERNELBASE(00000000,00000000,?), ref: 007D926D
                                      Memory Dump Source
                                      • Source File: 00000003.00000003.2315855652.00000000007D9000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                      • Associated: 00000003.00000003.2319599509.00000000007A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_3_7a0000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: Virtual$AllocFree
                                      • String ID:
                                      • API String ID: 2087232378-0
                                      • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                      • Instruction ID: 0fc34a67d6a827dc0d7c73ac8cbc6399621bf70b2ed37733089f3a1ac3a5ace5
                                      • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                      • Instruction Fuzzy Hash: 3B717B71E0424AEFDB41CF98C985BEDBBF0BB09314F244096E565F7341D238AA91DB64
                                      APIs
                                      • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 007D9314
                                        • Part of subcall function 007D9098: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 007D90C1
                                        • Part of subcall function 007D9098: VirtualFree.KERNELBASE(00000000,00000000,?), ref: 007D926D
                                      • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 007D9366
                                      • VirtualProtect.KERNELBASE(0000002C,?,00000040,0000002C), ref: 007D93C0
                                      • VirtualFree.KERNELBASE(00000000,00000000,?), ref: 007D93F3
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000003.2315855652.00000000007D9000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                      • Associated: 00000003.00000003.2319599509.00000000007A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_3_7a0000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: Virtual$Alloc$Free$Protect
                                      • String ID: ,
                                      • API String ID: 1004437363-3772416878
                                      • Opcode ID: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                      • Instruction ID: ee00285b848096d9d149dff14d2196b619dd9fb5748accbcb1c1095e45e7ac29
                                      • Opcode Fuzzy Hash: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                      • Instruction Fuzzy Hash: A351E975900609EFCB20DFA9C885A9EBBF8FF08354F10851AFA59A7241D374E951CBA4
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000003.00000003.2319599509.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_3_7a0000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: __freea$__alloca_probe_16
                                      • String ID:
                                      • API String ID: 3509577899-0
                                      • Opcode ID: f7a03af1f28fe692d224fce8426d8e90eb535a2185ddb9f5c56a6e2cdb0b48ca
                                      • Instruction ID: 081cf3fe198209f33fe3a0b120c8ca826e5becfb798a419be24fc89da9dc40e2
                                      • Opcode Fuzzy Hash: f7a03af1f28fe692d224fce8426d8e90eb535a2185ddb9f5c56a6e2cdb0b48ca
                                      • Instruction Fuzzy Hash: 0251917270020AAAEB219FA0CC49FAB76BAEF84710F15112BFD0596351E778ED1086A0
                                      APIs
                                      • LCMapStringEx.KERNELBASE(?,007D0C92,?,?,-00000008,?,00000000,00000000,00000000,00000000,00000000), ref: 007D3D75
                                      Memory Dump Source
                                      • Source File: 00000003.00000003.2319599509.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_3_7a0000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: String
                                      • String ID:
                                      • API String ID: 2568140703-0
                                      • Opcode ID: 175506e9baa064e8de5336ff9f9c35cc612b60ef2b7bb8bbe571b4be71336b6e
                                      • Instruction ID: c3c72d564a4f20c8bea0f29fec32ed21c670867db13d8b38512067307f666f9c
                                      • Opcode Fuzzy Hash: 175506e9baa064e8de5336ff9f9c35cc612b60ef2b7bb8bbe571b4be71336b6e
                                      • Instruction Fuzzy Hash: 08F0683610025ABBCF125F90DC099DE3F26AB48360B058111BA1969220C73ACA31AFA1
                                      APIs
                                      • VirtualFree.KERNELBASE(?,00000000,?), ref: 007CBFCE
                                      Memory Dump Source
                                      • Source File: 00000003.00000003.2319599509.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_3_7a0000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: FreeVirtual
                                      • String ID:
                                      • API String ID: 1263568516-0
                                      • Opcode ID: 2b2b09fd54bcda281bc1361cc72eafe3c16d7000e3994f5a488a0eb69cbcd1b9
                                      • Instruction ID: 9dbe86c5b4215908777a3276febbbed1dde0bcd46da8c6c5dc297dcfcc1c5923
                                      • Opcode Fuzzy Hash: 2b2b09fd54bcda281bc1361cc72eafe3c16d7000e3994f5a488a0eb69cbcd1b9
                                      • Instruction Fuzzy Hash: 1631F371900209ABCB10CFA9D881FAEBBF8BF08704F10842DE955A7390D779A9458F94
                                      APIs
                                      • CloseHandle.KERNELBASE(00000000), ref: 007CBCC7
                                      Memory Dump Source
                                      • Source File: 00000003.00000003.2319599509.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_3_7a0000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CloseHandle
                                      • String ID:
                                      • API String ID: 2962429428-0
                                      • Opcode ID: 9ac12d75cf364b735dce5310dc04a39102ca413bb26d0aa9ec29b9aecec6e3ff
                                      • Instruction ID: 8cae220516fcf033456b5b081b1e20611534ce2899c4ed54bab4f52bb7db096b
                                      • Opcode Fuzzy Hash: 9ac12d75cf364b735dce5310dc04a39102ca413bb26d0aa9ec29b9aecec6e3ff
                                      • Instruction Fuzzy Hash: 61E0EDB6902662BBD3212B209D4AE7B732CEF95701B00842CFD10E6340DF28DC01C6B0
                                      APIs
                                      • GlobalAlloc.KERNEL32(00002002,00000002), ref: 004D9B06
                                      • GlobalLock.KERNEL32(00000000), ref: 004D9B17
                                      • GlobalUnlock.KERNEL32(00000000), ref: 004D9B28
                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,00000000,00000000), ref: 004D9B51
                                      • GlobalAlloc.KERNEL32(00002002,00000001), ref: 004D9B61
                                      • GlobalLock.KERNEL32(00000000), ref: 004D9B70
                                      • GlobalUnlock.KERNEL32(00000000), ref: 004D9B81
                                      • GlobalAlloc.KERNEL32(00002002,00000003,?,?,?,00000000,0040D599,00000000,00000000), ref: 004D9BB8
                                      • GlobalLock.KERNEL32(00000000), ref: 004D9BC5
                                      • GlobalUnlock.KERNEL32(00000000), ref: 004D9BDB
                                      • OpenClipboard.USER32(00000000), ref: 004D9BEB
                                      • EmptyClipboard.USER32 ref: 004D9BF5
                                      • SetClipboardData.USER32(0000000D,00000000), ref: 004D9C08
                                      • SetClipboardData.USER32(00000001,00000000), ref: 004D9C11
                                      • CloseClipboard.USER32 ref: 004D9C13
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: Global$Clipboard$AllocLockUnlock$Data$ByteCharCloseEmptyMultiOpenWide
                                      • String ID:
                                      • API String ID: 3392129136-0
                                      • Opcode ID: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                      • Instruction ID: e40826f6a6b6de4095afa5ba746f594757548e465f4129e7c784a6b23cc7d310
                                      • Opcode Fuzzy Hash: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                      • Instruction Fuzzy Hash: 7A41F371104302ABE3111B61BC99B277BFCAFA1B04F09041BF986D7341DA69EC09D7BA
                                      Memory Dump Source
                                      • Source File: 00000003.00000003.2319599509.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_3_7a0000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d226f714bff62ed29fbfbeeb9c07e0a6250ee3561ac2043c385ee9577c71bd29
                                      • Instruction ID: ca6b49ba8c948b0b2a1321171176cbff8534267d0d71147791947335bfaf874a
                                      • Opcode Fuzzy Hash: d226f714bff62ed29fbfbeeb9c07e0a6250ee3561ac2043c385ee9577c71bd29
                                      • Instruction Fuzzy Hash: BD516AB2A112059FEB19CF59D895BEABBF4FB48310F24806ED809EB250D3789D41CF50
                                      Memory Dump Source
                                      • Source File: 00000003.00000003.2315855652.00000000007D9000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                      • Associated: 00000003.00000003.2319599509.00000000007A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_3_7a0000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                      • Instruction ID: ef0fd70ec8bd2bfbf285bcc601704a758f7e28addf8dfbedece5c33eca63a78d
                                      • Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                      • Instruction Fuzzy Hash: 22F06275B00200EF8714DF0AC544C9577F6FB857147654596D5049B321D3B4FD44CB50
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: WSAAsyncGetHostByName$WSAAsyncSelect$WSACancelAsyncRequest$WSACleanup$WSAGetLastError$WSAStartup$WSOCK32.DLL$accept$bind$closesocket$connect$htonl$htons$inet_addr$listen$recv$recvfrom$send$sendto$socket
                                      • API String ID: 0-3677570488
                                      • Opcode ID: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                      • Instruction ID: 8c9ac86f1f98df4bb1f2f2f05f7a43d8bd4a8589446ea9a4d4fdb8b68f6288ad
                                      • Opcode Fuzzy Hash: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                      • Instruction Fuzzy Hash: 5031DE71D523646AD7206BB9EC19DEF3EACFBB6704B510517F000972A0EAF88458AF94
                                      APIs
                                      • EnterCriticalSection.KERNEL32 ref: 004F4A89
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F4AFB
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F4BF2
                                      • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F4CEA
                                      • LeaveCriticalSection.KERNEL32(?,?), ref: 004F4CFD
                                      • EnterCriticalSection.KERNEL32(?), ref: 004F4D17
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F4D1A
                                      • EnterCriticalSection.KERNEL32(?), ref: 004F4D36
                                      • EnterCriticalSection.KERNEL32(?), ref: 004F4D5D
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F4D66
                                      • EnterCriticalSection.KERNEL32(?), ref: 004F4D81
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F4D87
                                      • EnterCriticalSection.KERNEL32(?), ref: 004F4DB6
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F4DC0
                                      • EnterCriticalSection.KERNEL32(?), ref: 004F4E05
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F4E11
                                      • LeaveCriticalSection.KERNEL32(?,00000000), ref: 004F4E7D
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F4E9C
                                      • EnterCriticalSection.KERNEL32(?), ref: 004F4EB3
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F4ED9
                                      • EnterCriticalSection.KERNEL32(?), ref: 004F4EF4
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F4F06
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$Leave$Enter
                                      • String ID: NetStream.Play.Start$NetStream.Play.Stop$NetStream.Play.StreamNotFound$NetStream.Seek.InvalidTime$NetStream.Seek.Notify$error$status
                                      • API String ID: 2978645861-761530088
                                      • Opcode ID: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                      • Instruction ID: 162dc2aece2cb8deeda7270d3cf99ca9d96a23cce06d37320eaaf024755f17c1
                                      • Opcode Fuzzy Hash: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                      • Instruction Fuzzy Hash: C7E190352047459FD320DB34C845BABBBE1BF89714F04895DE9AA57382CB74F80ACB65
                                      APIs
                                      • DestroyWindow.USER32(?,?,?,?,?), ref: 004D5D5F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: DestroyWindow
                                      • String ID: D$FSCommand:$\fscommand$allowscale$exec$fullscreen$quit$showmenu$trapallkeys
                                      • API String ID: 3375834691-1928458085
                                      • Opcode ID: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                      • Instruction ID: 7647b0b3e504c4bbb0374484e0d8b702cf2a7569de5a553b4a60fd35f403e9ef
                                      • Opcode Fuzzy Hash: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                      • Instruction Fuzzy Hash: 27914C35504B015BCB24EF28EC617FBB791AFA6309F44451FE8888B341DB2A990BC7D9
                                      APIs
                                      • GetWindowLongA.USER32(?,000000F0), ref: 004DB511
                                      • GetWindowRect.USER32(?,?), ref: 004DB531
                                      • GetClientRect.USER32(?,?), ref: 004DB541
                                      • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB55D
                                      • GetMenu.USER32(?), ref: 004DB581
                                      • SetMenu.USER32(?,00000000), ref: 004DB596
                                      • GetDesktopWindow.USER32 ref: 004DB5B0
                                      • GetWindowRect.USER32(00000000,?), ref: 004DB5BC
                                      • SetWindowPos.USER32(?,00000000,?,?,?,?,00000000,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB5E1
                                      • GetWindowLongA.USER32(?,000000F0), ref: 004DB604
                                      • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB62A
                                      • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB66D
                                      • GetWindowRect.USER32(?,?), ref: 004DB6A5
                                      • GetClientRect.USER32(?,?), ref: 004DB6B7
                                      • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB702
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: Window$Rect$Long$ClientMenuMove$Desktop
                                      • String ID:
                                      • API String ID: 3087884050-0
                                      • Opcode ID: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                      • Instruction ID: afb7dc4107877f96dc9ff69242aee4b267e14dc018c2a581ac30f1de2d6509eb
                                      • Opcode Fuzzy Hash: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                      • Instruction Fuzzy Hash: 1C61F7756047009FE714CF79D888FA7B7E9EB98314F108A1EE5AA83344DE74B8088B65
                                      APIs
                                      • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFE8F
                                      • RegQueryValueExW.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFEC1
                                      • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFF52
                                      • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFF84
                                      • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFFF3
                                      • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004D0021
                                      • RegCloseKey.ADVAPI32(00000000), ref: 004D0043
                                        • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: OpenQueryValue$CloseVersion
                                      • String ID: AppData$AppData$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                      • API String ID: 3944000476-502054578
                                      • Opcode ID: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                      • Instruction ID: f72081d33d1e3e5e856db847e9c33e0e25e3821136d69a0383b26c3c547fa845
                                      • Opcode Fuzzy Hash: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                      • Instruction Fuzzy Hash: 0151B2715087017BC725DB50EC95FAB73E8AF88754F00891EF98553381EAB9D80AC7AA
                                      APIs
                                      • EnterCriticalSection.KERNEL32(?,?,00000000,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F606E
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F608D
                                      • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6111
                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F611B
                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F612B
                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6135
                                        • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                        • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                        • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                        • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                        • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                        • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                      • EnterCriticalSection.KERNEL32(?,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F61D1
                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6212
                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F621C
                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6244
                                      • EnterCriticalSection.KERNEL32(?,00000001,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6268
                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62A9
                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62B3
                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62DB
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$EnterLeave
                                      • String ID:
                                      • API String ID: 3168844106-0
                                      • Opcode ID: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                      • Instruction ID: 143f1fb28292c6c8f5848ec82d72cb0c1768edffe3cb57bca7300ec5568bca4f
                                      • Opcode Fuzzy Hash: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                      • Instruction Fuzzy Hash: 2AA1113020430E8BC725DF349854BBBBBB9AF94304F15056EFA5687382DB79E809CB65
                                      APIs
                                      • StartDocA.GDI32(?,00000000), ref: 004D7F29
                                      • GetDeviceCaps.GDI32(?,00000008), ref: 004D7F47
                                      • GetDeviceCaps.GDI32(?,0000000A), ref: 004D7F55
                                      • LPtoDP.GDI32(00000000,00000002), ref: 004D7F83
                                      • GetDeviceCaps.GDI32(00000000,0000006E), ref: 004D7FA0
                                      • GetDeviceCaps.GDI32(00000000,0000006F), ref: 004D7FAE
                                      • GetDeviceCaps.GDI32(00000000,00000058), ref: 004D7FBC
                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004D7FD2
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CapsDevice$Start
                                      • String ID: portrait
                                      • API String ID: 1738886688-2504013051
                                      • Opcode ID: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                      • Instruction ID: 78bfa520cedcb1c13f518f393ea8421dc938ea51f70754ce75912898c89e0c82
                                      • Opcode Fuzzy Hash: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                      • Instruction Fuzzy Hash: 7641DFB0604B109FC324DF2AD980A1AFBF5BF98710F108A1EE58A877A1D771E845CF91
                                      APIs
                                      • EnterCriticalSection.KERNEL32(?,00000000,?,00000000,00000000,?,004AC0BD,?,?), ref: 004F705A
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F7081
                                      • EnterCriticalSection.KERNEL32(?), ref: 004F709A
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F70A3
                                      • timeGetTime.WINMM(00000000,00000000,00000000,00000000,?), ref: 004F7390
                                      • LeaveCriticalSection.KERNEL32(?,?), ref: 004F73D5
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$Leave$Enter$Timetime
                                      • String ID:
                                      • API String ID: 4022644143-0
                                      • Opcode ID: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                      • Instruction ID: 3d57daaa4b40982c2e4bbac1192c2a7fdd3e5fb289d79a2cbb097eeb1d58369f
                                      • Opcode Fuzzy Hash: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                      • Instruction Fuzzy Hash: 60A12B303083495BC7259F398890BBBBBE59F85700F04456EFA9AC7392DB6CE905D768
                                      APIs
                                      • EnterCriticalSection.KERNEL32(?,?,?,00000000,004F7352,?), ref: 004F2A19
                                      • timeGetTime.WINMM ref: 004F2A25
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F2A39
                                      • timeGetTime.WINMM(?), ref: 004F2A46
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F2AD7
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$LeaveTimetime$Enter
                                      • String ID: NetStream.Buffer.Empty$NetStream.Buffer.Full$status
                                      • API String ID: 2943255653-4242577526
                                      • Opcode ID: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                      • Instruction ID: adfbc573f46a5ae42de3eb127535f59d6c3a8125dfae6686c248f3bcdabba04f
                                      • Opcode Fuzzy Hash: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                      • Instruction Fuzzy Hash: 33217471740705ABD7308F14DD86B6BB7A4FB50B21F24462BF267966D0C7B4B8408754
                                      APIs
                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B64,00000002), ref: 004F3ED0
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F3EDE
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F3F20
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$Leave$Enter
                                      • String ID:
                                      • API String ID: 2978645861-0
                                      • Opcode ID: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                      • Instruction ID: 85195bc957575009e4a7604c5a43e45099f91f30af12cfc7e5b33174ac27f883
                                      • Opcode Fuzzy Hash: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                      • Instruction Fuzzy Hash: BF81C0316047494FC724DF39989057BB7F1AF853117148A2FE6A787B81DB38E805CB68
                                      APIs
                                      • EnterCriticalSection.KERNEL32(?), ref: 00401181
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004011B1
                                      • timeGetTime.WINMM ref: 004011C5
                                      • timeGetTime.WINMM ref: 004011D5
                                      • EnterCriticalSection.KERNEL32(?), ref: 004011E3
                                      • LeaveCriticalSection.KERNEL32(?), ref: 0040122A
                                      • timeGetTime.WINMM ref: 0040123E
                                      • EnterCriticalSection.KERNEL32(?), ref: 00401261
                                      • LeaveCriticalSection.KERNEL32(?), ref: 0040129E
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$EnterLeaveTimetime
                                      • String ID:
                                      • API String ID: 3486229058-0
                                      • Opcode ID: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                      • Instruction ID: b4a63a4f06c8fcffd2d454e61e85ed039b73bf68413dd997414ba6e559c29426
                                      • Opcode Fuzzy Hash: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                      • Instruction Fuzzy Hash: 6641D6357003148FCB309F60E80466BB7F4AF6575470486AEE896BB3E1DB38EC459AA5
                                      APIs
                                      • InterlockedExchange.KERNEL32(00000020,00000000), ref: 00411B68
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: ExchangeInterlocked
                                      • String ID: GET$_bytesLoaded$_bytesTotal$_customHeaders$contentType$loaded
                                      • API String ID: 367298776-2876428247
                                      • Opcode ID: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                      • Instruction ID: 337a073203a489cf9af6a636d5e82807fd5ac3b12a53b57697a6972a4ae57270
                                      • Opcode Fuzzy Hash: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                      • Instruction Fuzzy Hash: F6D126706047056BC714EF65D842AABB7E5BF88304F404A2EFA4687392EB38F945C799
                                      APIs
                                      • type_info::operator==.LIBVCRUNTIME ref: 007CE960
                                      • ___TypeMatch.LIBVCRUNTIME ref: 007CEA6E
                                      • _UnwindNestedFrames.LIBCMT ref: 007CEBC0
                                      • CallUnexpected.LIBVCRUNTIME ref: 007CEBDB
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000003.2319599509.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_3_7a0000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                      • String ID: csm$csm$csm
                                      • API String ID: 2751267872-393685449
                                      • Opcode ID: b9ab95a4e47fab344a6e7ab70ab3b70abf1309b41cdc95eee017af9d9d86d884
                                      • Instruction ID: 80a19a395c9a15051bf72db8e440a3931cb9153654a270fcd77bb47acce935fb
                                      • Opcode Fuzzy Hash: b9ab95a4e47fab344a6e7ab70ab3b70abf1309b41cdc95eee017af9d9d86d884
                                      • Instruction Fuzzy Hash: 2FB11871800209EFCF29DFA4C885EAEBBB5BF14310F14456EE8156B212D779EE51CB92
                                      APIs
                                      • EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,004F5BA3,00000000), ref: 004F34EA
                                      • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3537
                                      • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3545
                                      • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3556
                                      • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F355F
                                      • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3594
                                      • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F359D
                                      • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36AD
                                      • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36BB
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$Enter$Leave
                                      • String ID:
                                      • API String ID: 2801635615-0
                                      • Opcode ID: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                      • Instruction ID: 93c01fc31a9ee7373f9c1d93048bf40271cec5808ab28bfcb2eca2428eaae834
                                      • Opcode Fuzzy Hash: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                      • Instruction Fuzzy Hash: 1F51BE3020474A9BD7249F319558BBBBBF8AF84742F04485EE5DEC3361DB28EA08C724
                                      APIs
                                      • EnterCriticalSection.KERNEL32(?,?,?,?), ref: 004F3709
                                      • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F374C
                                      • LeaveCriticalSection.KERNEL32(?,?), ref: 004F375C
                                      • EnterCriticalSection.KERNEL32(?), ref: 004F376D
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F377A
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F37A9
                                      • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F37C5
                                      • LeaveCriticalSection.KERNEL32(?,?), ref: 004F37D5
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F37EC
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$Leave$Enter
                                      • String ID:
                                      • API String ID: 2978645861-0
                                      • Opcode ID: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                      • Instruction ID: 1822ab8b2bc00c4b335a7296647f06df4fe24da2c1cedc303b1505dbbb5a7089
                                      • Opcode Fuzzy Hash: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                      • Instruction Fuzzy Hash: 2831D1B11087894BC610AF35A9807EBFBF8BF89714F04499DE5E953251C734AA1DC726
                                      APIs
                                      • _ValidateLocalCookies.LIBCMT ref: 007CD977
                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 007CD97F
                                      • _ValidateLocalCookies.LIBCMT ref: 007CDA08
                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 007CDA33
                                      • _ValidateLocalCookies.LIBCMT ref: 007CDA88
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000003.2319599509.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_3_7a0000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                      • String ID: csm
                                      • API String ID: 1170836740-1018135373
                                      • Opcode ID: 2566e749357cb0ba2efa1a1b021d70087ff1bea505c1d32106b274d3e2014b22
                                      • Instruction ID: 73b477d21b9d6c7fbad3c11516e8685cf2d8cd7839a9f3f5ee876fcc05aaaf28
                                      • Opcode Fuzzy Hash: 2566e749357cb0ba2efa1a1b021d70087ff1bea505c1d32106b274d3e2014b22
                                      • Instruction Fuzzy Hash: 3F416F34A00209DBCF20DF68C885F9EBBB5EF45324F14816DE819AB392D739AD15CB91
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: localhost
                                      • API String ID: 0-2663516195
                                      • Opcode ID: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                      • Instruction ID: cf482c115b2fa46a5b5609c5aae3d134ea41c2cdeafd480f3feffcf81808ee73
                                      • Opcode Fuzzy Hash: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                      • Instruction Fuzzy Hash: 9131ED30208311ABDB20DF249C85BBBB7E5FF95710F004A1EF9559B381E7719948C7A6
                                      APIs
                                      • timeGetTime.WINMM(00000000), ref: 004145E1
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: Timetime
                                      • String ID: gfff$gfff$gfff$gfff
                                      • API String ID: 17336451-2178600047
                                      • Opcode ID: 36ada0748ce7ae867fc8d0b968c8e92e83edef51ded80e37bf17f681d92f4674
                                      • Instruction ID: e32ce3efbecf0e845fb5c017bd6949167df468d5a0ad1b28c98723774e94ba96
                                      • Opcode Fuzzy Hash: 36ada0748ce7ae867fc8d0b968c8e92e83edef51ded80e37bf17f681d92f4674
                                      • Instruction Fuzzy Hash: 79C17E313046059BD718DF15C494BEA77A6BFC8704F18856EE8498F382CB79ED42CB9A
                                      APIs
                                      • timeKillEvent.WINMM(?,?,?,00000000,?,0041D4A9), ref: 004D8B13
                                      • Sleep.KERNEL32(00000001,?,0041D4A9), ref: 004D8B2D
                                      • waveOutReset.WINMM(?,?,0041D4A9), ref: 004D8B34
                                      • waveOutUnprepareHeader.WINMM(?,-000013C4,00000020,?,?,0041D4A9), ref: 004D8B5A
                                      • Sleep.KERNEL32(00000001,?,?,0041D4A9), ref: 004D8B63
                                      • waveOutClose.WINMM(?,?,0041D4A9), ref: 004D8B86
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: wave$Sleep$CloseEventHeaderKillResetUnpreparetime
                                      • String ID:
                                      • API String ID: 3030913982-0
                                      • Opcode ID: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                      • Instruction ID: 723e303dfaa0e6e3e16fcc3d7d301ea8209cd941138754b25ec6b12d62c8e06b
                                      • Opcode Fuzzy Hash: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                      • Instruction Fuzzy Hash: 0401ADB5A00214ABC3149F14EC88AAEB7F8FB98B11F00091BF41497301CB79A9598BF5
                                      APIs
                                      • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000,?,?,?,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF94E
                                      • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,-00000001,00000000,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF99D
                                      • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000), ref: 004CF9BF
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CreateFile
                                      • String ID: \\?\
                                      • API String ID: 823142352-4282027825
                                      • Opcode ID: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                      • Instruction ID: d900b4c61e2357813c95f9d4093febd61d3ae0210469f6574eac6d9984f09979
                                      • Opcode Fuzzy Hash: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                      • Instruction Fuzzy Hash: A141C2B5904300BBEB50EB21DC86F1B77A9EB89348F24092EF54597381D63DDC48C7A6
                                      APIs
                                      • EnterCriticalSection.KERNEL32(?,00000000,?,?,004DDFDB,000000FF,00000001,004DE7BA), ref: 004DD6FC
                                      • EnterCriticalSection.KERNEL32(?), ref: 004DD71E
                                        • Part of subcall function 004FA760: EnterCriticalSection.KERNEL32(?,?,00000000,0015381C,?,004DD732), ref: 004FA76A
                                        • Part of subcall function 004FA760: LeaveCriticalSection.KERNEL32(?), ref: 004FA77A
                                        • Part of subcall function 004DC9A0: EnterCriticalSection.KERNEL32 ref: 004DCA0C
                                        • Part of subcall function 004DC9A0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?), ref: 004DCA1D
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004DD741
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004DD744
                                      • EnterCriticalSection.KERNEL32(?), ref: 004DD74C
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004DD771
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004DD774
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$Leave$Enter
                                      • String ID:
                                      • API String ID: 2978645861-0
                                      • Opcode ID: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                      • Instruction ID: 32add75de912499d63db8df7e296ef1919b4cd71e3024a8d459c2c8f380e6b48
                                      • Opcode Fuzzy Hash: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                      • Instruction Fuzzy Hash: 59012975302A155FD324EB2ADC90B6BE3F9AF91354F00842FE546C3750CB64FC058AA9
                                      APIs
                                      • CreateWindowExA.USER32(00000000,STATIC,Dummy,80000000,00000000,00000000,00000005,00000005,00000000,00000000,00000000,00000000), ref: 004D866B
                                      • SetWindowLongA.USER32(00000000,000000EB,00000000), ref: 004D8683
                                      • SetWindowLongA.USER32(?,000000FC,004D8520), ref: 004D8690
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: Window$Long$Create
                                      • String ID: Dummy$STATIC
                                      • API String ID: 1733017098-132613206
                                      • Opcode ID: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                      • Instruction ID: 60c9263fdfddd51d1a46959990d996e43c4a0f9c9599785539e6d357df671051
                                      • Opcode Fuzzy Hash: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                      • Instruction Fuzzy Hash: 35F0303138471076E630A66ABC06F57B6EC9B59F31F21071AB319F76E0DAE0F8004A2C
                                      APIs
                                      • EnterCriticalSection.KERNEL32(?,00000010,?,00000000,00000000,004EF87C,?,?,004AC02B,?,?), ref: 004F5A80
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F5A8A
                                      • EnterCriticalSection.KERNEL32(?), ref: 004F5B2E
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F5B3D
                                      • EnterCriticalSection.KERNEL32(?,00000002), ref: 004F5B78
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F5B8A
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$EnterLeave
                                      • String ID:
                                      • API String ID: 3168844106-0
                                      • Opcode ID: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                      • Instruction ID: 42192e3c7faa4449eaa7148df56c5331408008ed83f87a65c0d534a8c29348b8
                                      • Opcode Fuzzy Hash: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                      • Instruction Fuzzy Hash: EE41B634300B0D5BD7259F319894BBB77A9AF80704F08415EEB6A8B392DB18FC15D768
                                      APIs
                                      • timeGetTime.WINMM(?,?,?,?,?,?), ref: 004F274C
                                      • EnterCriticalSection.KERNEL32(?,00000000,?,?,?), ref: 004F277D
                                      • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 004F2787
                                      • timeGetTime.WINMM(?,?), ref: 004F2792
                                      • timeGetTime.WINMM(?,?,?,?,?), ref: 004F27C6
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: Timetime$CriticalSection$EnterLeave
                                      • String ID:
                                      • API String ID: 1404962471-0
                                      • Opcode ID: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                      • Instruction ID: 9d8894fa7cd5c1a3a8d1574b016894ebc4e8e1121a62fd2c9071eafdbb47ea2c
                                      • Opcode Fuzzy Hash: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                      • Instruction Fuzzy Hash: B531BC35208B049BC314DF25E9956ABB7F1FFC9720F148A2DE4EA83390DB34A419CB56
                                      APIs
                                      • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 00529421
                                      • Sleep.KERNEL32(00000000,?,08000041,?,?,00529592,?,?), ref: 00529431
                                      • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 0052943A
                                      • InterlockedExchange.KERNEL32(00000378,00000000), ref: 0052944F
                                      • __aulldiv.LIBCMT ref: 0052947B
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: ExchangeInterlocked$Compare$Sleep__aulldiv
                                      • String ID:
                                      • API String ID: 1430435781-0
                                      • Opcode ID: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                      • Instruction ID: c7c6432b147b16162d76303af8a74e071e756cb34c164aed74e4a8b1f06fd785
                                      • Opcode Fuzzy Hash: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                      • Instruction Fuzzy Hash: 9C215AB15007409FD7219F2A9844A67FEFCFFA1705F10851FA45A873A1D7B4A904CB64
                                      APIs
                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                      • EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$EnterLeave
                                      • String ID:
                                      • API String ID: 3168844106-0
                                      • Opcode ID: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                      • Instruction ID: 3111dceef54b192a201187cebb12310cd19e01e5115420dd7c98ed3fae01612e
                                      • Opcode Fuzzy Hash: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                      • Instruction Fuzzy Hash: 2921A73520174A4BD710AF66E888BFFB7B8EB60305F00852FEB4643251C779A84ADB64
                                      APIs
                                      • CreateSolidBrush.GDI32(?), ref: 004D802E
                                      • SelectObject.GDI32(?,00000000), ref: 004D8044
                                      • FillRect.USER32(?,?,00000000), ref: 004D8067
                                      • SelectObject.GDI32(?,00000000), ref: 004D8075
                                      • DeleteObject.GDI32(00000000), ref: 004D8078
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: Object$Select$BrushCreateDeleteFillRectSolid
                                      • String ID:
                                      • API String ID: 3777265051-0
                                      • Opcode ID: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                      • Instruction ID: d8a686452ba02d7e488f009474b8275e6b936404318e954abf19810798465268
                                      • Opcode Fuzzy Hash: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                      • Instruction Fuzzy Hash: 76019A752042046FC304DB69ED88C6B7BF8EACD614B000A5DFA8983312E635E806DB71
                                      APIs
                                      • EnterCriticalSection.KERNEL32(?,?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E468C
                                      • LeaveCriticalSection.KERNEL32(?,0041D485), ref: 004E46A2
                                      • DeleteCriticalSection.KERNEL32(?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D0
                                      • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D9
                                      • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46E6
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$Delete$EnterLeave
                                      • String ID:
                                      • API String ID: 3104255891-0
                                      • Opcode ID: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                      • Instruction ID: c031ed0988ac34fb64eb35ca7992c3622ed3d26c78e5592643255ae209dbdd49
                                      • Opcode Fuzzy Hash: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                      • Instruction Fuzzy Hash: D101D4B750060C5BC2106B35EC81BAF73A8AFC4214F05051EF54F93241DA68B8088BA1
                                      APIs
                                      • OpenClipboard.USER32(00000000), ref: 004D9C27
                                      • GetClipboardData.USER32(00000001), ref: 004D9C3A
                                      • GetClipboardData.USER32(0000000D), ref: 004D9C42
                                      • GetClipboardData.USER32(00000000), ref: 004D9C4B
                                      • CloseClipboard.USER32 ref: 004D9C56
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: Clipboard$Data$CloseOpen
                                      • String ID:
                                      • API String ID: 464010812-0
                                      • Opcode ID: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                      • Instruction ID: 2f18cbc0f6c8a3dbd26954e8439ab7c802a903eab365c315afdcc22c9d276e9e
                                      • Opcode Fuzzy Hash: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                      • Instruction Fuzzy Hash: 41E09AB230022517EB9026BA6C4CF97A2EC9F54F90F050123F604C6340E6A6CC0457B1
                                      APIs
                                      • GetFileAttributesExA.KERNEL32(?,00000000,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?), ref: 004CFE0F
                                        • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                      • GetFileAttributesExW.KERNEL32(00000000,00000000,?,?,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852), ref: 004CFDAF
                                      • GetFileAttributesExA.KERNEL32(00000000,00000000,?,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?,00000000), ref: 004CFDED
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: AttributesFile$Version
                                      • String ID: \\?\
                                      • API String ID: 3849939888-4282027825
                                      • Opcode ID: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                      • Instruction ID: f991edffad243b4bd670aca913d189ed867c40d808b57564552852d0b3f79ee3
                                      • Opcode Fuzzy Hash: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                      • Instruction Fuzzy Hash: 6431277A90031067D710AA65AC42FEB73995F85704F54042FF90687352EB6D9C0EC2EA
                                      APIs
                                      • EnterCriticalSection.KERNEL32(?,00000000,00000000), ref: 004FA67B
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004FA749
                                        • Part of subcall function 004F9B30: EnterCriticalSection.KERNEL32(?,00000000,?,004FA7A6,?,?,00153804), ref: 004F9B35
                                        • Part of subcall function 004F9B30: LeaveCriticalSection.KERNEL32(?), ref: 004F9B84
                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000100,00000000,00000000,?), ref: 004FA715
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$EnterLeave$ByteCharMultiWide
                                      • String ID: FriendlyName
                                      • API String ID: 904232820-3623505368
                                      • Opcode ID: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                      • Instruction ID: 4f25218f4a75fa1caa45750efdb6ff353ea89136e06b91a5ad3ed6f7a0914714
                                      • Opcode Fuzzy Hash: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                      • Instruction Fuzzy Hash: 9A212A75244301AFD220EB54DC49F5BB7F8BF88714F008A1DFA899B290D774F8098BA6
                                      APIs
                                      • CreateCompatibleDC.GDI32(00000000), ref: 004CADB4
                                      • CreateDIBSection.GDI32(00000000,?,00000000,?,00000000,00000000), ref: 004CADC8
                                      • GetObjectA.GDI32(00000000,00000018,?), ref: 004CADD8
                                      • DeleteDC.GDI32(00000000), ref: 004CADFF
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: Create$CompatibleDeleteObjectSection
                                      • String ID:
                                      • API String ID: 3137390749-0
                                      • Opcode ID: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                      • Instruction ID: ec125f8efd539a004f5243cd975522e641b23088832de904e1665531ca55df12
                                      • Opcode Fuzzy Hash: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                      • Instruction Fuzzy Hash: 2981AFB56043458FC324CF29D484A67FBF1BF98314F148A6ED58A87712D334E989CBA6
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000003.00000003.2319599509.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_3_7a0000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: AdjustPointer
                                      • String ID:
                                      • API String ID: 1740715915-0
                                      • Opcode ID: 4af2649a06a45dc76cd1df25169af1e6e16b6486a0d55f5c75e7710ced2ff155
                                      • Instruction ID: a93507f7373f89f0ff85a9b63645c339ff2de69c3e895bea3d106dbd0d861884
                                      • Opcode Fuzzy Hash: 4af2649a06a45dc76cd1df25169af1e6e16b6486a0d55f5c75e7710ced2ff155
                                      • Instruction Fuzzy Hash: 54510072601206EFDB298F14D985FBAB7A4FF54310F24452DEC069B2A1E779EC81DB90
                                      APIs
                                      • QueryPerformanceCounter.KERNEL32 ref: 0052AFF0
                                      • QueryPerformanceCounter.KERNEL32(?), ref: 0052B016
                                        • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C25F
                                        • Part of subcall function 0040C250: Sleep.KERNEL32(00000000,?,?,0052B390,?,004012F9,00000008), ref: 0040C272
                                        • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C279
                                      • InterlockedExchange.KERNEL32(?,00000000), ref: 0052B050
                                      • QueryPerformanceCounter.KERNEL32(?), ref: 0052B05B
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CounterExchangeInterlockedPerformanceQuery$Compare$Sleep
                                      • String ID:
                                      • API String ID: 188302963-0
                                      • Opcode ID: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                      • Instruction ID: 331ae7ec3883c6fb41667714d1c2397b805b788a0704fbfdebc2abdcd4384ec1
                                      • Opcode Fuzzy Hash: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                      • Instruction Fuzzy Hash: 19212A75604712ABC318DF65D884A9AF7E8BF89300F040A1DE85993780D734F918CBA2
                                      APIs
                                        • Part of subcall function 004E4850: waveInGetNumDevs.WINMM(defaultmicrophone,00000000,?,00000000,?,?,?,?,004E8459,?,?,?,?,?,?,?), ref: 004E489B
                                        • Part of subcall function 004E4C80: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C7E,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E4C8A
                                        • Part of subcall function 004E4C80: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E4CD7
                                        • Part of subcall function 004E3860: EnterCriticalSection.KERNEL32(?,00000000,?,004E5C91,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E3868
                                        • Part of subcall function 004E3860: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E388F
                                        • Part of subcall function 004E5B40: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C9B,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?), ref: 004E5B4C
                                        • Part of subcall function 004E5B40: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5B71
                                      • EnterCriticalSection.KERNEL32(00000004,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E5CA2
                                      • LeaveCriticalSection.KERNEL32(00000004,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5CB2
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$EnterLeave$Devswave
                                      • String ID: echosuppression$gain
                                      • API String ID: 967401230-1829011300
                                      • Opcode ID: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                      • Instruction ID: eec625d20ecc8ac728587d7ca18c0fda910ff7f544bd80cb39fcd025b5d808b6
                                      • Opcode Fuzzy Hash: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                      • Instruction Fuzzy Hash: 4C118E35700B449BC711EB67C9A1A2BB3B9BF8871AB15049EE5464B741CB24FC02CBA4
                                      APIs
                                        • Part of subcall function 0050B060: CreateEventA.KERNEL32(00000000,?,00000000,00000000,00000000,00509F02,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E), ref: 0050B06E
                                      • InitializeCriticalSection.KERNEL32(0000007C,00000001,00000001,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E,00549D98,?,?), ref: 00509F34
                                      • InitializeCriticalSection.KERNEL32(00000094,?,?,?,?,?,?,?,?,00153804), ref: 00509F3D
                                      • InitializeCriticalSection.KERNEL32 ref: 00509F6E
                                      • SetEvent.KERNEL32 ref: 00509F74
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalInitializeSection$Event$Create
                                      • String ID:
                                      • API String ID: 662013055-0
                                      • Opcode ID: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                      • Instruction ID: a00b6d7b902e657a52a59b9571d5736a80dfe09fbfe7896e9036a1fe9281f1e6
                                      • Opcode Fuzzy Hash: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                      • Instruction Fuzzy Hash: 9B21C4B1540B049FE320DF6AD884A9BFBE8FF94704F00490EE1AA83661D7B1B405CB61
                                      APIs
                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 007CDEAD
                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 007CDEC6
                                      Memory Dump Source
                                      • Source File: 00000003.00000003.2319599509.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_3_7a0000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: Value___vcrt_
                                      • String ID:
                                      • API String ID: 1426506684-0
                                      • Opcode ID: 5af91477f3fab8113df9f3b3bb695d5f487baed0130933ada832e6682755f51f
                                      • Instruction ID: 7a2976c3ed494013c0fe826b26b4fe6f248fde75f1add784ab675c13f6859036
                                      • Opcode Fuzzy Hash: 5af91477f3fab8113df9f3b3bb695d5f487baed0130933ada832e6682755f51f
                                      • Instruction Fuzzy Hash: 8401D83210A3519EA7343774BC89FA627A8FF557B5B24023EF525491E1EF294C12A250
                                      APIs
                                      • GetSystemDirectoryA.KERNEL32(?,00000105), ref: 004D2AB9
                                      • CreateCompatibleDC.GDI32(00000000), ref: 004D2B3D
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CompatibleCreateDirectorySystem
                                      • String ID: Macromed\Flash\
                                      • API String ID: 2606042488-1438515271
                                      • Opcode ID: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                      • Instruction ID: 299e9cb63676f09c6c690dce7675c16131e739682a5e940449f79e26451de6f9
                                      • Opcode Fuzzy Hash: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                      • Instruction Fuzzy Hash: 8F118A711047016FC704EF21EC52AAF77E4BF98704F40491EF19943281DB78A908CFAA
                                      APIs
                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B22,00000001,000000FF), ref: 004F2BFE
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F2C88
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F2CCE
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F2CF1
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$Leave$Enter
                                      • String ID:
                                      • API String ID: 2978645861-0
                                      • Opcode ID: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                      • Instruction ID: d821757bbb06b5f881817bb4be3b83133dcd2ebdcf47b2e92145d0cebd45ebc1
                                      • Opcode Fuzzy Hash: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                      • Instruction Fuzzy Hash: D631D2762042854FD3248F29D898A3BBBF5EFD9351F19856EE696C7381C779D808C720
                                      APIs
                                      • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,004F7247,?), ref: 004F64C1
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F64E6
                                      • EnterCriticalSection.KERNEL32(?), ref: 004F64EC
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004F6515
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$EnterLeave
                                      • String ID:
                                      • API String ID: 3168844106-0
                                      • Opcode ID: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                      • Instruction ID: c39e4b2d7a975ea5970b06f88a1f0ae82272a8bb6f48ad921d14b69448efe04b
                                      • Opcode Fuzzy Hash: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                      • Instruction Fuzzy Hash: FC0188352003485BC714EF24D880A77F3A9AF46258B19559DE5C657342CA39EC06CBA4
                                      APIs
                                      • EnterCriticalSection.KERNEL32(?), ref: 0040139D
                                      • LeaveCriticalSection.KERNEL32(?), ref: 004013B3
                                      • EnterCriticalSection.KERNEL32(00000005), ref: 004013CA
                                      • LeaveCriticalSection.KERNEL32(00000005), ref: 004013D8
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2324223694.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000003.00000002.2324172421.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324439196.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324477504.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2324574036.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_400000_LJqzegzQl0.jbxd
                                      Similarity
                                      • API ID: CriticalSection$EnterLeave
                                      • String ID:
                                      • API String ID: 3168844106-0
                                      • Opcode ID: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                      • Instruction ID: 1dc668918495c93d19b35d2f921703afc781594381be1afc9f76799b5a6aac2f
                                      • Opcode Fuzzy Hash: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                      • Instruction Fuzzy Hash: 280112B620070AAFC310CF69D884946FBF8FFA8314B10C55AE95983711C771F956CBA0
                                      APIs
                                      • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 02950326
                                        • Part of subcall function 029500A4: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 029500CD
                                        • Part of subcall function 029500A4: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 02950279
                                      • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 02950378
                                      • VirtualProtect.KERNELBASE(0000002C,?,00000040,?), ref: 029503E7
                                      • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 02950407
                                      • MapViewOfFile.KERNELBASE(?,00000004,00000000,00000000,00000000), ref: 0295042E
                                      • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 02950456
                                      • CloseHandle.KERNELBASE(?), ref: 02950471
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000004.00000003.2319956879.0000000002950000.00000040.00000001.00020000.00000000.sdmp, Offset: 02950000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_4_3_2950000_svchost.jbxd
                                      Similarity
                                      • API ID: Virtual$Alloc$Free$CloseFileHandleProtectView
                                      • String ID: ,
                                      • API String ID: 3867569247-3772416878
                                      • Opcode ID: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                      • Instruction ID: 499d472c89f4bb242d76050a6c877be8fc2e98a989d60c9b201abb0e212f07ce
                                      • Opcode Fuzzy Hash: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                      • Instruction Fuzzy Hash: 18610CB5A00219EFDB20DFA5C984AEEBBB9FF48354F14851AE959A7240D730E941CF60
                                      APIs
                                      • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 029500CD
                                      • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 02950279
                                      Memory Dump Source
                                      • Source File: 00000004.00000003.2319956879.0000000002950000.00000040.00000001.00020000.00000000.sdmp, Offset: 02950000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_4_3_2950000_svchost.jbxd
                                      Similarity
                                      • API ID: Virtual$AllocFree
                                      • String ID:
                                      • API String ID: 2087232378-0
                                      • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                      • Instruction ID: 8a9484f833ca277b986954f91aee86c24dddc18c916418ce73232dc01186df90
                                      • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                      • Instruction Fuzzy Hash: C7717871A0425ADFDB41CF98C981BEDBBF0AF09314F284495E8A5FB241C734AA91CF65

                                      Execution Graph

                                      Execution Coverage:33.4%
                                      Dynamic/Decrypted Code Coverage:100%
                                      Signature Coverage:83.3%
                                      Total number of Nodes:24
                                      Total number of Limit Nodes:0
                                      execution_graph 415 20cbbfa1cf4 417 20cbbfa1d19 415->417 416 20cbbfa1fa1 417->416 426 20cbbfa15c0 417->426 419 20cbbfa1f98 CloseHandle 419->416 420 20cbbfa1f88 NtAcceptConnectPort 420->419 421 20cbbfa1e3a 421->419 421->420 425 20cbbfa1ecd 421->425 429 20cbbfa0ac8 421->429 435 20cbbfa1aa4 NtAcceptConnectPort 425->435 428 20cbbfa15f4 NtAcceptConnectPort 426->428 428->421 430 20cbbfa0c62 429->430 431 20cbbfa0ae8 429->431 430->425 431->430 432 20cbbfa0be8 NtAcceptConnectPort 431->432 432->430 433 20cbbfa0c1b 432->433 433->430 434 20cbbfa0c33 NtAcceptConnectPort 433->434 434->430 436 20cbbfa1af7 435->436 437 20cbbfa1c04 435->437 441 20cbbfa1870 436->441 437->420 439 20cbbfa1b10 440 20cbbfa1bb6 NtAcceptConnectPort 439->440 440->437 443 20cbbfa1889 441->443 442 20cbbfa1949 442->439 443->442 444 20cbbfa1930 GetProcessMitigationPolicy 443->444 444->442

                                      Callgraph

                                      Control-flow Graph

                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000008.00000002.2523566609.0000020CBBFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000020CBBFA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_8_2_20cbbfa0000_fontdrvhost.jbxd
                                      Similarity
                                      • API ID: AcceptCloseConnectHandlePort
                                      • String ID:
                                      • API String ID: 3811980168-0
                                      • Opcode ID: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                      • Instruction ID: 825e43dbff78b9a1331bf04e5e20ac94fa08817f3716f058ee9d791c58dc6877
                                      • Opcode Fuzzy Hash: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                      • Instruction Fuzzy Hash: AC91D274508B088FDB68EB5CC8867F573F1FB89314F25475EE48BC3296EA74A9428781

                                      Control-flow Graph

                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000008.00000002.2523566609.0000020CBBFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000020CBBFA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_8_2_20cbbfa0000_fontdrvhost.jbxd
                                      Similarity
                                      • API ID: AcceptConnectPort
                                      • String ID:
                                      • API String ID: 1658770261-0
                                      • Opcode ID: 275693e7d66e5d53f7e2184dfa7c88ce453f9d9d0d3e8ba4525500231a394657
                                      • Instruction ID: cbbe7b11b3373728c9f756bf0681f3b125e562ebc2113dff432e42508631a4bd
                                      • Opcode Fuzzy Hash: 275693e7d66e5d53f7e2184dfa7c88ce453f9d9d0d3e8ba4525500231a394657
                                      • Instruction Fuzzy Hash: 2F512438918A250EE32DA77C989A678B7F5FB82309F34165EE0F3C51D3E964C5468682

                                      Control-flow Graph

                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000008.00000002.2523566609.0000020CBBFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000020CBBFA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_8_2_20cbbfa0000_fontdrvhost.jbxd
                                      Similarity
                                      • API ID: AcceptConnectPort$MitigationPolicyProcess
                                      • String ID:
                                      • API String ID: 2923266908-0
                                      • Opcode ID: e7c877b781110a0d6e647df344fb2e40eb660a4b7f668a210715c22aed20397b
                                      • Instruction ID: 960e91aaec1c0512b3122fd05d3ef0be11092f4dd0d5dfc46fdf672de8b658b6
                                      • Opcode Fuzzy Hash: e7c877b781110a0d6e647df344fb2e40eb660a4b7f668a210715c22aed20397b
                                      • Instruction Fuzzy Hash: 3E410370208B488FDB48DF2C9C897A57BE0EB55320F14439EE85ACB2D7DA74C9498795

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 118 20cbbfa15c0-20cbbfa15f2 119 20cbbfa15f4-20cbbfa15f7 118->119 120 20cbbfa15f9-20cbbfa15fb 118->120 121 20cbbfa161f-20cbbfa166d NtAcceptConnectPort 119->121 122 20cbbfa160b-20cbbfa160d 120->122 123 20cbbfa15fd-20cbbfa1609 120->123 124 20cbbfa160f-20cbbfa161b 122->124 125 20cbbfa161d 122->125 123->121 124->121 125->121
                                      APIs
                                      • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,00000000,0000020CBBFA1E3A), ref: 0000020CBBFA1654
                                      Memory Dump Source
                                      • Source File: 00000008.00000002.2523566609.0000020CBBFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000020CBBFA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_8_2_20cbbfa0000_fontdrvhost.jbxd
                                      Similarity
                                      • API ID: AcceptConnectPort
                                      • String ID:
                                      • API String ID: 1658770261-0
                                      • Opcode ID: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                      • Instruction ID: 2fc77605408d92569f9bd62b73d3750729c4b7e3284d6c4660cdd4d278b93180
                                      • Opcode Fuzzy Hash: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                      • Instruction Fuzzy Hash: E0216F71508B088FEB58DF5CC88AA6AB7F1FB69309F140A2EE44AC7361DB30D584CB41

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 95 20cbbfa1870-20cbbfa18a0 call 20cbbfa08a4 * 2 100 20cbbfa18a6-20cbbfa18a9 95->100 101 20cbbfa1954-20cbbfa195b 95->101 100->101 102 20cbbfa18af-20cbbfa18b9 100->102 102->101 103 20cbbfa18bf-20cbbfa18c4 102->103 103->101 104 20cbbfa18ca-20cbbfa18d7 103->104 104->101 105 20cbbfa18d9-20cbbfa18e1 104->105 105->101 106 20cbbfa18e3-20cbbfa18ee 105->106 106->101 107 20cbbfa18f0-20cbbfa18f7 106->107 107->101 108 20cbbfa18f9-20cbbfa18fc 107->108 108->101 109 20cbbfa18fe-20cbbfa1906 108->109 109->101 110 20cbbfa1908-20cbbfa190b 109->110 110->101 111 20cbbfa190d-20cbbfa1916 110->111 111->101 112 20cbbfa1918-20cbbfa191c 111->112 112->101 113 20cbbfa191e-20cbbfa192e 112->113 113->101 115 20cbbfa1930-20cbbfa1947 GetProcessMitigationPolicy 113->115 115->101 116 20cbbfa1949-20cbbfa194e 115->116 116->101 117 20cbbfa1950-20cbbfa1951 116->117 117->101
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000008.00000002.2523566609.0000020CBBFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000020CBBFA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_8_2_20cbbfa0000_fontdrvhost.jbxd
                                      Similarity
                                      • API ID: MitigationPolicyProcess
                                      • String ID:
                                      • API String ID: 1088084561-0
                                      • Opcode ID: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                      • Instruction ID: 1802e7067586fb9f514e2e3eea2b119b8249fb978cc175cce766799946e953a1
                                      • Opcode Fuzzy Hash: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                      • Instruction Fuzzy Hash: 35318874150B0B4AEBAD97AC8CD97F173F8EB99328F2502B9C015D71D2EAA5C64DC640
                                      Memory Dump Source
                                      • Source File: 00000008.00000002.2523566609.0000020CBBFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000020CBBFA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_8_2_20cbbfa0000_fontdrvhost.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                      • Instruction ID: 1684949b0e2b346c4f6e13502068689c61c9b2d028cdf62c4328b71d82623ec0
                                      • Opcode Fuzzy Hash: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                      • Instruction Fuzzy Hash: CFB01130E2AA00C2E3880E0AB8023A0F2B2C30B300F02B2322002F3220CA28CC08028F